I have to say, I totally disagree with you on that one - print design is totally different to web design in many respects.
For a start, a print designer is working within a fixed area that will always look the same no matter what (well, unless you rip it up!).
With a web designer you need to accept that your design may be viewed at a million and one different screen resolutions, on different platforms and browsers which may render fundamentals such as text or user interface controls differently. On top of that, the implementation of said design now requires you to think about this, and things such as SEO etc.
You also have more fuzzy things, based around interaction. For print, perhaps you want to use embossing or other techniques to make the design feel a bit special. For web, I tend to thing its around how you can interact with a sites functionality (usability, learnability...) and also how well site and browser merge (form autofill, scrolling, copy, paste).
These fuzzy things are often where many Flash-based sites tend to fall down, either perhaps by introducing alien concepts for interactions for the 'coolness' factor, or ignoring these all together with content you cannot copy and forms which you can't autofill - all amounting to a different/jarring/bad user experience.
A good designer for either medium is one who is fully aware of these constraints, and works with them. Although a good print/web visual designer may be able to produce appealing sites, they will often not have a solid understanding of the medium and the nature of interaction, which is where things may fall down.
This issue isn't really the fault of Flash, but more web applications not validating their input and allowing the user to insert HTML tags where they shouldn't.
In my experience, I think a lot of the Flash designers you come across are from animation or print design backgrounds, rather than specifically web design. A few years ago this was definitely the case.
Unfortunately that often means that the designers working on these Flash websites simply don't get the web, or how their content integrates with the page or browser, as well as someone who has been using CSS/HTML/JS for most of their career - they are still treating it as they would a piece of print work with fixed size/resolution, or as an animation with lots of pointless swirly stuff. Obviously, a lot of this may look 'cool' to marketing folks, but may not be entirely appropriate for the web.
I find that it really depends who your designers are - larger agencies who still seem to be very biased towards print work, and an obsession with swirly things; or the more conservative/realistic experience-orientated interactive design shops.
Also, I think this is something which is slowly going away as more 'web' people are drawn to the Flash platform by things such as AIR, Flex and AS3.
I really would like to hear details of the 'vulnerability' just so I can begin checking our code and performing an assessment of wether or not this is a credible and realistic threat to the security of our customers.
In the past, many vulnerabilities have been reported on the Flash player, but most of them follow a similar kind of theme - the rogue SWF file must be created with third party authoring tools, and or modified in a hex editor, in order to put the malicious code in there to begin with. In addition, due to the security sandbox and crossdomain restrictions, it needs to be downloaded from your site anyway. So, its perfectly possible for a SWF to wreak havoc on a user's machine, the only caveat is that someone within a company, with access to the web servers and source code, would need to have created it in the first place - something I'm sure is indicative of a larger problem!
Oddly, most non Flash/web developers tend not to see it that way - I have a beautiful MP3 of a conversation I had with one of our 'Security' people who just consistently ranted on about undisclosed vulnerabilities as a reason not to use Flash in a project.
In my years of working with the web and the Flash platform, I have not yet seen a single workable exploit that could present a credible threat to the majority of Flash user's on the web, not without the user or the site already being compromised in some manner.
The only somewhat grey area is where Flash is used for online advertising, but you will find that most of the main publishers out there are aware of this and perform some level of code review on ads before they go live - I work for a bank and we don't run any 3rd party adverts without seeing the sourcecode and decompiling any SWF assets provided.
Really guys, the Flash platform isn't the cloud of evil you are making it out to be. Granted, it has been used for some really annoying things in the past, but used right, it can really help to deliver a friendly, usable and engaging user experience. In addition, in Adobe's hands we have seen it become more open than ever before - Flex, AMF, Tamarin, all released as open source in the past year. I'd be surprised if this trend does not continue.
Slashdot Mirror
I have to say, I totally disagree with you on that one - print design is totally different to web design in many respects.
For a start, a print designer is working within a fixed area that will always look the same no matter what (well, unless you rip it up!).
