Slashdot Mirror

← Back to Stories (view on slashdot.org)

Petition Asks Adobe To Open-Source Flash To Preserve Internet History (bleepingcomputer.com)

Posted by EditorDavid on from the extra-Flashy dept.

An anonymous reader quotes BleepingComputer: A petition is asking Adobe to release Flash into the hands of the open-source community. Finnish developer Juha Lindstedt started the petition a day after Adobe announced plans to end Flash support by the end of 2020. "Flash is an important piece of Internet history and killing Flash means future generations can't access the past," Lindstedt explains in the petition's opening paragraph. "Games, experiments and websites would be forgotten." The developer wants Adobe to open-source Flash or parts of its technology so the open-source community could take on the job of supporting a minimal version of the Flash plugin or at least create a tool to accurately convert old SWF and FLA files to modern HTML5, canvas data, or WebAssembly code... Lindstedt is asking users to sign the petition by starring the project on GitHub. At the time of writing, the petition has garnered over 3,000 stars.
A reporter at ZDNet counters that "the only way to really secure Flash is to get rid of it... If Flash lives, people will continue to use it, and without security support, it will be even more insecure than ever." He points out there's already several programs that convert Flash into other formats -- and that Adobe already open sourced its Flex framework for building Flash applications back in 2008 (now supported by the Apache Software Foundation as Apache Flex). "In other words, we don't need the Flash source code to convert or create Flash files. Just let Flash go already...!

"Usually, I'm favor with open-sourcing everything and anything. Not this time. Flash has proven to be a net of endless security holes. It's time to let it go for once and for all.

33 of 167 comments (clear)

  1. Re:That reporter is a moron by Anonymous Coward · · Score: 2, Insightful

    Lets smash all forms of analog storage mediums too! I mean look at all of those vinyl records that have ZERO copy protection! I mean how can we let this be! Destroy it all! Fuck preservation of history!

  2. Let it die. by Anonymous Coward · · Score: 2, Insightful

    Don't open source it. Don't share or preserve it. Shoot it and bury the remains. It needs to go away. That's the point of EOLing it.

    1. Re:Let it die. by KiloByte · · Score: 2

      Also, Flash being moribund is kind of a blessing here -- a game from 2010 or 2005 is pretty unlikely to use an exploit announced in 2017.

      --
      The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
    2. Re:Let it die. by Gondola · · Score: 2

      Adobe will never open source it in a million years. It's the most insecure piece of trash and is being EOL'd because new vulnerabilities keep showing up and Adobe isn't making enough money off of it anymore to warrant the team of coders to try to keep up with all the security issues.

    3. Re:Let it die. by serviscope_minor · · Score: 2

      as relevant as asking to EOL C++ or PHP. Nobody uses any of those to execute code in the browser.

      Sorry, buddy, I;ve got news for you...

      https://en.wikipedia.org/wiki/...

      And with that you can run C++ in the browser. It sounds like a gimmick but it's not. I know people using it in production for serious stuff. Because C++ is rather parsimonious and ASM.js actually maps well enough to the hardware (it's essentially to within some not outrageously huge constant factor of actual native code) stuff written in C++ runs faster than any reasonable thing it's possible to run by-hand in JS.

      Writing in C++ means you can deploy the same core to mobile devices and browsers and have it about as efficient as it's possible to get in any of them. If you're actually deploying a program via the browser instead of a web page, then really matters.

      Plus having to only maintain one codebase is a real boon.

      --
      SJW n. One who posts facts.
    4. Re:Let it die. by modmans2ndcoming · · Score: 3, Insightful

      lol...EOL C#? why not EOL C and C++ while you are at it.

    5. Re:Let it die. by Khyber · · Score: 4, Funny

      Do open source it so we can look at the hackjob shitpile that is Adobe code and learn from their utter fuckups, and get a laugh at the same time!

      --
      Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
    6. Re:Let it die. by theArtificial · · Score: 2

      And with that you can run C++ in the browser. It sounds like a gimmick but it's not. I know people using it in production for serious stuff

      The argument that JavaScript is actually close to the hardware really made my evening. We are living in the future!

      --
      Man blir trött av att gå och göra ingenting.
  3. Kinda shortsighted counter.. by Anonymous Coward · · Score: 5, Insightful

    To the guy who countered that flash should just be forgotten rather than open-sourced, his excuse for doing so is stupid.

    Yes, Flash in it's current closed-source state is riddled with security holes and vulnerabilities. However if it got open-sourced then one of the first things people would be able to do for the first time ever is pour over the source - find all those security holes - and fucking FIX them.

    And so long as that's the only thing people do with flash once it's open sourced (no more feature creep added by Adobe) then it should be just fine.

