Actually, the Flash file format (SWF) is published openly: http://www.adobe.com/devnet/swf/. If you really want to write your own Flash implementation for some other platform, have at it.
But of course, that's hard work. This is an issue with open source projects too. 99% of the world (even most engineers) are at the mercy of the small set of committers. If, say, Firefox doesn't support your random obscure platform, all you can do is beg people in the FF community to support it (and the response would probably just be "we welcome your patch!"). This is not much different from begging Adobe to support your random obscure platform. In the vast majority of cases what really matters is good stewardship of a project, whether its open source, proprietary, or something in between. If the company/nonprofit/community behind a project is committed to it and well-intentioned, I personally find it pretty hard to complain.
HTML 5 offers better performance, better security, and better privacy controls (at least in theory) because it depends solely on the browser.
I'm sure it feels nice to say that, but what can you back it up with?
Performance: Most HTML 5 gaming / graphics demos I've seen peg the CPU worse than comparable Flash apps. Where are the examples that outperform Flash?
Security: In recent years, Flash has actually had fewer security vulnerabilities than most major browsers (2010, 2009).
Privacy: Flash has always given users full control over local storage ("Flash cookies"), and has made changes in the past year to make that UI easier to find. Flash also integrates with "private browsing mode." So, what privacy concerns are unique to Flash exactly?
A secure browser = secure HTML 5.
Sure, but a secure Flash Player = secure Flash, too. Problem is, no software is perfect and so today we have neither secure browsers nor secure Flash. Thankfully both are moving increasingly towards a process-sandboxing model that will go a long way toward making both more secure.
Also, Adobe does have a technology that lets you compile C/C++ into Flash bytecode. It's called Alchemy. Dunno to what extent that was used for the Unreal demo, though...
Well, really both have been working to catch up to native APIs that have been available for 5-10 years. I wouldn't really say either one is "ahead" at this point – they've been on roughly the same development timeline, and while WebGL has somewhat better shader support, Flash's Stage 3D has far more widespread availability (which matters a lot if you're Zynga or Disney.com or whoever and actually care to make money off this technology now).
One big disadvantage of NaCl is that it's installed on very few computers, while Flash is already on about 99% of them. And Flash supports a similar "native-code" technology called Alchemy that has a lot of the same performance benefits of NaCl.
All those pie charts are kind of useless unless they normalize them for percent of installed base... Oh, IE makes up the largest number of browser infections? Maybe because IE makes up the largest number of browser users. Windows 2000 gets far less malware than Windows Vista? Probably not actually more secure... just has far fewer users anymore.
Flash now respects the browser's private browsing mode. As for Java, I think it can only set cookies by going through a browser-implemented API... and hopefully each browser has made that API follow the private browsing settings also...
There's no reason to turn off Flash or Javascript unless they ignore the privacy mode and cache content on disk anyway. The current version of Flash respects this setting, and presumably all browsers with a "private browsing" mode restrict their Javascript engines in the same way...
As for browser vulnerability counts, that's a red herring. We're talking about Flash. Why are you attempting to misdirect me to a discussion about browsers.
Why? Because it's all relative. It sounds to me like you're arguing Flash has poor security and other alternatives (e.g. HTML 5) are better... in which case you have to actually compare Flash to those alternatives in order to justify the statement that they're better.
Bloated in comparison to properly written code
The Flash-based apps currently in the app store don't seem much different in size from native ones. Fickleblox and Chroma Circuit are both ~8 MB. Compare that to native iPhone apps like Solitaire (8 MB), Mini Touch Golf (17 MB), Froggy Jump (9 MB), Bejeweled 2 (10 MB)... they blend right in. And if you're making claims about battery or CPU usage, please actually cite some sources?
Regarding Steve Jobs's famous anti-Flash rant, I think we'll just have to agree to disagree on its merits. I'm not really interested in having a long drawn-out debate over it in this thread, which has been mostly focused on security. Although I can't help but respond to this egregious one:
Again, you make a grand statement and couple it with a misdirection. I don't see where in Thoughts on Flash he says it ships with a fast HTML implementation.
Fifth paragraph: "Apple has adopted HTML5, CSS and JavaScript – all open standards. Apple’s mobile devices all ship with high performance, low power implementations of these open standards." (emphasis added)
I will also concede, however, that he doesn't outright state quite everything I discussed. He says things of the form 'Flash is bad; HTML+JS is good. Flash is bad because it has rollovers; [unspoken implication: HTML+JS is good because it doesn't].' But this is actually a little weasely: the argument is missing its justification unless you assume he also meant the implied part, but I'm apparently not allowed to argue against the implied part because he didn't explicitly state it.
