No it's even better. "Just drag this bookmarklet and click - it's totally safe!". Why do the Reclaim folks claim this is somehow better when it's clearly not? Their script is not only compiled (ie, pita to read) but could change at any moment or even change by IP address!
The fingerprinting techniques heavily relies on JavaScript, so finding random unprotected http access logs isn't going to help you. If it's truly "a snap" then please show me my last visited sites?
I think at some point the internet privacy debate will have to start featuring some concept of personas, or the idea that a single person does not have a single identity but rather many identities. Some of them overlap, some of them are easier to change than others and some of them are what we might call "personal" - for instance personas like your full legal name or physical appearance are clearly different to a persona like a passport number, which is itself quite different to an email address (a lot harder to change for one). Although today they tend to all get lumped together under the same concept of "you-ness".
In this case, my browsers fingerprint is clearly a persona, but is that really a problem?
They don't check for privacy violations, go read the iPhone Privacy white paper. There are about a million ways an iPhone app can violate your privacy without you (or apple) ever knowing about it.
FWIW here in Switzerland I have a 1G cap. I have exceeded this only once, when I installed a beta Android app that used ridiculous quantities of bandwidth in the background. I listen to internet radio on my phone all the time and my peak usage is something like 800M in a month. Seriously, if you're using more than a gig a month on a phone and you aren't tethering, there's something wrong... if you are tethering, well, ignore my advice:)
So pressing the button that looks like a piece of paper and then the "print" option wasn't clear?
Don't get me wrong, Chromes UI isn't perfect, but the only buttons it provides are back, forward, reload, star and then two "menu buttons". The meaning of the first four is clear to anyone who used a browser for a while. The meaning of the last two can be found simply by clicking on them.
1) It's not "Flash" that's a performance hog, it's "lack of the right compositing APIs" that's the hog. Or did you not notice yet that Chrome and Safari are slower than Flash at rendering video with overlays?
2) What makes you think YouTube wants to make it easier to download their content
3) Flash uses h264 anyway so the hardware acceleration is somewhat moot. As long as the colorspace conversions can be accelerated the performance should be the same. Flashs problem is that MacOS and Linux haven't supported the right stuff very well. Actually it was only just added in an OS X point release. There's already a Flash plugin beta that uses these APIs and should perform much better.
Your argument makes sense in a highly abstract, academic universe in which all people are perfectly skilled, knowledgeable and well resourced. This is too far removed from reality to be useful.
The first problem is that we know it's possible to build DRM that is extremely hard to crack. The PS3 is a working example of that. Games distributed via Xbox Live (versus dvd) are another example. These systems have been partially defeated a handful of times and then promptly re-secured. It turns out that though you technically speaking "have the keys" they are buried under so much silicon wizardry that in practice you don't have them.
The second is that it's very questionable whether there is any such thing as a "completely secure system" as you describe. Your phrasing is vague so I'll assume you're talking about resistance against attackers who are physically remote. The trend has been that over time, bugs that were once thought to be un-exploitable have become exploitable. For instance at one time both heap and integer overflows were not deemed to be a security issue until techniques for reliably exploiting them were published. Likewise, it's only recently that implementors of software cryptography have started thinking about statistical side-channel attacks and many (most?) engineers are still unfamiliar with them.
In short, it's possible to build both very strong DRM and very strong security against remote attackers, but real people routinely build very weak versions of both and I am skeptical there are any perfectly undefeatable systems out there.
It's not about profit, it's that windows gives people administrator by default (and you can still enable it in Windows 7).
No, it's about profit. The flaw in the Windows/Linux/OSX security model isn't administrator access. Having a concept of some split personality user is a ridiculous hack that dates from a security architecture designed in the 70s. Nobody would use it if designing an OS from scratch today.
The flaw in these systems models is that developer tools and debuggers specifically are not built in to the system but rather are treated the same as any other application, which means any app can take control of any other app with only an "are you sure" screen in between at best.
You'll notice that mobile OS' don't have this. ChromeOS will likely have the standard Chrome developer tools which are "special" and cannot simply be swapped out for some other app. This means less innovation in debuggers but it gives the possibility of implementing real security because apps become much less slippery.
The desktop PC era is coming to a close. Nobody is quite sure what'll come next but I'm putting my cards on a combination of some much improved iPad OS, Android or (more likely) ChromeOS. Right now these are the only contenders for the "usefully more secure than windows" crown.
