back to article Flash... Nu-uh! Tech folk champing at the bit to switch off life support

When Adobe this week announced its intention to kill Flash by 2020, a cheer went up among techies everywhere – not least of which were the browser-makers, who seemed pleased to hasten its death on the web. But others, including Flash game devs and some in the sciences, seem less ready to suit up and deal with the fallout. …

  1. Your alien overlord - fear me

    So scientists would prefer to use a buggy unsecure medium to gather what is probably (scientifically) important data rather than sped a few hours rewriting it (and probably improving the user interface and such like). Don't these guys have under graduates for this kind of work?

    1. Anonymous Coward
      Anonymous Coward

      "sped a few hours rewriting it "

      You can learn a new programming language in just a few hours, and then you know how to use it securely? Impressive.

      Or maybe, you think those people just have plenty of free time to spend on that?

      1. I ain't Spartacus Gold badge
        Devil

        It's easy. I've just finished my new crypto-currency software after lunch, having learned javascript this morning. What could possibly go wrong?

      2. Bob Dole (tm)
        FAIL

        " .. and then you know how to use it securely?"

        You seem to be under the impression that they used flash securely to begin with.

        1. Anonymous Coward
          Anonymous Coward

          'that they used flash securely to begin with'

          With Flash, the main issue was the run-time security, not the applications'. The application needs to be written purposely to exploit the run-time vulnerabilities. So the problem is having the run-time installed. I don't believe researchers will create attacks by chance....

    2. Anonymous Coward
      Facepalm

      Sure, web applications coded in Javascript by undergraduates will be invulnerable....

      1. CrazyOldCatMan Silver badge

        Sure, web applications coded in Javascript by undergraduates will be invulnerable....

        But, but - they used node.js[1]. Surely, that'll be secure!

        [1] IMHO - the offspring of VB6 and Flash..

    3. Oh Homer
      Paris Hilton

      Re: "So scientists..."

      I find it rather disturbing that scientists, of all people, apparently find progress to be a "nuisance".

      Aren't they the very people who should be forging on regardless?

      Yes, everyone has a budget. Tesla had one, so did Edison, and Darwin and Einstein and da Vinci. Imagine if they'd all said; "You know, this business of 'changing stuff' is such a damned nuisance. If anyone dares to change even another single spec of dust on this planet, I shall rip up my quarterly budget statement and go back to living in a cave and worshipping stuffed animals".

      What sort of person, scientist or otherwise, makes absolutely no contingency for the inevitability of change?

  2. Doctor Syntax Silver badge

    If only the Beeb would stop using Flash on www.bbc.co.uk/weather I think I'd be able to ditch it completely.

    1. Tigra 07

      RE: Doctor Syntax

      That sounds more difficult than going to Google and searching for "UK weather".

    2. Don Dumb
      WTF?

      @Doctor Syntax - "If only the Beeb would stop using Flash on www.bbc.co.uk/weather"

      Ummmm, it seems to work fine for me (with no flash installed), alternatively there is always the Met Office site.

      1. Doctor Syntax Silver badge

        "alternatively there is always the Met Office site."

        And its demand to enable a stupid number of javascript sites. This is supposed to be better?

        1. Flocke Kroes Silver badge

          Met office / javascript

          The Met Office Mobile site works fine without javascript.

        2. Don Dumb
          Stop

          @Doctor Syntax - "And its demand to enable a stupid number of javascript sites."

          Despite what webmasters think, it is not a *demand*, it is a *request*, to use those javascript sites and yet the pages work just fine without them (or simply only allowing the specific metoffice ones). Is that not your approach to all sites?

      2. CrazyOldCatMan Silver badge

        Ummmm, it seems to work fine for me (with no flash installed)

        Likewise. Even on my (Flash-free) Mac and my (flash-free) Android handset.

        I suspect they use Flash if it's installed and fall back to more secure methods if it isn't.

  3. Stevie

    Bah!

    "I'll now need to recode or retire some of my earlier Flash studies that are still collecting data," he added."