All the numbers I cited are straight out of the report. Please read it if you don't believe me: the browser vulnerability counts are on page 36, the browser bug fix lead times are on page 38, and the plugin vulnerability counts are on page 41.
that somehow gives it a free pass for its vulnerabilities, bloated and buggy implementation by Adobe
But see, you're arguing something that's not supported by the data. The study shows that Flash is actually less buggy than any browser security-hole-wise, often by a long shot. Now you could argue that because Flash is far more ubiquitous than any one browser, it should rise to a higher standard of excellence: i.e. it's not enough to have 6x fewer holes than Safari when it has 10-20x more users. But if you want to claim Flash is somehow more flawed than browsers, you should really be citing different numbers.
Btw, you keep saying "bloatware," but... Flash is only a 2.5/7.4 MB download (Win/Mac). Meanwhile Safari is 30 MB, Chrome is 7.3 MB, Firefox is 7.7 MB, QuickTime is > 30 MB. So, bloated in comparison to what exactly?
"what are you proposing as an alternative?"
- I propose Adobe pull their head out of their asses and release a quality product or they should STFU and enjoy their slide into oblivion. I was simply quoting part of the recommendation from Symantec to refute your Flash vs browser vulnerabilities shell game. Perhaps you should ask Symantec what they propose as an alternative since it was their quote.
Symantec's quote treats Flash and JavaScript the same, but you're using it to argue that HTML+JS is better than Flash. I don't understand how the quote backs up your argument.
"Apple has said a lot of disingenuous and/or outright false things about Flash lately"
- Name them please. Jobs mail was right on the money.
Sigh... well, for starters: he lectures Adobe about openness while pushing an unprecedentedly closed platform. He talks about openness but pushes H.264. He lectures Adobe about Cocoa support when major Apple software like Final Cut Pro and iTunes are still Carbon. He claims rollovers only exist in Flash and not in HTML+JS sites. He claims Flash doesn't support touch when in fact 10.1 supports it better than the HTML 5 draft. He implies anything conceived originally for desktops is hopeless on mobile (which is preposterous... HTML anyone? Safari? most casual games?). He claims iPhone ships with a fast HTML 5 implementation, when it's actually slower than other smartphones and much slower than Flash.
And perhaps most importantly: he claims cross-platform technologies ruin app quality, which totally undermines the notion that he truly embraces HTML 5. HTML is just about the biggest cross-platform technology out there.
Actually NO they don't. They have a slow, processor spiking, battery eating implementation of it, which is exactly my point
If you'll read my post again you'll notice I cited sources that quantitatively refute both your slowness and battery use claims. So if you're going to argue, you should either cite different numbers or explain why these numbers don't support my claims.
Actually your meme is more of a meme than a fact. According to the April 2010 Symantec Internet Security Report ( http://www4.symantec.com/Vrt/wl?tu_id=Lfsd1271711507050126203 ) the number 2 attacked vulnerability in 2009 was in Adobe products.... You sure did misrepresent that report, didn't you?
I don't think accurately quoting statistics straight out of a core part of the report is "misrepresenting" it. You're now citing statistics that measure something different, and it's reasonable to disagree about which figures imply what, however.
Which I do: you could argue that number of vulnerabilities is a function of the quality of the product, while the popularity of exploiting any given vulnerability is more a function of the ubiquity of the product. So while Safari had about 6x more vulnerabilities than Flash in 2009, it also had only 5% market share vs. 99% for Flash. Which is the more attractive target?
Another quote from the report was "Browser security features and add-ons should be employed
wherever possible to disable JavaScript(TM), Adobe Flash Player . . . ".
So if you disable both JavaScript and Flash, as they recommend... what are you proposing as an alternative? Do you think the HTML video tag can replace everything DHTML/JS and Flash do today?
And regarding buggy, I'll take Microsoft and Apple's word on Adobe Flash's effect on their browser/OS.
I don't know what MS has said about this (link?), but Apple has said a lot of disingenuous and/or outright false things about Flash lately, so I'm not inclined to trust their word, especially when no one else has access to the data to back it up.
It's been 3 years since the iPhone intro and Adobe still does not have a Flash runtime to show that runs fast, doesn't drain batter, etc.
99% of Internet-connected computers isn't internet connected machines. Not all phones have flash and new devices are constantly coming out. There is no way your company can support them all compared to html+javscript.
Mobile currently accounts for an extremely tiny share of overall Internet traffic. One study suggests iPad, iPhone, and iPod Touch combined are < 1%. I'll take 99% over that any day. (The market is shifting, of course, but so is Flash's availability on mobile devices).
Flash doesn't support screen readers "just fine", it supports two, are you really trying to say it supports more then html. What a joke.
You're comparing apples to oranges -- I'm not talking about static text here. Your statement is like saying Firefox is a dog because Lynx renders.txt files faster than it does. DHTML is basically not properly supported by any screenreader. So for something comparable (an AJAX-style RIA), two > zero.