Sure, it was great fun. I just finished it last week actually. Yes, completely linear and contrived, but that's OK - there's enough scope for some minimal strategy and skill, whilst still being scripted enough to give you the cinematic Bond feel. The snowmobile mission in particular was awesome. But if MW2 had been 5x as long, I'd probably not have been able to finish it - too intense for too long, and besides they'd have run out of ideas.
I've noticed that most of the games I've completed and recently enjoyed are pretty short (Mirrors Edge, Modern Warfare 2) at least in the single player modes which is the only one I use. The reviews often say "this game is great but too short" but I found the length pretty good. The advantage of having a 5-7 hour game is that the experience is often really solid and even cinematic for the whole time.
The exception is Mass Effect 1/2 which are maybe 40 hours and I played them over a period of a couple of months. Fortunately the Mass Effect games are both well balanced and quite easy, so I never really got stuck, and the story is very deep (for a game) so there's something driving you onwards. Many other games though I stopped playing after about 5-7 hours of gameplay because I just lost interest or I reached a point that was way too hard: GTA4 and Command&Conquer are two examples of that.
So I suppose what I'm saying is, I probably am the sort of gamer the article describes.
Well, the original iPhone runs the same OS number but that doesn't mean they have the same abilities. The 3GS is capable of quite a few things the original iPhones just aren't and that leads to fragmentation as well, just not visible through the version number. Look at multi-tasking for the most obvious example of this.
That's kind of vague. If you read the CNET article you can see that the MPEG-LA licensing guy says "the only person who needs to pay is the seller of the video". Nothing is said about the "user" of the video, whoever that is, presumably the viewer. The reason the cameras say non-commercial use only is because if you were using it commercially, you'd probably be selling the video and at that point you need a license.
Now the real question is, how should h264 be licensed? I don't know. Off-hand, charging a fairly low rate (2c per disc or lower) for commercial usage and not charging for non-commercial actually seems quite reasonable to me. I read that you need to also pay licensing fees if you want to implement it, which seems like double-dipping to me, but I'm not an expert so I won't judge. Suffice it to say that h264 is a very sophisticated technology that is the product of many contributions by many people and companies over a long period of time. We can debate whether software should be patentable all day, but video codecs are a pretty clear example of a piece of software that are very expensive to develop and probably do need some kind of patent protection.
I don't think Lost would be possible to follow at all without the Lostpedia. I do the same thing as you - watch the episodes then go back and read the Lostpedia entries to figure out what I missed (there's always something). Understanding everything in Lost requires you to store an incredibly complicated story with dozens of characters (or are we up to hundreds by now?) over a period of around 6 years and minimal if any helpful repetitions of what happened previously. The fact that the story requires a fricking encylopedia tells you what sort of show Lost is.
That said, I've watched every episode and can't wait for the last few. I'll miss it when it's gone. Truly, the writers are unusual in knowing how to build an engaging and dramatic mystery story on a never before seen scale.
BTW isn't Lost a "maxi series" by your definition? They've known when and how they'd end it since around the start of season 2 I think. It's almost always had a definite end point.
Actually SWF is open as well since 2008. So there are 3 open standards being discussed here. The key question is how many organizations are in charge and what patent royalties do they leverage, not how open it is. Arguably h.264 is far less proprietary than Theora, as it's a collaborative work of many different companies working as part of well recognized international standards committees, as opposed to Ogg which is controlled entirely by Xiph.
If a census had no positive benefit at all this argument might make sense. But otherwise it's extreme - you're implying that because an evil regime once abused census data, no census data should be collected. Ever. Despite huge benefits of doing so.
I think that's a minority opinion. It's weighing the costs but not the benefits.
yes, but imagine Google was logging car plate numbers together with the address location they are parked and then published all that information on the web
That's a pretty big leap from what is actually happening with these kinds of services. For one, it's possible to associate a person and their license plate without knowing where they live. But the only way you can associate a person with their SSID is going to their house, basically. And even then in a crowded apartment you'd probably be able to see several APs and have to ask which is the right one.
For another this data isn't "all published on the web". I don't know for sure but I bet if you tried to dump (eg) Skyhooks database by enumerating every possible SSID not only would it take you absolutely forever but they'd certainly block you at the server level.
The original quote came from a piece of video itself very selectively edited by Maria Bartiromo. It was called "Inside the mind of Google", you can probably find it on YouTube if you look. The video clip that most people saw was edited to remove the question, which was something like "People treat Google as their most trusted friend, should they?" right in the middle of a conversation about online crime.
