Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook's New Chief Security Officer Wants To Set a Date To Kill Flash

Posted by samzenpus on from the burn-it-with-fire dept.

An anonymous reader writes: Facebook's new chief security officer, Alex Stamos, has stated publicly that he wants to see Adobe end Flash. This weekend Stamos tweeted: "It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day. Even if 18 months from now, one set date is the only way to disentangle the dependencies and upgrade the whole ecosystem at once."

10 of 283 comments (clear)

  1. Why? by Fwipp · · Score: 1, Interesting

    Why on earth would Adobe want to kill flash?

    1. Re:Why? by Anonymous Coward · · Score: 2, Interesting

      So they can stop getting mentioned every time a security vulnerability is exposed?

      Then shouldn't Oracle end Java?

  2. HTML5 is more broken than Flash by Anonymous Coward · · Score: 2, Interesting

    HTML5 doesn't even work half the time because the browser implementation is off by one.

  3. Take his own advice by bug1 · · Score: 4, Interesting

    How about facebook just stop using flash and switch to html5 like youtube has.
    Or do i need to put my tinfoil hat on and speculate why certain influential groups might want a large proportion of the internet dependent on a binary only browser plugin.
    (yes yes in theory there is open source flash plugins, but nobody uses it because its mostly broken).

  4. Flash is like IE 6 by Billly+Gates · · Score: 4, Interesting

    So many processes have dependancies that are so ingrained in corporate apps it will be impossible to get rid of. We still use IE 6 at work and even xp eol couldn't kill it due to 2 must have apps which are impossible to ever replace. Our training only works with ancient insecure flash 11 at work due to a 10 year old version of premier which created our slides. Lock the browser out of flash and we will stick with obsolete version

    --
    http://saveie6.com/
  5. Do your part nerds! by trawg · · Score: 4, Interesting

    Uninstall Flash. Just stop using it. Encourage your friends to do the same.

    I uninstalled it a couple months ago. I no longer have to worry about updating it or being exposed to the vast amount of vulnerabilities - it should be clear to everyone by now that it is a /major/ vector for infection.

    Only a few times have I hit content that still requires Flash - usually sites that have an old Flash video player. Most big sites or sites using modern players happily support HTML5 video. Those that don't I can live without. (Bonus: far less irritating animated ads. For now.)

    But make sure you provide feedback to sites that still have Flash - let them know you can't use the site properly. Fortunately - largely thanks to Apple's refusal to allow Flash in iOS - there are fewer and fewer of these today.

  6. Re:Ad formats by fred911 · · Score: 3, Interesting

    Even if flash is "officially" killed, Google will still index it. Pages dependent upon Flash for their main content will take a quality hit (actually they already are), hence a rank loss

      Android doesn't support it, and if you cant render content for that platform, well you just lose the ability to meet the needs of the user (or a major percentage of them).

    --
    09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
  7. Re:NPAPI vs. PPAPI by peppepz · · Score: 4, Interesting

    But flash Player for NPAPI is alive and well on Windows.

  8. Re:People go to museums to see dinosaurs by peppepz · · Score: 4, Interesting

    It would be nice if Mozilla completed their project of a javascript-based interpreter for flash. It would be the same thing that they’ve done for PDF. The overlap between flash and javascript + HTML5 is complete so it should be viable, and as a bonus SWFs would run under the same security sandbox as javascript.

  9. Obligatory Devil's Advocate by Waccoon · · Score: 4, Interesting

    Replace the word "Flash" with any other plugin or technology that geeks don't like. Will it still be okay if we go out of our way to kill it and make sure nobody can use it? Replace "Adobe" with "Free Software Foundation". Is that better? How about we talk about the Unity3D plugin? That's a plugin, too, just like Adobe PDF and Java, so that means it's bad. It's easy to pick on Flash and I can't say I really like the plugin, but when organizations with a large amount of industry influence start talking about killbits, that makes me really nervous.

    I'd have no problem with Facebook urging other web sites to stop using Flash, especially if they're willing to support development of an alternative. When they talk about actively killing things for the good of the community, that's going too far. This starts leaning to the direction that it's okay to execute prisoners because nobody likes them.

    Sometimes I'm really disturbed by the will of the community. I'm already pissed enough that I can't run certain Java applets anymore because the great Oracle says I'd hurt myself if I tried. Heaven forbid they give me a warning and I make up my own mind. As for grandma's computer, I could just configure the web browser to not use Java or install any other plugin.