Yes it does. Almost every typical flash file is over 1 Meg and makes the user wait before they can do anything else on the web.
Care to back that figure up?
To take just one simple counterexample: I load nytimes.com and watch the traffic with a proxy. There are multiple Flash ads plus a Flash video player on the page. Total Flash content downloaded: 163 KB. And no preloaders to be seen anywhere.
Except they don't because most developers use Swfdec and a video using html5 would work 100% with or without javascript.
I'm not sure what your point you're making here... with JavaScript disabled, you can still watch Flash video. You can probably also still watch HTML 5 video, though it depends on whether the playback controls are implemented by the browser or using JS (both are possible). So, what's the difference?
For someone who works at Adobe you don't seem to know that actionscript is ECMAscript with stuff on top. How can it be superior when it's the same language.
You might want to do a little more research. JavaScript is based on ECMAScript 3, while ActionScript is based on the much more recent ECMAScript 4 effort. This means AS has more in common with Java than it does with JS, including: strong typing, true OOP, public/private scoping, package scoping, generic lists, and annotations. JS is borderline a toy language in comparison.
You're experience in clusterfuck jobs using non standard tools means nothing.
There is a huge movement behind HTML5 and jQuery.
YouTube, Vimeo are switching to HTML 5.
Thanks for insulting my credentials without even knowing what they are. I've spent years doing enterprise AJAX development as well as years doing serious Flex/Flash development. I think that gives me fair standing to compare the two. What about you?
Standards bodies have nothing to do with tools, so I'm not sure what you mean by "non standard tools." But certainly AJAX was never a standard, and HTML 5 isn't officially one yet either -- so I don't really see how I could have been doing "standard" HTML+JS development in 2004.
Flash is not just a video player. (Although even at pure video, it offers many things HTML 5 does not, including more codecs, true streaming, peer-to-peer (RTMFP), and adaptive-bitrate streaming).
Just because two sites have opt-in, experimental HTML 5 video players does not mean they (let alone the whole web) are ditching Flash video anytime soon.
iPhone developers use HTML+javascript to develop their apps on iPhone and everything is being standardised around this.
Show me one major, popular iPhone app that is HTML rather than a native iPhone-only app. Apple has done a great job talking the talk about HTML 5, but until a sol
The point I was trying to make is that, from a pragmatic standpoint, it doesn't matter to your average website author whether something is open-source or not. Whether it's well-maintained is far more important -- because you're really, really unlikely to do the maintaining yourself in practice.
To make an analogy: I think of this as sort of Obama-style pragmatism vs. a Nader-style insistence on ideological purity (or insert your own preferred politicians).
No, not at all -- I'm probably a 4 on that scale, but I did my fact-checking. Gnash (an alternative Flash player) has been around forever and I've never heard of it being legally threatened by Adobe. And to the extent that "words posted on a corporate website" constitute the license for a spec you've just downloaded... they're not just words, they're a contract the company is legally bound to honor.
Also, I think it's important to look at motivation. Adobe profits from tools (which create Flash content, JPEG images, etc.). Anything that broadens the reach of the content produced by those tools is a win. Contrast this to Apple, who makes money off of hardware and thus wins when content is only available on their platform... giving them a vested interest against cross-platform efforts like Flash and HTML 5.
Although ActionScript and JavaScript share the same roots, AS is based off of a newer version of ECMAScript, making it a far more complete language than JS. It has strong typing, true OOP with well-defined classes, package scoping, public/private scoping, rich RTTI, metadata (akin to Java 5 annotations), generic lists, built-in E4X, etc. etc... Yes, there is a contingent that thinks strong typing and the like is just a lot of overhead... but for any sort of serious app development you really can't live without it.
Think of it from Apple's perspective. You dump a few million into doing something cool for the iPhone.... Score! But wait, while this is built into the iPhone and Apple's developer tools, requiring just a recompile for app developers to make it happen for their app, what about third party tools? Suddenly you've got thousands of apps made with Adobe's tools and those don't get the improvements until Adobe gets around to implementing them in their Flash suite, if they ever do.
The opposite way to look at it would be this: Every app has to be recompiled for it to work. So -- there are 100,000 apps in the app store, and every single one of those developers has to get off their butt, recompile, submit a new version, wait for it to get approved, and then convince all their customers to download the upgrade. It'd take forever for the benefits to truly add up for any given user. But, if many of those apps were Flash-based, then you might just need to update a single app (the Flash runtime) to take advantage of all those compiled-in savings.
There were times it took Adobe months to release critical security fixes and the only reason they didn't do it sooner was because they were too fat and lazy.
(And as an aside: the Symantec report above also says that Apple took on average 13x longer than other browser vendors to patch their security holes...)
