Slashdot Mirror

← Back to Stories (view on slashdot.org)

Senator Asks US Agencies To Remove Flash From Government Websites (bleepingcomputer.com)

Posted by msmash on from the get-rid-of-this-already dept.

An anonymous reader writes: In a letter sent today, Oregon Senator Ron Wyden asked officials from three government agencies (NIST, NSA, DHS) to come up with solutions and procedures that mandate the removal of Adobe Flash content from all US government websites by August 1, 2019. The Senator is urging US government officials to act in light of Adobe's Flash end-of-life date scheduled for the end of 2020, after which Adobe announced it would cease to provide any technical support for the software.

Senator Wyden is hoping to avoid a situation like the one of Windows XP, which US government agencies still use, despite Microsoft retiring the operating system back in 2014. Besides removing Flash from its websites, the Senator would also want Flash removed from computer of employees by the same August 1, 2019 deadline.

57 comments

  1. Ask away by arth1 · · Score: 0

    He can ask, but that doesn't mean it will be done. If anything, I'd be willing to bet that those deadlines will not be met.

    1. Re:Ask away by mysidia · · Score: 1

      He can do a hell of a lot more than "ASK". He can push. He might even be able to find a law on the books they're breaking if they don't move off flash, or he might get a new law put on the books they will be violating if they miss the deadline.

      He's a Senator, and apparently a very IT tech-savvy one, which is a refreshing thing to see... since he knows about the Flash deprecation. If they don't provide a satisfactory answer, then he can potentially sponsor legislation or an amendment to legislation that will get passed requiring that they meet the deadline Or prohibit any further IT spending on equipment including maintenance, power, and network connectivity, until all Adobe flash-related software and flash-based executable objects (SWF, FLV) are removed from that equipment.

    2. Re:Ask away by Anonymous Coward · · Score: 0

      Isn't there a requirement that all US gov sites (including vendors) are 508 compliant? Far as I know flash doesn't work with screen readers.

      Unless these things already had text alternatives they were illegal to begin with.

    3. Re: Ask away by Anonymous Coward · · Score: 0

      Keywords from the 1994 amendment that may be bent out of shape and too liberally applied.

      "...unless an undue burden would be placed on the agency."

      In some cases I can see that. In others I can see it just used as a catch all crutch.

      I have seen IT departments do their best for some sensory disabled employees but I don't see too many around the military.

    4. Re: Ask away by Anonymous Coward · · Score: 0

      It is burdensome financially and in terms of schedule to be 508 compliant for everything.
        One of the biggest problems is reusing HTML components that are open source. They never have built-in support for disabilities.

    5. Re:Ask away by Anonymous Coward · · Score: 0

      While I'm not convinced that Flash should be deprecated, the simple truth is that it is going away, so it is prudent to move on.

      The major danger is a government department will simply remove the content rather than bothering to change it to HTML 5. (e.g., UC Berkeley being pushed to add subtitles to their lectures because of a ruling. However, wasn't worth the effort, so they shut the whole thing down instead. Upshot, everyone loses except for the self-righteous.)

    6. Re:Ask away by thomst · · Score: 1

      Speaking of Ron Wyden, of Oregon, mysidia noted:

      He can do a hell of a lot more than "ASK". He can push. He might even be able to find a law on the books they're breaking if they don't move off flash, or he might get a new law put on the books they will be violating if they miss the deadline.

      He's a Senator, and apparently a very IT tech-savvy one, which is a refreshing thing to see... since he knows about the Flash deprecation. If they don't provide a satisfactory answer, then he can potentially sponsor legislation or an amendment to legislation that will get passed requiring that they meet the deadline Or prohibit any further IT spending on equipment including maintenance, power, and network connectivity, until all Adobe flash-related software and flash-based executable objects (SWF, FLV) are removed from that equipment.

      Well ... no.

      As a senator of the minority party - which he currently is - he can propose legislation for which he can find a majority party co-sponsor. If he can find co-sponsors in the House, all the better - but even with both conditions being true, there's still no guarantee that any legislation he proposes will be adopted by both houses, and signed by the current president.

      He can't even hold hearings on the subject, because that's not how our system works for the out-of-power party, these days.