I celebrated my 26th birthday yesterday. Some years ago I was involved with Linux and open source, so I guess that made me a "young developer". I mostly worked on Wine, because it was a technically demanding project but which had a pretty mature and ego-free set of developers who were willing to tutor me (even though I didn't have a good grasp of C when I started).
I wrote a kernel patch once too. It was a waste of time. The code wasn't too hard to figure out, but the general nature of kernel development with its constant reboots was annoying. And the patch I sent predictably got some snarky comments and then vanished. With Wine, it was clear who made the final call - Alexandre. He wasn't always informative, but when push came to shove you could jump on IRC and talk to him about it. How the hell does one even contact Linus? The kernel project has this complicated structure in which some stuff is "owned" by some guys, but it's never really clear whom, and everyone weighs in with an opinion even if they don't own that area. Very frustrating.
Anyway. I long since lost interest in Linux after it became clear that it missed its opportunity to have an impact on the desktop. OS X blew it away, and now computing seems to be moving onto whole other paradigms based on mobile or web operating systems. What motivation is there to do kernel hacking anymore?
Your assumption, based on no knowledge at all, that the problem is as simple as a missing wait condition is amazing. Why don't you go read the Flash developers blogs where they explain what the issues are? Why do you believe that the Windows Flash developers are competent but somehow incapable of reviewing or helping their Mac team out?
The most likely explanation is the the Flash guys are telling the truth about why the Mac performance sucks. The least likely explanation is that they don't understand multi-threading, given that Flash has included a JIT compiling JavaScript VM for longer than most browsers.
Well I used to think that. There's one problem I encountered, which is that gzipped, optimized JavaScript is mindblowingly concise compared to most other forms of compiled code. You can fit a staggering amount of functionality in only a kilobyte of this stuff.
This may sound absurd, but try it for yourself. Write a piece of JavaScript to do something generic and non-platform dependent like calculate MD5. Run it through the Closure Compiler which is the same tool that Google uses to optimize and check its JavaScript. It will tell you the gzipped size. For a simple MD5 impl I got off the web, it boils down to 1.4kb gzipped. Now try compiling and gzipping a C implementation and a Java.class file. In both cases the result was about 5kb - that's a pretty big blowup! JavaScript has the advantage of having a basically overhead-free yet semantically very rich format: source code. Other languages compile down to quite complicated header formats that are full of version identifiers and symbol names.
Given that modern browsers like Chrome convert your JavaScript to native code anyway, it may well make sense to slash your code size by using JavaScript and take the better loading times along with a hit on runtime performance.
I think you'll find the point of the rewrite was to solve all these issues. Read the article - Docs no longer relies on your browser to do things like correctly positioning bullet points. It does it all itself.
Full disclosure. I am a Googler and we've been using this new version of Docs internally for a while. It is a significant improvement. The old Docs was basically a wrapper around your browsers HTML editing feature that auto-saved every few seconds. The new Docs is a real word processor that understands things like page breaks natively. It is fully consistent in every browser and features the real-time collaboration you saw in Wave. I enjoy using it a lot more.
You're making two big assumptions. One is that if QuickTime actually can do whatever Flash needs to do hardware-accelerated, it's not using a private API. Adobe have asserted not that the API doesn't exist, but that they aren't allowed to use it.
The second is that Adobe must be liars. I see no evidence that this is the case. Why should anyone automatically assume they are liars just because they don't like the answer? If the performance of Flash on MacOS X was really just bugs or "lazyness" on their part, the far better PR solution would be to say "Flash Player 10.2, coming out Any Day Now, makes things WAAAAY better and here's a rough beta to prove it!". Saying "sorry we can't solve this, apple won't let us" is probably the worst possible answer because it sends a powerful message to Flash devs about the platform they are working with and what the can expect in future.
In short, apply Occams Razor. Adobe say the API they need is not available because Apple won't expose it publically. Now you can try and rationalize that away by assuming that the Flash devs just haven't bothered to read the docs, but the simplest explanation is that are telling the truth.
You need to RTFA. You can't compare Flash with QuickTime because QT does not support RGB compositing on top of the video, a feature that is very popular with Flash movies.