Point is, any computer exposed to the Internet is at risk, and no vendor can claim the high ground here.
So you're saying the only two platforms that matter are Apple's and... Apple's? That's not a very 'open' perspective. (Although I'm sure Apple would love for people to conceptualize the HTML RIA landscape that way).
If you look at Firefox, Safari, Chrome, and IE (which is still > 50% of the market), the APIs vary dramatically.
the problems are as follows. 1) My security attack surface just doubled. I have bugs in the browser, bugs in the player, and interactions between the two.
If you stuff all the same functionality as Flash into the core browser (which is what HTML 5 will have to do to eliminate Flash), your attack surface also just doubled, since the browser codebase doubled. If anything, isolating the rich runtime stuff in Flash gives you more security, in browsers like Chrome that run the browser and the plugin in two separate processes.
2) If I am a new hardware manufacturer, I don't get the full Internet till adobe supports my platform. 3) Adobe could give me a crap implimentation (or none) and there is nothing I can do about it.
The point of Adobe's "Open Screen Project" is to obviate those issues. If you are a new hardware manufacturer, you have complete freedom to port Flash to your platform yourself -- either using the newly-opened Flash porting layer to leverage Adobe's existing implementation, or using the openly-published SWF/FLV specs to create your own implementation from scratch.
Flash is on 99% of Internet-connected computers. That's far more than any single browser, and when you start lumping browsers together you're comparing apples and oranges: a single consistent API vs. a fragmented mess that requires a second cross-platform layer sitting on top of it to be usable.
- Supports blind people's screen readers
Flash supports screen readers just fine -- better than AJAX, in fact (screen readers do a terrible job handling asynchronous updates to HTML content).
- Scales the aspect ratio to fit the viewers screen
Flash is a vector rendering engine, sooo... pretty sure it supports rescaling just fine.
- Doesn't require a pre-loader
I'm not sure what you mean by that. Flash doesn't require a pre-loader. Any app that is going to take a long time to load would be wise to choose to show some sort of progress indicator, and this is equally true of Flash and DHTML (AJAX apps can easily top 1 MB in JavaScript code size). And Flash supports progressively downloading assets and code as you visit different parts of a site or app, just as HTML does.
- Isn't limited to a subset of video codecs.
Haha! I hope you're kidding: Firefox only supports Theora, Safari only supports H.264, IE 8 doesn't even support video... Plus, any platform will only support a finite set of video codecs... it just makes no sense to claim this of any platform.
- Still gives the user the ability to navigate a site even though JavaScript is disabled.
Flash works just fine when JavaScript is disabled too:-) Flash apps won't work when Flash is disabled, and AJAX apps (e.g. GMail) won't work when JS is disabled. Sites that care about these fringe cases need to provide a pure-HTML fallback either way.
The only things flash can do better at this time is webcams and microphones.
Flash is the only major video player that supports a consistent codec on all platforms. It offers a consistent API on 99%+ of the world's desktops, something no browser's JS implementation can claim. It has much better debugger/profiler support than JS, and I would argue it has better IDE tools too. It has a superior programming language (with true strong typing, true object-orientedness, package scoping, even some generics). It supports push connections, socket connections, binary wire formats, policy-based cross-domain connections, true video streaming (e.g. with RTMP), and peer to peer connections (e.g. with RTMFP). It supports dynamic audio synthesis, GPU-based pixel shaders, flexible user-controlled local data storage, multi-touch on mobile (coming in 10.1), accelerometer input on mobile (also coming in 10.1), high-quality embedded fonts, 3D transforms, etc. You might find prototypes of one or two of these things implemented as proprietary extensions in a couple of browsers... but that's a far, far cry from reliable support on the majority of Internet-connected computers.
There are only two types of people that think flash has a place anymore. Adobe employees and people who are employed to make flash objects.
Full disclosure: I do work at Adobe, though not on Flash, and as someone with years of AJAX web development experience I can honestly say I believed all this before I worked there too.
In your second category... there are over a million Flash developers out there, and there's a good reason why there are still so many. Flash is simply an easier, less expensive, more designer-friendly platform to build on. For a given investment, a web site creator can typically affor
The application developers would maybe like to use Flash (or maybe not) but are hindered by insane licensing fees.
There are no licensing fees for using Flash. There are completely free, some even open-source, tools available for producing Flash content.
Adobe really tried to get people to develop whole applications in Flash, but I could never see a compelling reason to do this. HTML works well enough for most things (even more with HTML5), anything more demanding is maybe not a good candidate for implementing as a web-based application.
