Slashdot Mirror
Facebook's New Chief Security Officer Wants To Set a Date To Kill Flash
An anonymous reader writes: Facebook's new chief security officer, Alex Stamos, has stated publicly that he wants to see Adobe end Flash. This weekend Stamos tweeted: "It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day. Even if 18 months from now, one set date is the only way to disentangle the dependencies and upgrade the whole ecosystem at once."
Can you set an EOL date in the past? Maybe by a decade, give or take a bit? If causality doesn't currently permit that, we should look into patching this functionality into reality as a special case.
So they can stop getting mentioned every time a security vulnerability is exposed?
Use the same date to turn off Facebook too?
So Facebook wants to decide what will work on the Internet now? I thought that was Googles job.
Seems as good a time as any.
It is not going to happen. Way too many companies rely on Flash and Flex applications, written by programmers that are long gone. If the browser vendors try to force this, people will just stick with the old browsers that still work, and it will be just like IE6 all over again.
How about facebook just stop using flash and switch to html5 like youtube has.
Or do i need to put my tinfoil hat on and speculate why certain influential groups might want a large proportion of the internet dependent on a binary only browser plugin.
(yes yes in theory there is open source flash plugins, but nobody uses it because its mostly broken).
If you're not using HTML5 by now, you're a fucking dinosaur.
Just as people go to museums to see fossils of dinosaurs, people go to Newgrounds, Albino Blacksheep, Dagobah, Homestar Runner, Weebl's Stuff, and the like to view vector animations in SWF format. What would you suggest to convert existing SWF vector animations to HTML5 format or to create new vector animations in HTML5 format?
Hell, VMware just released vsphere 6 a few months ago and it requires flash, it will be under support until 2020/2022 .
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
> If you're not using HTML5 by now, you're a fucking dinosaur.
Using HTML5 is not the same as killing flash. The entire multi-billion dollar programmatic advertising industry uses (predominantly) flash for waterfalling/timeouts/buffering and RTB interactions. See the IAB (which still mentions silverlight alongside javascript) which sets standards, about killing flash, then you might see change.
Often wrong but never in doubt.
I am Jack9.
Everyone knows me.
So many processes have dependancies that are so ingrained in corporate apps it will be impossible to get rid of. We still use IE 6 at work and even xp eol couldn't kill it due to 2 must have apps which are impossible to ever replace. Our training only works with ancient insecure flash 11 at work due to a 10 year old version of premier which created our slides. Lock the browser out of flash and we will stick with obsolete version
http://saveie6.com/
See the IAB (which still mentions silverlight alongside javascript) which sets standards, about killing flash, then you might see change.
"I just browse the site on my tablet; it's almost like using Adblock." Would that get the IAB's attention?
Uninstall Flash. Just stop using it. Encourage your friends to do the same.
I uninstalled it a couple months ago. I no longer have to worry about updating it or being exposed to the vast amount of vulnerabilities - it should be clear to everyone by now that it is a /major/ vector for infection.
Only a few times have I hit content that still requires Flash - usually sites that have an old Flash video player. Most big sites or sites using modern players happily support HTML5 video. Those that don't I can live without. (Bonus: far less irritating animated ads. For now.)
But make sure you provide feedback to sites that still have Flash - let them know you can't use the site properly. Fortunately - largely thanks to Apple's refusal to allow Flash in iOS - there are fewer and fewer of these today.
Flash is a diseased animal in pain, it needs to be put out of its misery. It is going to die on its own, Adobe may as well save a little face and do Flash and the world a kindness by euthanizing it.
Too many internet pages rely on Flash for video and advertisements... and,as much as we hate them, advertisements means money...
I'm not saying that progress isn't being made. Youtube dropped Flash this year and is now using HTML5 as the default for video, but that doesn't fix legacy videos.
http://www.theverge.com/2015/1...
My thought is that Flash will be around for another 3 to 5 years. The quoted "18 months" is just wishful thinking....