Slashdot Mirror
No it's even better. "Just drag this bookmarklet and click - it's totally safe!". Why do the Reclaim folks claim this is somehow better when it's clearly not? Their script is not only compiled (ie, pita to read) but could change at any moment or even change by IP address!
The fingerprinting techniques heavily relies on JavaScript, so finding random unprotected http access logs isn't going to help you. If it's truly "a snap" then please show me my last visited sites?
I think at some point the internet privacy debate will have to start featuring some concept of personas, or the idea that a single person does not have a single identity but rather many identities. Some of them overlap, some of them are easier to change than others and some of them are what we might call "personal" - for instance personas like your full legal name or physical appearance are clearly different to a persona like a passport number, which is itself quite different to an email address (a lot harder to change for one). Although today they tend to all get lumped together under the same concept of "you-ness".
In this case, my browsers fingerprint is clearly a persona, but is that really a problem?
They don't check for privacy violations, go read the iPhone Privacy white paper. There are about a million ways an iPhone app can violate your privacy without you (or apple) ever knowing about it.
FWIW here in Switzerland I have a 1G cap. I have exceeded this only once, when I installed a beta Android app that used ridiculous quantities of bandwidth in the background. I listen to internet radio on my phone all the time and my peak usage is something like 800M in a month. Seriously, if you're using more than a gig a month on a phone and you aren't tethering, there's something wrong ... if you are tethering, well, ignore my advice :)
So pressing the button that looks like a piece of paper and then the "print" option wasn't clear?
Don't get me wrong, Chromes UI isn't perfect, but the only buttons it provides are back, forward, reload, star and then two "menu buttons". The meaning of the first four is clear to anyone who used a browser for a while. The meaning of the last two can be found simply by clicking on them.
1) It's not "Flash" that's a performance hog, it's "lack of the right compositing APIs" that's the hog. Or did you not notice yet that Chrome and Safari are slower than Flash at rendering video with overlays?
2) What makes you think YouTube wants to make it easier to download their content
3) Flash uses h264 anyway so the hardware acceleration is somewhat moot. As long as the colorspace conversions can be accelerated the performance should be the same. Flashs problem is that MacOS and Linux haven't supported the right stuff very well. Actually it was only just added in an OS X point release. There's already a Flash plugin beta that uses these APIs and should perform much better.
I don't think it's quite as you describe.
Your argument makes sense in a highly abstract, academic universe in which all people are perfectly skilled, knowledgeable and well resourced. This is too far removed from reality to be useful.
The first problem is that we know it's possible to build DRM that is extremely hard to crack. The PS3 is a working example of that. Games distributed via Xbox Live (versus dvd) are another example. These systems have been partially defeated a handful of times and then promptly re-secured. It turns out that though you technically speaking "have the keys" they are buried under so much silicon wizardry that in practice you don't have them.
The second is that it's very questionable whether there is any such thing as a "completely secure system" as you describe. Your phrasing is vague so I'll assume you're talking about resistance against attackers who are physically remote. The trend has been that over time, bugs that were once thought to be un-exploitable have become exploitable. For instance at one time both heap and integer overflows were not deemed to be a security issue until techniques for reliably exploiting them were published. Likewise, it's only recently that implementors of software cryptography have started thinking about statistical side-channel attacks and many (most?) engineers are still unfamiliar with them.
In short, it's possible to build both very strong DRM and very strong security against remote attackers, but real people routinely build very weak versions of both and I am skeptical there are any perfectly undefeatable systems out there.
No, it's about profit. The flaw in the Windows/Linux/OSX security model isn't administrator access. Having a concept of some split personality user is a ridiculous hack that dates from a security architecture designed in the 70s. Nobody would use it if designing an OS from scratch today.
The flaw in these systems models is that developer tools and debuggers specifically are not built in to the system but rather are treated the same as any other application, which means any app can take control of any other app with only an "are you sure" screen in between at best.
You'll notice that mobile OS' don't have this. ChromeOS will likely have the standard Chrome developer tools which are "special" and cannot simply be swapped out for some other app. This means less innovation in debuggers but it gives the possibility of implementing real security because apps become much less slippery.
The desktop PC era is coming to a close. Nobody is quite sure what'll come next but I'm putting my cards on a combination of some much improved iPad OS, Android or (more likely) ChromeOS. Right now these are the only contenders for the "usefully more secure than windows" crown.