    1. Re:Kinda shortsighted counter.. by Anonymous Coward · · Score: 2, Insightful

      How does making something "open source" magically make it bug-free and highly secure? Perhaps Flash is just so old, large and convoluted that there really isn't any way to completely fix it. It could be a hopeless cause and not some product of an "evil corporation" that seeks profit over security,

      Make something to convert AWAY from Flash but please don't keep Flash alive.

      PS: how long before Firefox becomes a completely bug-free and highly secure version of Netscape Navigator?

    2. Re:Kinda shortsighted counter.. by TeknoHog · · Score: 3, Insightful

      Flash should be kept alive for the same reason we have museums of Nazism -- to remember history and learn from it.

      --
      Escher was the first MC and Giger invented the HR department.
    3. Re:Kinda shortsighted counter.. by LesFerg · · Score: 3, Funny

      How does making something "open source" magically make it bug-free and highly secure?

      Didn't you know open source has magical properties? Masses of people will suddenly give a shit about the state of the code and want to fix it. After all, when did an open source project ever stagnate and die from lack of interested developers? ... oh right...

      --
      If I had a DeLorean... I would probably only drive it from time to time.
    4. Re:Kinda shortsighted counter.. by shess · · Score: 2

      And so long as that's the only thing people do with flash once it's open sourced (no more feature creep added by Adobe) then it should be just fine.

      I suggest you do a review of open-source software. For every case like Linux where there's a core pushing things in the right direction, there's a case like GNOME where rather than actually fix things, every so often they just give up on the old version and tell everyone to convert to the new incompatible version. Whether a project is open-source or closed isn't really relevant.

      https://www.jwz.org/doc/cadt.h...

    5. Re:Kinda shortsighted counter.. by tlhIngan · · Score: 2

      Yes, Flash in it's current closed-source state is riddled with security holes and vulnerabilities. However if it got open-sourced then one of the first things people would be able to do for the first time ever is pour over the source - find all those security holes - and fucking FIX them

      That's probably why it won't be open-sourced. Adobe is simply too embarrassed about the code.

      You see, Flash Player was free. It was never a revenue generating product (their producer software was the product they were selling). They just wanted to write a run time to make it possible so users of the producer can have others play with the output.

      The whole "security flaw" thing ate into the plans - because it means Flash Player requires active development, and dedicating people to work on a product that generates no direct revenue, so it really costs them money.

      I wouldn't be surprised if it was the most shoddy piece of code ever because it was developed on the cheap since it was a "free" product. And they're not willing to admit it, and open-sourcing would require someone to actually fix up the code state from "this thing actually can be compiled?!" to "OK, it's not the best code in the world, but it won't reflect horribly on us".

    6. Re:Kinda shortsighted counter.. by drinkypoo · · Score: 2

      It's true though, the first thing that happens if Adobe open-sources flash is that black hats scrutinize it to find vulnerabilities they can use against the people who are still running flash. And then they'll develop exploits, and then eventually we'll know there was a hole after a bunch of people get owned.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  4. Wait a second... by Gravis+Zero · · Score: 2

    Is there a petition I can sign for Adobe to delete the source code to Flash? I know it's almost dead but why wait? ;)

    --
    Anons need not reply. Questions end with a question mark.
    1. Re:Wait a second... by 93+Escort+Wagon · · Score: 3, Funny

      Is there a petition I can sign for Adobe to delete the source code to Flash? I know it's almost dead but why wait? ;)

      NO. I have a bar bet regarding how many times the comment "# For the love of God, fix this before next release!!!" appears in the source.

      --
      #DeleteChrome
    2. Re:Wait a second... by arth1 · · Score: 4, Insightful

      If 5000 so-called artists want to save Flash and 500000 programmers want to kill it, Adobe will have to go with the higher number.

      Few things have caused as much damage as old religious texts and their users, but I don't want them destroyed. They should be kept so we can remember history and not be doomed to repeat it.
      A majority, no matter how big, should not be allowed to erase part of history, whether it's burning books or wiping code. This is especially true for bad history.

  5. Here's an idea by Anonymous Coward · · Score: 5, Insightful

    Wait until it's completely dead, buried, and gone, even from grandma's old Windows XP machine, THEN open-source it for the sake of history, when there's no risk anyone is ever going to start using it again.

  6. Re: OMG NO!!!!!! by Anonymous Coward · · Score: 3, Funny

    Systemd.flash

  7. huuuuuge can of worms there by v1 · · Score: 4, Insightful

    Oh, you think Flash is a security problem now? Publish the source code to it. The malware writers will go over that with a fine toothed comb, and the rate of zero-days will go up by a factor of 10 until they finally exhaust it.

    That, and everyone and their mom will be forking it to try to patch the holes they find. It'll be complete chaos.

    Though... now that I think about it.... that will make flash SOOO much more of a security hazard that even most of the morons that are refusing to migrate their old crap will be forced to action. Maybe that'll be a net good? "Difficult to say... always in motion the future is."