      Wyden can make a pain in the ass of himself, however, should he so choose. Press releases from siting senators at least get read, and their press conferences draw reporters, as well. He can, optionally, send demand letters - which I suspect would have no legal force, although it can't hurt to try - or even physically enter (or attempt to enter) their premises, and demand to speak with the boss honcho. Live, on camera, surrounded by media persons, of course.

      But, as you note, he's probably the most tech-savvy senator, with Patrick Leahy of Vermont as a respectable second. Conrad Burns of Montana (a Republican) used to be third, but he was defeated by Jon Tester in 2006.

      He's also dead, so there's that ...

      --
      Check out my novel.
    7. Re:Ask away by i.r.id10t · · Score: 2

      Depending on the actual flash content, it is likely that someone could raise a stink related to the ADA ...

      --
      Don't blame me, I voted for Kodos
    8. Re:Ask away by Anonymous Coward · · Score: 0

      Loosing video lectures is not much of a problem - since video lectures is a horrible concept anyway.

      The point of lectures is the interactivity. You show up, so you can ask questions. Watching lectures without the option of talking to the lecturer, is just like reading the books on your own. Could be useful, but nowhere near the utility of attending.

    9. Re: Ask away by Merk42 · · Score: 1

      One of the biggest problems is reusing HTML components that are open source. They never have built-in support for disabilities.

      If the HTML components are open source, then built-in support for disabilities could be added.

    10. Re: Ask away by Anonymous Coward · · Score: 0

      Most of legislation is being passed painlessly every working day. This looks like one of those routine propositions. They only "fight" on highly politicised PR stunts.

    11. Re:Ask away by mysidia · · Score: 1

      Usually they aren't hiding text in Flash or using Flash for the sake of just using Flash, so there's
      probably no grounds for ADA complaints.... After all, the replacement is HTML5 scripting, which pretty
      much has the same characteristics.

    12. Re:Ask away by arth1 · · Score: 1

      He's also dead, so there's that ...

      That didn't stop Strom Thurmond for the last couple of decades before they buried him.

  2. NWS radar loops use Flash by tepples · · Score: 4, Informative

    As of July 2018, the default "enhanced version" of each National Weather Service radar loop still uses Flash. The "standard version" uses an animated GIF.

    Examples: standard radar loop for Northern Indiana; enhanced radar loop for Northern Indiana

    1. Re:NWS radar loops use Flash by Anonymous Coward · · Score: 1

      Once again proving that gif is awesome and we need to get the hell out of Indiana.

    2. Re:NWS radar loops use Flash by Anonymous Coward · · Score: 0

      https://radar.weather.gov/Conus/centgrtlakes_loop.php

      https://radar.weather.gov/Conus/full_loop.php

      JIF is peanut butter.

    3. Re:NWS radar loops use Flash by White+Yeti · · Score: 1

      Thanks for the tip! I never tried that standard/enhanced link. Now I can see the loops on my phone!

  3. Wow - impressed by Anonymous Coward · · Score: 0

    There is actually a senator out there with more than two brain cells to scratch together!

  4. Why is it going away ? by dargaud · · Score: 0

    I have to ask, what brings a company to disregard such a highly used product ? I mean, it's not like they are replacing Flash with something newer, better or shinier. Granted HTML5 can do most of what Flash was doing, but Adobe could very well decide to keep milking it for all it's worth (and more) forever. Is it fear of being sued when the next 0-day takes over half the web ? Support costing more than revenue from Flash compiling suites ? Just curious, I actually loathe Flash.

    --
    Non-Linux Penguins ?
    1. Re:Why is it going away ? by nitehawk214 · · Score: 2

      Everyone hated flash when it was a highly pushed and supported platform. Adobe realized that everyone hates it and have been trying to kill it for years.

      Why would Adobe continue to support something that no longer makes money and causes ire and hate to be directed at them?

      --
      I'm a good cook. I'm a fantastic eater. - Steven Brust
    2. Re:Why is it going away ? by Anonymous Coward · · Score: 0

      Apple was the main reason Flash got a death sentence.

    3. Re:Why is it going away ? by AuMatar · · Score: 4, Insightful

      Because they realized it was insecure by design, could not be made secure, was one of the highest causes of security incidents on the web, and was actively giving the company a bad name- and could become a source of legal issues for negligence and culpability.