Sure, it was great fun. I just finished it last week actually. Yes, completely linear and contrived, but that's OK - there's enough scope for some minimal strategy and skill, whilst still being scripted enough to give you the cinematic Bond feel. The snowmobile mission in particular was awesome. But if MW2 had been 5x as long, I'd probably not have been able to finish it - too intense for too long, and besides they'd have run out of ideas.
I've noticed that most of the games I've completed and recently enjoyed are pretty short (Mirrors Edge, Modern Warfare 2) at least in the single player modes which is the only one I use. The reviews often say "this game is great but too short" but I found the length pretty good. The advantage of having a 5-7 hour game is that the experience is often really solid and even cinematic for the whole time.
The exception is Mass Effect 1/2 which are maybe 40 hours and I played them over a period of a couple of months. Fortunately the Mass Effect games are both well balanced and quite easy, so I never really got stuck, and the story is very deep (for a game) so there's something driving you onwards. Many other games though I stopped playing after about 5-7 hours of gameplay because I just lost interest or I reached a point that was way too hard: GTA4 and Command&Conquer are two examples of that.
So I suppose what I'm saying is, I probably am the sort of gamer the article describes.
Well, the original iPhone runs the same OS number but that doesn't mean they have the same abilities. The 3GS is capable of quite a few things the original iPhones just aren't and that leads to fragmentation as well, just not visible through the version number. Look at multi-tasking for the most obvious example of this.
That's kind of vague. If you read the CNET article you can see that the MPEG-LA licensing guy says "the only person who needs to pay is the seller of the video". Nothing is said about the "user" of the video, whoever that is, presumably the viewer. The reason the cameras say non-commercial use only is because if you were using it commercially, you'd probably be selling the video and at that point you need a license.
Now the real question is, how should h264 be licensed? I don't know. Off-hand, charging a fairly low rate (2c per disc or lower) for commercial usage and not charging for non-commercial actually seems quite reasonable to me. I read that you need to also pay licensing fees if you want to implement it, which seems like double-dipping to me, but I'm not an expert so I won't judge. Suffice it to say that h264 is a very sophisticated technology that is the product of many contributions by many people and companies over a long period of time. We can debate whether software should be patentable all day, but video codecs are a pretty clear example of a piece of software that are very expensive to develop and probably do need some kind of patent protection.
I don't think Lost would be possible to follow at all without the Lostpedia. I do the same thing as you - watch the episodes then go back and read the Lostpedia entries to figure out what I missed (there's always something). Understanding everything in Lost requires you to store an incredibly complicated story with dozens of characters (or are we up to hundreds by now?) over a period of around 6 years and minimal if any helpful repetitions of what happened previously. The fact that the story requires a fricking encylopedia tells you what sort of show Lost is.
That said, I've watched every episode and can't wait for the last few. I'll miss it when it's gone. Truly, the writers are unusual in knowing how to build an engaging and dramatic mystery story on a never before seen scale.
BTW isn't Lost a "maxi series" by your definition? They've known when and how they'd end it since around the start of season 2 I think. It's almost always had a definite end point.
Actually SWF is open as well since 2008. So there are 3 open standards being discussed here. The key question is how many organizations are in charge and what patent royalties do they leverage, not how open it is. Arguably h.264 is far less proprietary than Theora, as it's a collaborative work of many different companies working as part of well recognized international standards committees, as opposed to Ogg which is controlled entirely by Xiph.
If a census had no positive benefit at all this argument might make sense. But otherwise it's extreme - you're implying that because an evil regime once abused census data, no census data should be collected. Ever. Despite huge benefits of doing so.
I think that's a minority opinion. It's weighing the costs but not the benefits.
That's a pretty big leap from what is actually happening with these kinds of services. For one, it's possible to associate a person and their license plate without knowing where they live. But the only way you can associate a person with their SSID is going to their house, basically. And even then in a crowded apartment you'd probably be able to see several APs and have to ask which is the right one.
For another this data isn't "all published on the web". I don't know for sure but I bet if you tried to dump (eg) Skyhooks database by enumerating every possible SSID not only would it take you absolutely forever but they'd certainly block you at the server level.
The original quote came from a piece of video itself very selectively edited by Maria Bartiromo. It was called "Inside the mind of Google", you can probably find it on YouTube if you look. The video clip that most people saw was edited to remove the question, which was something like "People treat Google as their most trusted friend, should they?" right in the middle of a conversation about online crime.
Trust me. It's not that.