I think one of the big reasons for Flash's popularity is that you can build complex things in it far more easily than with HTML. So, while you could theoretically hand-code some animation in HTML5+canvas, it's far faster to do it graphically in Flash -- which is why Flash still dominates web animation (and gaming). And while you can build interactive apps like GMail using JavaScript, it's prohibitively expensive for most medium or small companies to do so -- which is why static, full-page-refresh sites still dominate the web. (And it's also why GMail's level of interactivity still doesn't hold a candle to the richness of Flash sites built by larger companies).
p.s. -- there was at least one Flash email client, Goowy. Like many startups, it got acquired and killed. But there still are other Flash-based communication/social apps out there, such as TweetDeck.
Slashdot Mirror
Actually, the Flash file format (SWF) is published openly: http://www.adobe.com/devnet/swf/. If you really want to write your own Flash implementation for some other platform, have at it.
But of course, that's hard work. This is an issue with open source projects too. 99% of the world (even most engineers) are at the mercy of the small set of committers. If, say, Firefox doesn't support your random obscure platform, all you can do is beg people in the FF community to support it (and the response would probably just be "we welcome your patch!"). This is not much different from begging Adobe to support your random obscure platform. In the vast majority of cases what really matters is good stewardship of a project, whether its open source, proprietary, or something in between. If the company/nonprofit/community behind a project is committed to it and well-intentioned, I personally find it pretty hard to complain.
HTML 5 offers better performance, better security, and better privacy controls (at least in theory) because it depends solely on the browser.
I'm sure it feels nice to say that, but what can you back it up with?
Performance: Most HTML 5 gaming / graphics demos I've seen peg the CPU worse than comparable Flash apps. Where are the examples that outperform Flash?
Security: In recent years, Flash has actually had fewer security vulnerabilities than most major browsers (2010, 2009).
Privacy: Flash has always given users full control over local storage ("Flash cookies"), and has made changes in the past year to make that UI easier to find. Flash also integrates with "private browsing mode." So, what privacy concerns are unique to Flash exactly?
A secure browser = secure HTML 5.
Sure, but a secure Flash Player = secure Flash, too. Problem is, no software is perfect and so today we have neither secure browsers nor secure Flash. Thankfully both are moving increasingly towards a process-sandboxing model that will go a long way toward making both more secure.
At MAX yesterday Adobe showed actual gameplay in the Unreal engine: check out this video, at about 15:50.
Also, Adobe does have a technology that lets you compile C/C++ into Flash bytecode. It's called Alchemy. Dunno to what extent that was used for the Unreal demo, though...
Well, really both have been working to catch up to native APIs that have been available for 5-10 years. I wouldn't really say either one is "ahead" at this point – they've been on roughly the same development timeline, and while WebGL has somewhat better shader support, Flash's Stage 3D has far more widespread availability (which matters a lot if you're Zynga or Disney.com or whoever and actually care to make money off this technology now).
It's available already: http://blogs.adobe.com/flashplayer/2011/10/adobe-flash-player-11-air-11-available-later-today.html
One big disadvantage of NaCl is that it's installed on very few computers, while Flash is already on about 99% of them. And Flash supports a similar "native-code" technology called Alchemy that has a lot of the same performance benefits of NaCl.
All those pie charts are kind of useless unless they normalize them for percent of installed base... Oh, IE makes up the largest number of browser infections? Maybe because IE makes up the largest number of browser users. Windows 2000 gets far less malware than Windows Vista? Probably not actually more secure... just has far fewer users anymore.
Flash now respects the browser's private browsing mode. As for Java, I think it can only set cookies by going through a browser-implemented API... and hopefully each browser has made that API follow the private browsing settings also...
The current version of Flash respects "Private Browsing" mode in all major browsers, so you shouldn't have to worry about this loophole anymore.
There's no reason to turn off Flash or Javascript unless they ignore the privacy mode and cache content on disk anyway. The current version of Flash respects this setting, and presumably all browsers with a "private browsing" mode restrict their Javascript engines in the same way...
Just fyi, the current version of Flash does respect "Private Browsing" settings in all major browsers.
Okay, i used your link and pulled up a 12 page document. I can't get to the mythical page 36
Well, I don't know what to tell you. I have 2 PCs and a Mac, and all three of them bring up a 97-page PDF. Here's that link one more time, with feeling: http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_internet_security_threat_report_xv_04-2010.en-us.pdf
As for browser vulnerability counts, that's a red herring. We're talking about Flash. Why are you attempting to misdirect me to a discussion about browsers.
Why? Because it's all relative. It sounds to me like you're arguing Flash has poor security and other alternatives (e.g. HTML 5) are better... in which case you have to actually compare Flash to those alternatives in order to justify the statement that they're better.