Is Professor Zoom the Facebook CSO now? I can't keep up with all the retcons.
Despite flash being a scourge, it would be better for the internet to pick a day to kill off facebook.
Even if flash is "officially" killed, Google will still index it. Pages dependent upon Flash for their main content will take a quality hit (actually they already are), hence a rank loss
Android doesn't support it, and if you cant render content for that platform, well you just lose the ability to meet the needs of the user (or a major percentage of them).
09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
Adobe is a strong believer in "There's no such thing as bad publicity."
Sleep your way to a whiter smile...date a dentist!
One of the (in my opinion) major aspects should not be forgotten: As long as porn sites like youporn rely on flash, flash will not die.
A lot of the content (like Homestar Runner and Weebl's Stuff) is also available via their official YouTube channels. You lose all the interactivity, though.
Rendering the video to pixels and compressing it with H.264 or VP8 bloats files by a factor of ten in my tests. The era of dial-up is mostly over, but the era of monthly quotas and pay-per-bit last miles is still very much with us.
That is a pretty sad indictment on the state of vsphere.
But flash Player for NPAPI is alive and well on Windows.
Replace the word "Flash" with any other plugin or technology that geeks don't like. Will it still be okay if we go out of our way to kill it and make sure nobody can use it? Replace "Adobe" with "Free Software Foundation". Is that better? How about we talk about the Unity3D plugin? That's a plugin, too, just like Adobe PDF and Java, so that means it's bad. It's easy to pick on Flash and I can't say I really like the plugin, but when organizations with a large amount of industry influence start talking about killbits, that makes me really nervous.
I'd have no problem with Facebook urging other web sites to stop using Flash, especially if they're willing to support development of an alternative. When they talk about actively killing things for the good of the community, that's going too far. This starts leaning to the direction that it's okay to execute prisoners because nobody likes them.
Sometimes I'm really disturbed by the will of the community. I'm already pissed enough that I can't run certain Java applets anymore because the great Oracle says I'd hurt myself if I tried. Heaven forbid they give me a warning and I make up my own mind. As for grandma's computer, I could just configure the web browser to not use Java or install any other plugin.
That's better than VMWare 5.5, which required it's own NPAPI plugin, which barely worked with an old version of Chrome on Linux, and doesn't work with any distro you can just spin up. As a cross-platform management solution, it was dead before it was born.
Worse is Chinese no-name security DVRs that are still being deployed, that require an activex plugin.
but what will you use then to play happy wheels?
look, all this talk about "bad corporations do intentional obsoleting of software to sell new software" and then *bam* start asking for them to make tens of thousands of games unplayable.
nice, real nice.
yes kill date implies that you wouldn't be able to _use_ it at all after the date, which would actually work as an incentive to not update to any such version that has a kill date. kill date would also mean no further security fixes.
putting a date on it would be stupid for everyone involved. adobe can just(and pretty much has) quit developing new features for it, thus driving people to other things.
world was created 5 seconds before this post as it is.
Interactive Advertising Bureau. Who'd've thought there could be such a thing?
Il n'y a pas de Planet B.
Yep. Chrome is the only way to get modern Flash under Linux. The old NPAPI plugin is stuck at version 11.2 and only gets security updates. The PPAPI plugin is already at version 18.0.
Spotted the flash 'developer'
We should set a date to end Facebook. Even if 18 months from now, one set date is the only way to disentangle the dependencies and upgrade the whole social networking ecosystem at once.