      --
      I still have more fans than freaks. WTF is wrong with you people?
    4. Re: Why is it going away ? by dishpig · · Score: 1

      No, this is a oft quoted trope. Google is the reason Flash is dead. SEO, my friend.

    5. Re: Why is it going away ? by Anonymous Coward · · Score: 0

      No, this is a oft quoted trope. Google is the reason Flash is dead. SEO, my friend.

      the never ending stream of security alerts and out of cycle upgrades has nothing to do with it

    6. Re:Why is it going away ? by Anonymous Coward · · Score: 0

      They don't want to maintain it on every OS and CPU? Did they ever release a plugin for one of these :

      - Android on x86
      - Android on ARMv8
      - Linux on ARMv8
      - Linux on ARMv7
      - Windows on ARMv8
      - Linux on PowerPC 64bit low endian

      I stopped using it when it started requiring SSE2 on x86 (so, not even supporting the old computers)
      Though I had it a bit on my linux desktop for a couple games, an OS installation ago.

    7. Re:Why is it going away ? by Tablizer · · Score: 4, Interesting

      Everyone hated flash when it was a highly pushed and supported platform.

      Hold on there, the actual story is nuanced.

      Designers, marketers, and bosses loved it because you had WYSIWYG control over everything. You were not dependent on gijillion browser brand and version combinations all rendering placements differently or having different JavaScript bugs. You saw the preview and it worked just about the same way on every user's PC.

      And end-users didn't really care as long as it worked and Flash applications loaded relatively quick. Installation and upgrade steps and problems got to them sometimes, and reports of security problems combined with these installation headaches finally made it not worth it to them. That's when the slow decline started. Adobe using upgrades to sneak junkware onto PC's via sneaky prompts didn't help matters.

      Some slick games and gizmos used Flash. HTML5/JS versions of equivalent still seem glitchy and browser-version-sensitive to me. Whether it will eventually settle, or some new trend/fad will break it worse is hard to say.

      Dealing with ever-mutating fat clients (browsers) is still an ongoing pain and a yuuuge IT labor drain. It's job security for us IT workers, but you do have to marvel at the jillions of hours of diddling and fiddling it causes. The first generation wasted time replacing mainframe vacuum tubes, the current generation wastes time testing & debugging on myriad browser variations.

      Every generation will probably be a slave to its own tech limitations. In the minicomputer era, I remember how we spent a lot of time babysitting modem-related problems. In the desktop era, we had installation problems such as DLL-Hell (DLL version conflicts). At least in the minicomputer and desktop era, once the app got running, you usually had consistent front-end rendering.

      --
      Table-ized A.I.
    8. Re:Why is it going away ? by tlhIngan · · Score: 2

      Some slick games and gizmos used Flash. HTML5/JS versions of equivalent still seem glitchy and browser-version-sensitive to me. Whether it will eventually settle, or some new trend/fad will break it worse is hard to say.

      It depends. If the grame or application is programmed as a web game, it will likely be glitchy.

      However, the new trend is WebAssembly, and you don't code in it directly, but use a cross-compiler. You write your code in C and it compiles down to a bunch of javascript (using a highly restricted subset that runs really fast) and your code runs. plugin-free.

      The Internet Archive has plenty of play-in-browser DOSbox based games done like this. There are also in-browser versions of MUNT and other music players.

      And the whole reason we have WebAssembly was someone at Mozilla wanted to have Unity be plugin-free (which created asm.js). So the future of web games is likely to be games that can be run natively or be run in a browser if a native runtime is not available.

    9. Re: Why is it going away ? by Anonymous Coward · · Score: 0

      And Apple taking a stand and completely disabling it on their own hardware, or the insane system requirements, the fact these requirements have gone up into extremes with little increase in functionality, ads using them causing browser lag and security issues, reliance on a third-party plugin to make some websites function, and only being good for games.

    10. Re:Why is it going away ? by Anonymous Coward · · Score: 0

      Flash as a platform would have worked indefinitely if not for its most visible, still visible, and once nearly ubiquitous face: used as a video wrapper.

      Had it not been for the aggressive and largely successful attempt to gain install base by marketing and deploying its use absurdly and superfluously as a media wrapper, the Flash platform, and all the cool and powerful things it allowed developers to do on all OS platforms seamlessly, might still be not a bad choice for some development, if used for what it was powerful at developing, complex interfaces, etc.