    Well don't use java, 'cos that plugin was tossed out last update by those nice people at Firefox.

    There's a fix, but good luck getting your user base to sign up for doing it.

    1. I ain't Spartacus Gold badge

      Re: Bah!

      Good. I think Java in the browser was even more exploited than Flash at one point. Which was pretty stiff competition...

      1. patrickstar

        Re: Bah!

        I'd make an educated guess that since 2010 or so infections via Java outnumber Flash by at least an order of magnitude, even though Java in the form of applets in the browser is pretty much dead by now so Flash has had some time to catch up.

        The reason being that the Java bugs were logical errors in the applet sandbox. Once you're out of the sandbox, you have full access to do anything to the computer.

        100% reliable and even cross-platform.

        Flash has nothing similar - the browser Flash Player simply doesn't have any APIs to do stuff to the underlying OS (like write files to disk arbitrarily and execute them). Flash bugs are, without exception, memory corruption and thus tend to be difficult to exploit reliably.

  4. I ain't Spartacus Gold badge
    Happy

    Simple solution

    Surely this has an easy solution.

    The academics have limited time and budget to replace it. But I'm sure the tech industry can find a way to easily provide them with compensation.

    Adobe simply need to buy a small plot of land. Perhaps one on every continent? Then they place a grave and headstone saying "here lies the body of Flash died 2020 - much missed by malware writers the world over". Then all they need to do is bury some sort of piezo-electric doodad in the ground, and they'll generate megawatts of power from all the techies coming to dance on Flash's grave.

    Pipe power to universities, they get the budget that would have been spent on that for Flash replacement, techies get fitter without having to pay for gym memberships... Everyone's a winner!

    1. quxinot
      Joke

      Re: Simple solution

      The problem with this simple solution is likely to be the same problem with the current software.

      Or were you infering that Adobe could get someone competent to do the implementation of the celebratory power generation?

      I'd be terrified of megawatts of power being run through a dozen tatty power cables comprising more patch than cable. :)

  5. wolfetone Silver badge

    I wonder how much of the problems with Flash would be solved if it was open sourced?

    1. I ain't Spartacus Gold badge
      Happy

      Then the malware writers would have access to the code too. Could the open source community patch the new vulnerabilities fast enough? It could be like trying to fill a bucket faster than the water can pour out of the holes.

      Anyway, what if everyone pointed and laughed? Or it turned out the code was written in crayon, by an infinite number of monkeys?

      1. 2Nick3

        "Anyway, what if everyone pointed and laughed? Or it turned out the code was written in crayon, by an infinite number of monkeys?"

        I think a lot of people would say "I KNEW it!"

      2. CrazyOldCatMan Silver badge

        It could be like trying to fill a bucket faster than the water can pour out of the holes.

        To cross-pollinate threads - this sounds like an apt description of Brexit..

    2. storner
      Boffin

      https://www.gnu.org/software/gnash/

      1. patrickstar

        Gnash only implements a (very) small fraction of Flash. In web browser parlance it'd be like comparing Netscape 2 to a modern browser.

    3. dmacleo

      http://gizmodo.com/adobe-flash-fans-want-a-chance-to-fix-its-one-million-b-1797284544

      honestly would not mind seeing this even if I seldom use it. lot of older stuff can't (from what I understand, could be wrong) be ported over so worth a shot. if it fails in no worse shape then present really.

    4. Random Handle

      >I wonder how much of the problems with Flash would be solved if it was open sourced?

      Most of the problems can be solved using openfl to target html5+ or native - slightly more complex to build for non-devs but the bulk of code would be re-usable and stimuli etc identical for replication. A good (honest) dev will be charging in hours and days not weeks - in-house will find it a fairly painless leap and be back on their day jobs in no time.

    5. Kevin McMurtrie Silver badge

      Open source Flash

      Is JavaScript. It does almost everything you need to do in a browser. Hopefully the death of Flash can result in some JS language changes to support reliable performance. Right now authors must consult lists of what arbitrary features of the day may accidentally de-optimize on each browser.