    --
    I work for the Department of Redundancy Department.
    1. Re:huuuuuge can of worms there by Anonymous Coward · · Score: 3, Insightful

      SO.. what you're saying is security through obscurity actually does work?

    2. Re:huuuuuge can of worms there by BadDreamer · · Score: 2

      Security through obscurity works as long as the obscurity is there.

      In this case, any bug in the code can be found from painstakingly trying out various combinations of input to Flash. It's a slow method of poking through the obscurity, but it will eventually find all security holes.

      Publishing the source code is simply a quicker way to remove the obscurity.

      In either case, yes, it works as long as the obscurity remains, as is always the case with security through obscurity.

  8. I don't even understand the premise here by HBI · · Score: 3, Insightful

    Someone is going to recreate Flash, Adobe lacks the power to kill it.

    Moreover, whatever people use in preference to Flash in the future will be just as riddled with security issues because, news flash (ha ha ha), the security problems aren't because of Flash itself, they are endemic to remotely delivered applications with untrusted servers. Couple that with an almost entirely useless PKI infrastructure, and we're going to be blaming something other than Flash for the same security issues for years to come. Perhaps forever, unless we go to walled gardens such as Apple's IOS infrastructure or Microsoft's putative Windows Store.

    --
    HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
  9. Flash games stored locally by innocent_white_lamb · · Score: 2

    I have three or four little flash games that I have downloaded over the course of time, keep on my computer, and play occasionally. I could live without them, I suppose; they aren't anything super-spectacular. But I like them.

    It would be nice to some kind of a local flash execution tool for that sort of thing. Right now I load them into Firefox to play them.

    --
    If you're a zombie and you know it, bite your friend!
    1. Re:Flash games stored locally by Rhapsody+Scarlet · · Score: 4, Informative

      Gnash. It's perfectly happy to load locally-stored SWF files and if they're old enough to work on Flash Player 7 (which was released in 2003) then they'll probably work on Gnash.

  10. Re:That reporter is a moron by modmans2ndcoming · · Score: 2

    Fuck that...it needs to die and the ground it is on needs to be salted in 10 feet of salt.

  11. Re:That reporter is a moron by theweatherelectric · · Score: 4, Insightful

    The users still want it

    Users don't know what they want. Users fundamentally don't care if their dancing pigs animation is implemented in Flash or something else.

  12. Re:Has no one heard of Handbrake? by Pathwalker · · Score: 4, Informative

    The "big deal" is things beyond simple video content.

    • * Vector animations, that would lose quality if they were rasterized and compressed.
    • * Interactive presentations; where rendering to a normal video and compressing it would strip out the interactive aspects.
    • * Old games; it was easy for people who were learning how to create games to get started with flash, and there is a huge corpus of games out there which represent an interesting segment of indie game development history.

    Hopefully things like Shumway will provide a path forward for viewing old content in the future.

  13. Adobe will not OpenSource Falsh by williamyf · · Score: 4, Interesting

    Two reasons:

    1.) Opensourcing Flash would probably open Adobe to a lot of possible legal liabilities. It may incorporate technology licensed from 3rd parties, and expurging those from the source takes resources (engineers and lawyers). And even if they did a 100% perfect job removing every single thing non adobe controlled, that does not mean that anyone would disagree with them and take tham to court. That could be a honest disagreement, or some patent troll of sorts seeing what can be extorted...

    2.) Adobe already makes programming tools which allows you to take a FLA or SFW file and convert it to todays HTML5/CCS3/ECMAScript standards. And as time passes, those will get better, and rake adobe lots of £€¥$ .

    The best bet to preserve the parts of the web heavy on flash, is to develop a prupose built minimal browser, only for those sites, where the 2020 version of the plugin resides "as is" with no other plugins or ad-ons, and which can ONLY browse Whitelisted sites... Even better if you develop an addon for 2020 browsers that says "Open in flash" (analogous to the current "Open in IE"Plugins nowadays) and invoke that minimal browser for that site and that alone...

    --
    *** Suerte a todos y Feliz dia!
  14. Digital Smallpox ??? by it_prole · · Score: 2

    Reminds me of the debate about whether we should keep or destroy the last remaining sample of Smallpox.

  15. Re:That reporter is a moron by Ol+Olsoc · · Score: 2

    I agree it's a shame to lose access to old Flash content, but really, some mythical "security" unicorn?

    He's not wrong, you know. Flash is but one security flaw in an ecosystem of security flaws. Eliminating it will make very little difference, as the problem just moves to a new neighborhood.

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  16. No Flash replacement by MoarSauce123 · · Score: 2

    The great advantage of Flash is that you can create a RIA once and it looks and behaves about the same no matter which browser or OS it is run on. HTML5 with JS is FAR FAR FAR away from that. There is no reasonable replacement for what Flash can deliver. With Flash going away the web loses a great tool. And yes, I understand the security issues...then again, cars are inherently dangerous and we still drive every day.