      Imagine how long any other multiplatform software development platform would remain acceptable if early in its natural adoption, a proprietary base expeanded everywhere that was an overkill heavyoverhead braindead solution to a minor problem already solved in many ways, such as streaming video off the web.

    11. Re:Why is it going away ? by Anonymous Coward · · Score: 0

      Because they realized it was insecure by design, could not be made secure, was one of the highest causes of security incidents on the web, and was actively giving the company a bad name- and could become a source of legal issues for negligence and culpability.

      What's amazing is that is has apparently taken 20 years for them to 'realize' this.

      Flash has been a gaping security hole (many in fact) for as long as it has existed. And I've been disabling it for almost that long.

      If Adobe is only realizing what we've all known since the late 90s, their management is idiots.

    12. Re:Why is it going away ? by nitehawk214 · · Score: 1

      Ok ok fine, I will amend my statement.

      Everybody with at least half a brain hated flash.

      But, seriously, I do understand what you mean. It was an easy way to roll out rich apps in an era where there were few options. (ActiveX? Yuck. Applets? Ha!) I am already starting on my own DLL hell as I am looking to upgrade 10 year old javascript frameworks to modern ones like Angular 4 (or maybe something more stable, whatever happened to Angular 3, anyhow?)

      --
      I'm a good cook. I'm a fantastic eater. - Steven Brust
    13. Re:Why is it going away ? by Raenex · · Score: 1

      Designers, marketers, and bosses loved it because you had WYSIWYG control over everything.

      Yes, they did. Let us not forget.

      And end-users didn't really care

      End-users did care because Flash was most notoriously known for obnoxious ads.

  5. Unusual by beep54 · · Score: 1

    Someone in Congress is proposing something rational. Perhaps a trend will begin,,

  6. I'm impressed with Senator Wyden. by Futurepower(R) · · Score: 2

    Again and again, Ron Wyden's leadership is logical and good for the country.

    Perhaps Senator Wyden can be encouraged to run for President of the U.S. in 2020.

    1. Re:I'm impressed with Senator Wyden. by Anonymous Coward · · Score: 0

      Ever notice how whenever a Republican senator does something good, no one mentions the party? Oh, wait!

    2. Re:I'm impressed with Senator Wyden. by mysidia · · Score: 1

      Perhaps Senator Wyden can be encouraged to run for President of the U.S. in 2020.

      Patience patience.... I want to see him first get a plan out of these guys to have all the government systems mandated to be switched away from this deprecated Windows OS to something more respectable and secure.

    3. Re:I'm impressed with Senator Wyden. by eaglesrule · · Score: 3

      So am I, and always vote for him, but it's difficult to reconcile someone who both champions against government abuses such as mass surveillance and FISA, but also consistently votes to impede a citizen's right to possess firearms.

      Not just sensible gun control measures, but absurdities such as voting against the Protection of Lawful Commerce in Arms Act, in support of allowing gun and ammo manufacturers to be sued into oblivion for the acts of criminals.

      I suppose some leeway must be granted in considering the kind of company he keeps. It just goes to show that no politician is ever ideal.

  7. The senator has a point by ClickOnThis · · Score: 3, Funny

    I'll just leave this here.

    --
    If it weren't for deadlines, nothing would be late.
  8. Remove Flash From Government Websites by fahrbot-bot · · Score: 4, Funny

    Aquaman and Cyborg will be removed next. Batman, Superman and Wonder Woman will stay.

    --
    It must have been something you assimilated. . . .
  9. Adobe Mismanagement by Layth · · Score: 1

    Flash had so much potential but was mismanaged to death.. quite literally apparently.
    Apple didn't want flash running on it's phones but that's a total non-issue because how many of us open a web browser on our phones to interface with rich content? Basically nobody - we all use apps! And Flash code can seamlessly port to ios or android as an app and many of the top games were made in flash for a long time. You probably didn't even know you were running flash code because it was ported.

    It's ridiculous and a little bit funny that this platform died bc adobe didn't understand it's utility.

    1. Re:Adobe Mismanagement by roc97007 · · Score: 1

      Problem was, there was, and still is, content on the web that's only available via flash. It's not just an issue of not being able to see it on phones, but that applies to tablets also, a device who's primary purpose was content consumption.