Bloated in comparison to properly written code
The Flash-based apps currently in the app store don't seem much different in size from native ones. Fickleblox and Chroma Circuit are both ~8 MB. Compare that to native iPhone apps like Solitaire (8 MB), Mini Touch Golf (17 MB), Froggy Jump (9 MB), Bejeweled 2 (10 MB)... they blend right in. And if you're making claims about battery or CPU usage, please actually cite some sources?
Regarding Steve Jobs's famous anti-Flash rant, I think we'll just have to agree to disagree on its merits. I'm not really interested in having a long drawn-out debate over it in this thread, which has been mostly focused on security. Although I can't help but respond to this egregious one:
Again, you make a grand statement and couple it with a misdirection. I don't see where in Thoughts on Flash he says it ships with a fast HTML implementation.
Fifth paragraph: "Apple has adopted HTML5, CSS and JavaScript – all open standards. Apple’s mobile devices all ship with high performance, low power implementations of these open standards." (emphasis added)
I will also concede, however, that he doesn't outright state quite everything I discussed. He says things of the form 'Flash is bad; HTML+JS is good. Flash is bad because it has rollovers; [unspoken implication: HTML+JS is good because it doesn't].' But this is actually a little weasely: the argument is missing its justification unless you assume he also meant the implied part, but I'm apparently not allowed to argue against the implied part because he didn't explicitly state it.
You DIDN'T quote anything out of the report.
All the numbers I cited are straight out of the report. Please read it if you don't believe me: the browser vulnerability counts are on page 36, the browser bug fix lead times are on page 38, and the plugin vulnerability counts are on page 41.
that somehow gives it a free pass for its vulnerabilities, bloated and buggy implementation by Adobe
But see, you're arguing something that's not supported by the data. The study shows that Flash is actually less buggy than any browser security-hole-wise, often by a long shot. Now you could argue that because Flash is far more ubiquitous than any one browser, it should rise to a higher standard of excellence: i.e. it's not enough to have 6x fewer holes than Safari when it has 10-20x more users. But if you want to claim Flash is somehow more flawed than browsers, you should really be citing different numbers.
Btw, you keep saying "bloatware," but... Flash is only a 2.5/7.4 MB download (Win/Mac). Meanwhile Safari is 30 MB, Chrome is 7.3 MB, Firefox is 7.7 MB, QuickTime is > 30 MB. So, bloated in comparison to what exactly?
"what are you proposing as an alternative?"
- I propose Adobe pull their head out of their asses and release a quality product or they should STFU and enjoy their slide into oblivion. I was simply quoting part of the recommendation from Symantec to refute your Flash vs browser vulnerabilities shell game. Perhaps you should ask Symantec what they propose as an alternative since it was their quote.
Symantec's quote treats Flash and JavaScript the same, but you're using it to argue that HTML+JS is better than Flash. I don't understand how the quote backs up your argument.
"Apple has said a lot of disingenuous and/or outright false things about Flash lately"
- Name them please. Jobs mail was right on the money.
Sigh... well, for starters: he lectures Adobe about openness while pushing an unprecedentedly closed platform. He talks about openness but pushes H.264. He lectures Adobe about Cocoa support when major Apple software like Final Cut Pro and iTunes are still Carbon. He claims rollovers only exist in Flash and not in HTML+JS sites. He claims Flash doesn't support touch when in fact 10.1 supports it better than the HTML 5 draft. He implies anything conceived originally for desktops is hopeless on mobile (which is preposterous... HTML anyone? Safari? most casual games?). He claims iPhone ships with a fast HTML 5 implementation, when it's actually slower than other smartphones and much slower than Flash.
And perhaps most importantly: he claims cross-platform technologies ruin app quality, which totally undermines the notion that he truly embraces HTML 5. HTML is just about the biggest cross-platform technology out there.
Actually NO they don't. They have a slow, processor spiking, battery eating implementation of it, which is exactly my point
If you'll read my post again you'll notice I cited sources that quantitatively refute both your slowness and battery use claims. So if you're going to argue, you should either cite different numbers or explain why these numbers don't support my claims.
Actually your meme is more of a meme than a fact. According to the April 2010 Symantec Internet Security Report ( http://www4.symantec.com/Vrt/wl?tu_id=Lfsd1271711507050126203 ) the number 2 attacked vulnerability in 2009 was in Adobe products. ... You sure did misrepresent that report, didn't you?
I don't think accurately quoting statistics straight out of a core part of the report is "misrepresenting" it. You're now citing statistics that measure something different, and it's reasonable to disagree about which figures imply what, however.
Which I do: you could argue that number of vulnerabilities is a function of the quality of the product, while the popularity of exploiting any given vulnerability is more a function of the ubiquity of the product. So while Safari had about 6x more vulnerabilities than Flash in 2009, it also had only 5% market share vs. 99% for Flash. Which is the more attractive target?
