Slashdot Mirror
The Agonizingly Slow Decline of Adobe's Flash Player
harrymcc writes: Security and performance issues with Adobe's Flash Player have led to countless calls for its abandonment. But a significant percentage of major sites still use it--and many of those companies aren't eager to explain why. Over at Fast Company, Jared Newman investigates why Flash won't disappear from the web anytime soon. From the article:
Despite the pressure from tech circles, the sites I spoke with said they simply weren’t able to start moving away from Flash until recently, when better technology become available. And even now, it’s going to take time for them to finish building the necessary tools.
"Originally, Flash was necessary to solve a couple problems," says Adam Denenberg, chief technical officer for streaming music service iHeartRadio. "Streaming was difficult, especially for live stations, and there were no real http-supported streaming protocols that offered the flexibility of what was required a few years back."
called for an end-of-life date on Flash, and wants Adobe to commit to it, yet they're one of the worst offenders for requiring Flash to play videos when h.264 and WebM exist......
The preceding post was not a Slashvertisement.
I don't mind ads (I really don't) as long as they stay in the side of the page and don't try to play audio or video. I run Flashblock in all browsers to avoid this type of thing and have started to run ad-blockers just to kill off the videos that are starting to come through HTML5. If there was a common browser option to never play audio/video unless specifically requested (similar to Flashblockers - if you click on it you really want to see it) then I'd be perfectly happy.
I'd love to remove flash from my system but unfortunately I need to use VMware's VCenter client. Same goes for the shitty insecure version of java I need to keep so I can run Unisphere and FC switch management tools. It's irritating as fuck I have to keep these turds on my disk.
Solving Unix problems since 1989...
i don't know if anyone's really noticed, but flash's real-time adaptive video CODECs are actually incredibly good. i created a video chat site a few years back [tried red5 as the back-end server, and finally got to actually put some reality behind why i detest java. up until then i'd only known *theoretically* why java is a piss-poor language compared to the alternatives...]
anyway, leaving the back-end alone as it's a red herring, i was deeply impressed at how little bandwidth each video window could be given yet still remain audible and actually convey useful video information. i restricted each user to a paltry 10k-bytes (!) of bandwidth - that's for video *and* audio, limited the window size to 240x180, and was absolutely amazed to find that the video would easily recover from drop-outs.
basically what would happen is that during a drop-out, audio would be prioritised, and video would pause. recovery of the video stream (which could be done *precisely because* i had set the bandwidth so low) would literally "unfold" before my eyes, in exactly the same way that you see those 1980s pop video and children's programs "pixellation" effects.
basically they would transmit a crude video image, then send the improvements as a second round, then a third, and so on. now, here's the thing: i have looked for "adaptive video" algorithms in the past, and, whilst there exists an effort to create such a standard as a public standard, it's simply completely behind the times.
adobe managed it *years* ago... yet no open standard exists in common usage which comes even remotely close to successfully replicating this.
i appreciate that technically, it's incredibly challenging to get right. even the team behind skype - when they sold and created a real-time video streaming company "joost" - failed after a few years and gave up.... but what people forget is that *adobe already succeeded*. ... what has been substituted in its place? well, sure, we can do real-time video browser-to-browser.... but the assumption is that there is "perfect conditions". perfect bandwidth. perfect connections. no drop-outs. no brown-outs. zero latency.
adobe's solution isn't perfect: i know from experience that after a few hours, the real-time adaptive video stream *can* get out-of-sync (by over a minute in some cases), and will "recover" in a flurry of fast-forward stop-motion frames. really quite hilarious to witness. but, the only other alternative that i know of which is even *remotely* close to replicating what adobe did is *another* proprietary video codec, behind "zoom.us". it's developed by a former developer behind cisco's real-time video system. which uses flash in some places, and java in others. and is dreadful and unreliable, and has latency often of up to 1..5 seconds. unlike zoom.us which works incredibly well, and has very little latency.
so i'm going to call this article out, as entirely missing the point, namely that there *really* aren't any good alternatives to the core of what flash does really really well, but the problem is that they should have released the entire client and server as software libre under the LGPL a long, _long_ time ago because it just doesn't make them any money, and they just don't have the manpower to keep on fixing the security issues any more.
I don't mind ads (I really don't) as long as they stay in the side of the page and don't try to play audio or video.
But you are ok with them tracking your browsing? Personally I find most ads to be intrusive, annoying and sometimes downright creepy but the tracking is the worst aspect of the whole thing. And the people doing the advertising can't help themselves in trying to track what I'm doing which is why I have AdBlock Plus, BetterPrivacy, PrivacyBadger, Flashblock, etc all installed at the same time. They started this arms race and I'll be damned if I'm going to lose.
I have NO problem paying for a site or service I find valuable and I do pay for some. If they base their business model on pushing annoying ads at me that I can block then that is their problem, not mine.
Not only are ads a known vector they are quickly becoming the primary vector. Ad companies keep poking security holes in your computer and web pages so they can display more ads. Run Adblock for a week and then switch to IE. The difference is amazing.
i thought once I was found, but it was only a dream.
No, streaming is actually hard. Mostly, it's hard for streaming to be efficient across an active medium like a data network. A passive medium (or one-way medium) is much better suited to streaming. On a data network, the request to receive the stream is usually a two-way handshake over TCP, followed by a UDP video stream. The control connection stays TCP, and is kept open (or at least available) for the entire duration of the UDP stream. (This is the mess that is known as RTP, RTSP, and RTMP. And they're pretty much the best option out there. All other working options are variations on and combinations of these three with only slight modifications.)
Now, most of these services aren't actually streaming anything. They're providing a download in a format that allows for playback of progressive downloads. That brings all kinds of other "problems" that the media companies don't want, like the ability for the recipient to keep what they downloaded and play it, edit it, or otherwise do "unauthorized" things with it (air-quotes around unauthorized because the mere act of presenting it for download is all the authorization anyone legally needs).
Flash needs to die. It's incredibly insecure, unstable and a total resource hog. It has no place in 2015.
People keep saying this, and yet...
To my knowledge, there is no actual evidence to show that browsers are significantly better on security. The major ones all fix critical vulnerabilities regularly, it just doesn't get as widely publicised. (Don't believe me? Go check the changelogs for recent releases of your browser of choice.) Moreover, if browsers do start to offer all the same functionality as Flash but natively, they'll also increase their attack surface accordingly. Of course if you compare a browser against the same browser with a plugin then the second combination has a larger attack surface, but right now that is an apples-to-oranges comparison.
I see little evidence of Flash being unstable, and haven't for years. It's much harder than it used to be to hang or crash browsers generally these days, too, but when it does happen it's almost invariably a glitch in the browser itself. (This assessment is based on building various web applications for a living, and the reasonable assumption that consistent trends shown across long-term bug tracking for a variety of otherwise unrelated projects is probably quite accurate. YMMV.)
Finally, as for resource hogging, since sites like YouTube went to HTML5 video, I see my graphics card core speed, and consequently its temperature and eventually fan speed, ramp way up just from watching a video. Since web sites started using funky browser-accelerated tricks with modern JS, same result, and often CPU cores ramping up as well. Older sites that use Flash for similar video or graphics demo tricks sit there quite happily, barely troubling either the CPU or GPU for anything it seems. (Again, this is just based on long-term monitoring and performance testing with objective tools. YMMV, but it's hard data from the machines I use for web development work.)
And Flash still has cross-platform consistency and portability that things like HTML5 video are sorely lacking, and still offers some features that the browser-native tools don't.
The dogma that Flash needs to die needs to die. Flash can die when the browser-native alternatives are actually better.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.