      I think Apple was trying to force the issue, and make the holdouts switch to something else (html5?). Android followed suit a little later. So flash should have died then, right? Instead, the content became "desktop only".

      --
      Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
    2. Re:Adobe Mismanagement by Anonymous Coward · · Score: 0

      Aren't there still a bunch of cartoons made using flash? It's not like it didn't have its uses. It was just an absolutely horrible kludge for the web.

    3. Re:Adobe Mismanagement by Anonymous Coward · · Score: 0

      how many of us open a web browser on our phones to interface with rich content? Basically nobody - we all use apps!

      And the name of that app is..

      ..Firefox.

    4. Re:Adobe Mismanagement by Anonymous Coward · · Score: 0

      Nah, despite it's own significant to horrific flaws, compared to the dog-poo-dumpster-fire that is HTML+JS for application development (vs it's intended purpose, web pages with a bit of interactivity) it was positively amazing.

      Note how all the modern javascript frameworks (and mobile APIs!) attempt to replicate Actionscript + Flex

    5. Re:Adobe Mismanagement by GrBear · · Score: 1

      I don't blame Adobe as much as I blame Macromedia. The first two version of Flash and Dreamweaver were actually decent programs. Shortly after Macromedia moved it's development to India and the software went to complete shit.

      Adobe inherited a mess from Macromedia. Where I do blame Adobe is their continuation of said mess instead of trying to clean it up.

  10. Remove IE only pages too by xack · · Score: 1

    But don’t replace them with Chrome only ones.

  11. But what about Silverlight? by Anonymous Coward · · Score: 0

    We have to still install and support it since Microsoft suckered so many government web sites under Obama into requiring it.

    1. Re:But what about Silverlight? by snapsnap · · Score: 1

      True, but we have to deal with a lot more government websites that use Flash than Silverlight. Adobe Flex was a great reporting platform for over a decade so I can understand why the government used it, but I don't get why they would ever use Silverlight except due to pressure from Microsoft.

    2. Re:But what about Silverlight? by Anonymous Coward · · Score: 0

      Obama accepted a lot of money from Microsoft so it's understandable why he pushed Silverlight.

    3. Re: But what about Silverlight? by Anonymous Coward · · Score: 0

      And RealPlayer, Quicktime, and Netscape Navigator!

      Waahhh

  12. this should unite us by Anonymous Coward · · Score: 0

    There are a lot of flame wars in the /. comments. systemd, Trump, vi/emacs, perl/php/javascript in general, comic book libertarian vs spoiled SJW vs whoever else dares. Incels, Hillary, men's rights, stinky puppies (sp?), goatse. All of these are worthy of excessive flaming and ./ does not disappoint.

    Here, however, is a cause that should unite everyone* who has ever had one or two or more ./ user ids. Flash. Must. Die. I wrote actionscript for good money for a while, and yes I'll command line compile it if the money's right even now (so will you) Hell I still write php and do Wordpress which is the programming equivalent of cleaning toilets, but Flash on the web must die. DIE DIE DIE. DIIEEEE !!!!

    Join with me as we march together arm in arm, okay not arm in arm, towards sanity and victory.

    * that is everyone who's anyone (dons flameproof suit)

  13. Keep it simple by Anonymous Coward · · Score: 0

    Just migrate from Windows to Linux is the best solution for the Government.

  14. DoD *requires* Flash for cyber training!! by Anonymous Coward · · Score: 0

    Anyone who is an employee of the DoD (either directly or as a contractor) is laughing about this story. For several years now, all such employees have been required to take an annual "cyber awareness challenge" which is a childish wanna-be video game about cyber and physical security practices. Taking the challenge *requires the use of Flash*. Seriously. So, in the case of contractors, the user is required to "drop shields" and install Flash in order to take and pass the required cyber security training. Govt computers come imaged with Flash installed. Fact is stranger than fiction. I sincerely support Sen Wyden's efforts on this matter, its long overdue. Google "cyber awareness challenge".... when you get to the page, note the requirements at the bottom, including "Flash 10.3+"

    1. Re:DoD *requires* Flash for cyber training!! by Anonymous Coward · · Score: 0

      Does the challenge just go
      "oops, you enabled Flash, guess you aren't very aware of cyber security. FAIL"

  15. IE11 too! by Anonymous Coward · · Score: 0

    Can we stop supporting IE11 while we are at it?