Another quote from the report was "Browser security features and add-ons should be employed wherever possible to disable JavaScript(TM), Adobe Flash Player . . . ".
So if you disable both JavaScript and Flash, as they recommend... what are you proposing as an alternative? Do you think the HTML video tag can replace everything DHTML/JS and Flash do today?
And regarding buggy, I'll take Microsoft and Apple's word on Adobe Flash's effect on their browser/OS.
I don't know what MS has said about this (link?), but Apple has said a lot of disingenuous and/or outright false things about Flash lately, so I'm not inclined to trust their word, especially when no one else has access to the data to back it up.
It's been 3 years since the iPhone intro and Adobe still does not have a Flash runtime to show that runs fast, doesn't drain batter, etc.
Actually, yes they do. It is fast enough to outperform HTML 5, especially on mobile, and the unoptimized beta only drains the battery 5-15% faster than equivalent HTML content (while delivering up to 4x the framerate).
99% of Internet-connected computers isn't internet connected machines. Not all phones have flash and new devices are constantly coming out. There is no way your company can support them all compared to html+javscript.
Mobile currently accounts for an extremely tiny share of overall Internet traffic. One study suggests iPad, iPhone, and iPod Touch combined are < 1%. I'll take 99% over that any day. (The market is shifting, of course, but so is Flash's availability on mobile devices).
Flash doesn't support screen readers "just fine", it supports two, are you really trying to say it supports more then html. What a joke.
You're comparing apples to oranges -- I'm not talking about static text here. Your statement is like saying Firefox is a dog because Lynx renders .txt files faster than it does. DHTML is basically not properly supported by any screenreader. So for something comparable (an AJAX-style RIA), two > zero.
Yes it does. Almost every typical flash file is over 1 Meg and makes the user wait before they can do anything else on the web.
Care to back that figure up?
To take just one simple counterexample: I load nytimes.com and watch the traffic with a proxy. There are multiple Flash ads plus a Flash video player on the page. Total Flash content downloaded: 163 KB. And no preloaders to be seen anywhere.
Except they don't because most developers use Swfdec and a video using html5 would work 100% with or without javascript.
I'm not sure what your point you're making here... with JavaScript disabled, you can still watch Flash video. You can probably also still watch HTML 5 video, though it depends on whether the playback controls are implemented by the browser or using JS (both are possible). So, what's the difference?
For someone who works at Adobe you don't seem to know that actionscript is ECMAscript with stuff on top. How can it be superior when it's the same language.
You might want to do a little more research. JavaScript is based on ECMAScript 3, while ActionScript is based on the much more recent ECMAScript 4 effort. This means AS has more in common with Java than it does with JS, including: strong typing, true OOP, public/private scoping, package scoping, generic lists, and annotations. JS is borderline a toy language in comparison.
You're experience in clusterfuck jobs using non standard tools means nothing.
There is a huge movement behind HTML5 and jQuery.
YouTube, Vimeo are switching to HTML 5.
iPhone developers use HTML+javascript to develop their apps on iPhone and everything is being standardised around this.
Show me one major, popular iPhone app that is HTML rather than a native iPhone-only app. Apple has done a great job talking the talk about HTML 5, but until a sol
The point I was trying to make is that, from a pragmatic standpoint, it doesn't matter to your average website author whether something is open-source or not. Whether it's well-maintained is far more important -- because you're really, really unlikely to do the maintaining yourself in practice.
To make an analogy: I think of this as sort of Obama-style pragmatism vs. a Nader-style insistence on ideological purity (or insert your own preferred politicians).
No, not at all -- I'm probably a 4 on that scale, but I did my fact-checking. Gnash (an alternative Flash player) has been around forever and I've never heard of it being legally threatened by Adobe. And to the extent that "words posted on a corporate website" constitute the license for a spec you've just downloaded... they're not just words, they're a contract the company is legally bound to honor.
Also, I think it's important to look at motivation. Adobe profits from tools (which create Flash content, JPEG images, etc.). Anything that broadens the reach of the content produced by those tools is a win. Contrast this to Apple, who makes money off of hardware and thus wins when content is only available on their platform... giving them a vested interest against cross-platform efforts like Flash and HTML 5.
Although ActionScript and JavaScript share the same roots, AS is based off of a newer version of ECMAScript, making it a far more complete language than JS. It has strong typing, true OOP with well-defined classes, package scoping, public/private scoping, rich RTTI, metadata (akin to Java 5 annotations), generic lists, built-in E4X, etc. etc... Yes, there is a contingent that thinks strong typing and the like is just a lot of overhead... but for any sort of serious app development you really can't live without it.