With a web designer you need to accept that your design may be viewed at a million and one different screen resolutions, on different platforms and browsers which may render fundamentals such as text or user interface controls differently. On top of that, the implementation of said design now requires you to think about this, and things such as SEO etc.
You also have more fuzzy things, based around interaction. For print, perhaps you want to use embossing or other techniques to make the design feel a bit special. For web, I tend to thing its around how you can interact with a sites functionality (usability, learnability...) and also how well site and browser merge (form autofill, scrolling, copy, paste).
These fuzzy things are often where many Flash-based sites tend to fall down, either perhaps by introducing alien concepts for interactions for the 'coolness' factor, or ignoring these all together with content you cannot copy and forms which you can't autofill - all amounting to a different/jarring/bad user experience.
A good designer for either medium is one who is fully aware of these constraints, and works with them. Although a good print/web visual designer may be able to produce appealing sites, they will often not have a solid understanding of the medium and the nature of interaction, which is where things may fall down.
But surely the web-mail client shouldn't allow active content such as JavaScript or Flash to execute in the first place?
I've never seen one which does this, for that very reason, as this study seems to prove:
http://www.campaignmonitor.com/blog/archives/2006/01/the_truth_about_1.html
This issue isn't really the fault of Flash, but more web applications not validating their input and allowing the user to insert HTML tags where they shouldn't.
Agreed!
In my experience, I think a lot of the Flash designers you come across are from animation or print design backgrounds, rather than specifically web design. A few years ago this was definitely the case.
Unfortunately that often means that the designers working on these Flash websites simply don't get the web, or how their content integrates with the page or browser, as well as someone who has been using CSS/HTML/JS for most of their career - they are still treating it as they would a piece of print work with fixed size/resolution, or as an animation with lots of pointless swirly stuff. Obviously, a lot of this may look 'cool' to marketing folks, but may not be entirely appropriate for the web.
I find that it really depends who your designers are - larger agencies who still seem to be very biased towards print work, and an obsession with swirly things; or the more conservative/realistic experience-orientated interactive design shops.
Also, I think this is something which is slowly going away as more 'web' people are drawn to the Flash platform by things such as AIR, Flex and AS3.
Surely in the cases you mention, it is really the designer/developer that sucks?
As a technology, Flash offers a quite decent featureset, but technology can always be misused in the wrong hands.
From your reasoning, HTML also sucks because of animated gif's and the blink tag!
I really would like to hear details of the 'vulnerability' just so I can begin checking our code and performing an assessment of wether or not this is a credible and realistic threat to the security of our customers.
In the past, many vulnerabilities have been reported on the Flash player, but most of them follow a similar kind of theme - the rogue SWF file must be created with third party authoring tools, and or modified in a hex editor, in order to put the malicious code in there to begin with. In addition, due to the security sandbox and crossdomain restrictions, it needs to be downloaded from your site anyway. So, its perfectly possible for a SWF to wreak havoc on a user's machine, the only caveat is that someone within a company, with access to the web servers and source code, would need to have created it in the first place - something I'm sure is indicative of a larger problem!
Oddly, most non Flash/web developers tend not to see it that way - I have a beautiful MP3 of a conversation I had with one of our 'Security' people who just consistently ranted on about undisclosed vulnerabilities as a reason not to use Flash in a project.
In my years of working with the web and the Flash platform, I have not yet seen a single workable exploit that could present a credible threat to the majority of Flash user's on the web, not without the user or the site already being compromised in some manner.
The only somewhat grey area is where Flash is used for online advertising, but you will find that most of the main publishers out there are aware of this and perform some level of code review on ads before they go live - I work for a bank and we don't run any 3rd party adverts without seeing the sourcecode and decompiling any SWF assets provided.
Really guys, the Flash platform isn't the cloud of evil you are making it out to be. Granted, it has been used for some really annoying things in the past, but used right, it can really help to deliver a friendly, usable and engaging user experience. In addition, in Adobe's hands we have seen it become more open than ever before - Flex, AMF, Tamarin, all released as open source in the past year. I'd be surprised if this trend does not continue.