    6. stephanh

      concerning magic pixie open-source dust (lack thereof)

      "I wonder how much of the problems with Flash would be solved if it was open sourced?"

      Would you like to work on a bug-riddled and probably poorly documented and tested legacy code base for free?

      Open-sourcing Flash could work if there were a bunch of companies would would consider it in their enlightened self-interest for Flash to continue existing, and would be willing to pay developers to work on the code base.

      But I don't see any such white knights on the horizon. Google, Apple and Microsoft have clearly already made their choice for HTML5.

  6. Anonymous Coward
    Anonymous Coward

    Virtual Learning Environments are going to suffer

    I would have thought academia was more concerned about flash based material in moodle / blackboard

  7. Joe Gurman

    Cry me a river, whingeing academics

    Th university community the world over is noted for its less than serious approach to IT security. Adobe has been courteous enough to give the unis a couple of years in which to get their act together, change grant proposals, address staffing, and the like. Yes, it will cost more in the short run. But compared to the impact of massive malware infestations (and Flash has to be considered the most successful one to date), not so large an investment.

    1. The First Dave

      Re: Cry me a river, whingeing academics

      And even then, just 'cos Adobe stop updating it doesn't mean it will suddenly stop working for any kit that you already have; labs kitted out with banks of PCs will still work for as long as the hardware remains viable.

  8. nijam Silver badge

    Given its notorious insecurity, we could decide that putting flash on a website is implicitly an attempt to hack visitor's computers.

  9. Anonymous Coward
    Anonymous Coward

    Flash point

    Flash was destined to die, if you haven't already worked out your escape strategy, you are a fucking numpty.

    1. Nunyabiznes

      Re: Flash point

      OR, you could be the "computer janitors" that are told what technology they will be implementing by the numpties wearing suits. In the last year we've had 3 more "enterprise" applications foisted on us that use Java and/or Flash. The one that only uses Java broke when Java updated to 1.8.141 - rollback to 131 and block Java updates for a subset of the domain computers, yay! At least the 2 that use Flash won't work unless Flash is on the latest update.

      We are stuck with several Flash and Java dependent legacy apps also and the powers that be refuse to spend the cash to transition to something else - if there is even a competing product that doesn't use Flash/Java which isn't always the case.

      1. Anonymous Coward
        Anonymous Coward

        Re: Flash point

        "We are stuck with several Flash and Java dependent legacy apps also and the powers that be refuse to spend the cash to transition to something else - if there is even a competing product that doesn't use Flash/Java which isn't always the case."

        Hundreds of companies will be like this and use Flash for the next decades, and be open for all exploits !

        Just make sure you're not into security.

  10. davenewman

    Flash started as a tool for interactive games and presentations

    But then people used it to stream videos.

    Those wanting to get rid of Flash have forgotten its origins, the things it was good at from the beginning.

  11. Mage Silver badge
    FAIL

    Flash isn't just video

    It includes actionscript, (a little like javascript). The ONLY way to run programs (by others or your self) on some older gadgets, is to write an actionscript program, It need not have any animation or video. It could be that's what some of these projects use.

    Such a program will run in a web page and was HUGELY more secure (and cross platform) than the alternative at the time, Active X.

    The idea of ActionScript and Flash (unlike Active X in a browser) isn't evil, the problem has been Adobe's crap implementation. Also the problem of newer versions being incompatible with older browsers on TVs, Setboxes, Personal Media Players etc that can't be updated (the problem of closed source and monolithic usually non-existent upgrades for a gadget less than a year from launch, contravenes SOGA, should be 2 to 6 support depending on product).

    So problem is more Adobe than the concept of flash and ActionScript.

    1. Anonymous Coward
      Anonymous Coward

      Re: Flash isn't just video

      Except Adobe didn't really 'Implement' it. They got it when they bought Macromedia and all it's products like Dreamweaver etc. Macromedia Flash, Dreamweaver and the rest of the suite were pretty good tools, but hey, that was all before Web2.0

  12. IGnatius T Foobar

    Are you listening, VMware?