I'm so glad there's a move afoot to kill Flash, in which a few well-connected standards goonies who are not satisfied with the rollout for HTML5 think that no campaign to capture hearts and minds is complete without some form of digital strip mining, in which major portions of the Internet heritage are blocked by "newer, better" software and rendered dark, obsolete and broken overnight. It's just like a seat belt law,right? It's all about protecting Joe Sixpack from driving drunk on the web. And the big important players like Facebook have naught but our precious safety as a motive. /SARC
I hated Flash for its abuses and excesses at first, but I have grown fond of the things it has become useful for, and does well. Here is a low level instruction set of instruction and vector graphic primitives that has been used to accomplish amazing feats. Even self-contained and offline feats. Things that will never make it to HTML5 without a serious ride in the newer is better and bigger and much slower (though our processors are faster and memory is bigger so we pretend that it's faster and smaller) bloat-mobile. /NOTSARC
Remember when the Whole Damned World was ready for a GIF-killer? And PNG was one little tiny step away from doing so? The png image format was so ready to dominate the world, and we were maybe a few open source developer weekends away from having a GIFlike format with comparable non-encumbered LZW compression, and (as promised) simple animation too. To be able to animate in full RGB without shoving palettes down our collective throats. Well, some people on the Standards Committee, some <BLINK>anti-blink tag hipsters</BLINK> who were Running With Scissors cut out that promise and proceeded to punt the animate part of the bargain into the Next MNG generation, which would be a video-killer too and would happen Real Soon Now. The upshot was that the PNG rocket sled hit a big pile of jello, While MNG was languishing, a whole generation of web-folk faced difficult times with GIF in which open source tools generated bloaty files unless you compiled them yourself (because they did not to fork money or paperwork to license the LZW) and the world was treated to... more of GIF! It is today's GIF! And do we have those <BLINK>anti-blink tag hipsters</BLINK> to thank? No, that is not really fair, they just wanted to build a better world. But bad decisions in retrospect do happen. /NOTSARC
But Flash is different! Never mind how useful it has become, it must be killed. Because in this silly Collectivist world of planned obsolescence it is not enough to succeed. Something old must be declared evil, be systematically dismantled and ultimately fail not on its own lack of merit, but because some all seeing Standards Committee wishes to keep Joe Sixpack safe while driving drunk on the web. The insurance companies have already factored in the liability for HTML5 vulnerability coverage so we're good there. /SARC
From this day forward, any zero day vulnerabilities in HTML5 code will be tolerated in the civilized manner, and any emerging Flash exploits will be blamed on the Iranians and North Koreans, and those who continue to use and support Flash will have their hip-credentials revoked. /NOTSARC And we're ready to destroy all those vinyl LP phonograph records too, all the music that matters has been reissued, yeah, fuck that old music. /SARC
Because, God Forbid, the whole human race could never just gather to re-write a popular primitive procedural language without creating a shitload of new exploitable errors. It just cannot be done. /SARC
<blink>down the rabbit hole</blink>
Maybe if HTML V5 didn't suck donkey balls Flash would be easier to kill.
HTML V5 is a classic case of "We need to replace X with something" without ever bothering to find out if that something is BETTER than what its replacing! HTML V5, despite being in development for how many years now? Still can't do even half of what Flash can, no animations so all your flash games are right out, its a GIANT resource hog, if you don't believe me just turn off hardware acceleration (which they use to cover how much of a pig it really is) and see how badly it slurps up RAM and CPU. With Flash a 2004 Sempron has no trouble playing 720P at 30FPS, with HTML V5 without a GPU cooking in the background to cover for it anything less than a C2Q is gonna feel like a slideshow and if your mobile doesn't have hardware acceleration? Forget it, its unusable. And this is ignoring the rotting elephant in the room, that Apple and MSFT have loaded the spec with DRM and H.264, the most patent encumbered video format in history...and we want THIS to be a web "standard"? Well I hope you Linux users didn't actually want to be able to watch video in the future.
Does Flash need replacing? Absolutely as I really don't see Adobe managing to fix the numerous issues with the format, but we need to replace it with something better in every way than Flash and so far HTML V5 seems more like a love letter to hardware OEMs and DRM loving corps than it does an actual replacement. When comparing features and performance its not even a side grade its really a downgrade as it can't do as much as the previous format, sucks more resources than the previous format, and has serious patent issues...and this is an "improvement"?
ACs don't waste your time replying, your posts are never seen by me.