I celebrated my 26th birthday yesterday. Some years ago I was involved with Linux and open source, so I guess that made me a "young developer". I mostly worked on Wine, because it was a technically demanding project but which had a pretty mature and ego-free set of developers who were willing to tutor me (even though I didn't have a good grasp of C when I started).
I wrote a kernel patch once too. It was a waste of time. The code wasn't too hard to figure out, but the general nature of kernel development with its constant reboots was annoying. And the patch I sent predictably got some snarky comments and then vanished. With Wine, it was clear who made the final call - Alexandre. He wasn't always informative, but when push came to shove you could jump on IRC and talk to him about it. How the hell does one even contact Linus? The kernel project has this complicated structure in which some stuff is "owned" by some guys, but it's never really clear whom, and everyone weighs in with an opinion even if they don't own that area. Very frustrating.
Anyway. I long since lost interest in Linux after it became clear that it missed its opportunity to have an impact on the desktop. OS X blew it away, and now computing seems to be moving onto whole other paradigms based on mobile or web operating systems. What motivation is there to do kernel hacking anymore?
Your assumption, based on no knowledge at all, that the problem is as simple as a missing wait condition is amazing. Why don't you go read the Flash developers blogs where they explain what the issues are? Why do you believe that the Windows Flash developers are competent but somehow incapable of reviewing or helping their Mac team out?
The most likely explanation is the the Flash guys are telling the truth about why the Mac performance sucks. The least likely explanation is that they don't understand multi-threading, given that Flash has included a JIT compiling JavaScript VM for longer than most browsers.
It is a lot faster than Wave. As for Opera, no idea.
Well I used to think that. There's one problem I encountered, which is that gzipped, optimized JavaScript is mindblowingly concise compared to most other forms of compiled code. You can fit a staggering amount of functionality in only a kilobyte of this stuff.
This may sound absurd, but try it for yourself. Write a piece of JavaScript to do something generic and non-platform dependent like calculate MD5. Run it through the Closure Compiler which is the same tool that Google uses to optimize and check its JavaScript. It will tell you the gzipped size. For a simple MD5 impl I got off the web, it boils down to 1.4kb gzipped. Now try compiling and gzipping a C implementation and a Java .class file. In both cases the result was about 5kb - that's a pretty big blowup! JavaScript has the advantage of having a basically overhead-free yet semantically very rich format: source code. Other languages compile down to quite complicated header formats that are full of version identifiers and symbol names.
Given that modern browsers like Chrome convert your JavaScript to native code anyway, it may well make sense to slash your code size by using JavaScript and take the better loading times along with a hit on runtime performance.
I think you'll find the point of the rewrite was to solve all these issues. Read the article - Docs no longer relies on your browser to do things like correctly positioning bullet points. It does it all itself.
Full disclosure. I am a Googler and we've been using this new version of Docs internally for a while. It is a significant improvement. The old Docs was basically a wrapper around your browsers HTML editing feature that auto-saved every few seconds. The new Docs is a real word processor that understands things like page breaks natively. It is fully consistent in every browser and features the real-time collaboration you saw in Wave. I enjoy using it a lot more.
You're making two big assumptions. One is that if QuickTime actually can do whatever Flash needs to do hardware-accelerated, it's not using a private API. Adobe have asserted not that the API doesn't exist, but that they aren't allowed to use it.
The second is that Adobe must be liars. I see no evidence that this is the case. Why should anyone automatically assume they are liars just because they don't like the answer? If the performance of Flash on MacOS X was really just bugs or "lazyness" on their part, the far better PR solution would be to say "Flash Player 10.2, coming out Any Day Now, makes things WAAAAY better and here's a rough beta to prove it!". Saying "sorry we can't solve this, apple won't let us" is probably the worst possible answer because it sends a powerful message to Flash devs about the platform they are working with and what the can expect in future.
In short, apply Occams Razor. Adobe say the API they need is not available because Apple won't expose it publically. Now you can try and rationalize that away by assuming that the Flash devs just haven't bothered to read the docs, but the simplest explanation is that are telling the truth.
You need to RTFA. You can't compare Flash with QuickTime because QT does not support RGB compositing on top of the video, a feature that is very popular with Flash movies.
Really? Between June and December of 2009 there were four million attempts by iPhone users to download the Flash plugin. By the end of 2009 over 7 million people had tried to download the plugin.
If you think nobody ever encounters broken pages on an iPhone because of Flash, you're crazy.