    Are you listening, VMware? That "web" client you have, which is written in Flash and is an inferior experience to the ancient Windoze-based client, needs to be overhauled and replaced with something usable.

    1. stephanh

      Re: Are you listening, VMware?

      No worries, they are working hard on porting it to Silverlight.

  13. Flocke Kroes Silver badge

    Aren't all the flash based psychological studies invalid anyway?

    They exclude everyone with a clue about security from the sample.

    1. stephanh

      Re: Aren't all the flash based psychological studies invalid anyway?

      "They exclude everyone with a clue about security from the sample."

      That's such a vanishingly small portion of the population that it does not make the studies invalid. They are invalid for completely different reasons.

  14. Tristan Young

    Flash is dead to me

    All our home systems have been flash free for the last couple of years. All new systems I'm building are flash-free. By flash-free, I'm referring to not installing flash AND not using Microsoft's Edge browser with pre-installed flash. They are better for it, a little bit safer, less vulnerable. Reducing attack vectors while improving reliability is important.

    Surely someone will come out with a flash emulator to help scientists. We shouldn't need the flash plugin installed in billions of machines in order to be able to interact with a flash script. If I can play Moon Patrol and Joust over at the Internet Archives, surely I can also play a flash script the same way.

    The demise of flash has been slow in coming, and predictable, lots of time to come up with a game plan.

    I had an issue over the last few days where a work machine being used for shipping was thrown into a refresh loop on account of Adobe flashplayer, couldn't log in or do anything. FedEx has a stupid flash ad banner on their front page and something went wrong - clearing the cache and resetting things wouldn't solve the problem. I ended up circumventing this bug by installing an ad blocker and blocking the flash element. I won't miss flashplayer one bit. Good riddance to yet-another example of Adobe's terrible coding.

    1. Wulfhaven

      Re: Flash is dead to me

      Oh, a javascript/WebAssembly flash implementation that is served up by the server to the client... That'd be something to behold. :D And I wouldn't put it beyond the realm of possibility either.

  15. Captain Scarlet
    Pint

    Home Star Runner

    Although Flash has been a train wreck in the past 10 years sites such as Home Star Runner wouldn't have been possible without it. Back then it made websites on a 56k fully interactive at that stage was amazing.

  16. DropBear

    Make no mistake, the only way we're ever getting rid of Flash is by forcing web developers / webmasters to stop relying on it in their websites - because nobody using it can ever be persuaded to fucking STOP using it and use something else: it seems the inertia of flash devs is effectively infinite for all practical purposes. Disabling it in your own browser is only ever going to be a partial solution for as long as it isn't effectively outlawed there always will be a non-negligible number of sites that you just need to use that simply don't work without it and refuse to change. So yeah, saying that I'm exceedingly happy those recalcitrant lazy fuckers will finally get officially booted off the web for good soon unless they move on is the understatement of the century. Actually, I'm mildly curious to see how the zillion giant flash-game collection sites will handle this...

  17. This Side Up

    OK, so you get rid of Flash

    from the browser. I won't mourn its passing. But what do you do about all the sites that contain flash and don't get updated but do continue to be hosted?

  18. hayzoos

    I once crossed paths with a Macromedia "higher up" whilst in San Francisco. He sat next to me at a hotel bar, ordered his drink, then proceeded to count out coins to pay. Since I was ready for my next drink I told the bartender to put it on my tab so I wouldn't have to wait an eternity. That's when he introduced himself. I decided not to let on that I was into computers twenty years or so. I could see why Flash ended up the way it did after his talk. It wasn't bad per se. It just was conceived before Internet security needed to be designed in from the beginning. Adobe just made sure it got as bad as it did.

  19. razorfishsl
  20. rskurat

    You've clearly never been an academic scientist. We recently had to phase out Friday evening pizza because $60 per week was too much money. In some departments the Chair will pick up this expense, given that they're making well into the six figures. Our chair is rarely seen, and his career (i.e., personal hype) is more important than the department he governs as an absentee landlord.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like