Think of it from Apple's perspective. You dump a few million into doing something cool for the iPhone .... Score! But wait, while this is built into the iPhone and Apple's developer tools, requiring just a recompile for app developers to make it happen for their app, what about third party tools? Suddenly you've got thousands of apps made with Adobe's tools and those don't get the improvements until Adobe gets around to implementing them in their Flash suite, if they ever do.
The opposite way to look at it would be this: Every app has to be recompiled for it to work. So -- there are 100,000 apps in the app store, and every single one of those developers has to get off their butt, recompile, submit a new version, wait for it to get approved, and then convince all their customers to download the upgrade. It'd take forever for the benefits to truly add up for any given user. But, if many of those apps were Flash-based, then you might just need to update a single app (the Flash runtime) to take advantage of all those compiled-in savings.
They've had so many security holes over the past few years I hated installing Flash or Reader on anything.
According to Symantec, Flash and Acrobat are actually more secure than your browser: the two combined had fewer vulnerabilities than Safari, or Chrome, Firefox, or IE. Also fewer than QuickTime or Java.
There were times it took Adobe months to release critical security fixes and the only reason they didn't do it sooner was because they were too fat and lazy.
Care to cite a source? I don't remember reading any reports recently about Flash zero-day exploits. Which is less than you can say for most browsers.
(And as an aside: the Symantec report above also says that Apple took on average 13x longer than other browser vendors to patch their security holes...)
Point is, any computer exposed to the Internet is at risk, and no vendor can claim the high ground here.
So you're saying the only two platforms that matter are Apple's and... Apple's? That's not a very 'open' perspective. (Although I'm sure Apple would love for people to conceptualize the HTML RIA landscape that way).
If you look at Firefox, Safari, Chrome, and IE (which is still > 50% of the market), the APIs vary dramatically.
the problems are as follows. 1) My security attack surface just doubled. I have bugs in the browser, bugs in the player, and interactions between the two.
If you stuff all the same functionality as Flash into the core browser (which is what HTML 5 will have to do to eliminate Flash), your attack surface also just doubled, since the browser codebase doubled. If anything, isolating the rich runtime stuff in Flash gives you more security, in browsers like Chrome that run the browser and the plugin in two separate processes.
2) If I am a new hardware manufacturer, I don't get the full Internet till adobe supports my platform. 3) Adobe could give me a crap implimentation (or none) and there is nothing I can do about it.
The point of Adobe's "Open Screen Project" is to obviate those issues. If you are a new hardware manufacturer, you have complete freedom to port Flash to your platform yourself -- either using the newly-opened Flash porting layer to leverage Adobe's existing implementation, or using the openly-published SWF/FLV specs to create your own implementation from scratch.
- It runs on more machines.
Flash is on 99% of Internet-connected computers. That's far more than any single browser, and when you start lumping browsers together you're comparing apples and oranges: a single consistent API vs. a fragmented mess that requires a second cross-platform layer sitting on top of it to be usable.
- Supports blind people's screen readers
Flash supports screen readers just fine -- better than AJAX, in fact (screen readers do a terrible job handling asynchronous updates to HTML content).
- Scales the aspect ratio to fit the viewers screen
Flash is a vector rendering engine, sooo... pretty sure it supports rescaling just fine.
- Doesn't require a pre-loader
I'm not sure what you mean by that. Flash doesn't require a pre-loader. Any app that is going to take a long time to load would be wise to choose to show some sort of progress indicator, and this is equally true of Flash and DHTML (AJAX apps can easily top 1 MB in JavaScript code size). And Flash supports progressively downloading assets and code as you visit different parts of a site or app, just as HTML does.
- Isn't limited to a subset of video codecs.
Haha! I hope you're kidding: Firefox only supports Theora, Safari only supports H.264, IE 8 doesn't even support video... Plus, any platform will only support a finite set of video codecs... it just makes no sense to claim this of any platform.
- Still gives the user the ability to navigate a site even though JavaScript is disabled.
Flash works just fine when JavaScript is disabled too :-) Flash apps won't work when Flash is disabled, and AJAX apps (e.g. GMail) won't work when JS is disabled. Sites that care about these fringe cases need to provide a pure-HTML fallback either way.
The only things flash can do better at this time is webcams and microphones.
Flash is the only major video player that supports a consistent codec on all platforms. It offers a consistent API on 99%+ of the world's desktops, something no browser's JS implementation can claim. It has much better debugger/profiler support than JS, and I would argue it has better IDE tools too. It has a superior programming language (with true strong typing, true object-orientedness, package scoping, even some generics). It supports push connections, socket connections, binary wire formats, policy-based cross-domain connections, true video streaming (e.g. with RTMP), and peer to peer connections (e.g. with RTMFP). It supports dynamic audio synthesis, GPU-based pixel shaders, flexible user-controlled local data storage, multi-touch on mobile (coming in 10.1), accelerometer input on mobile (also coming in 10.1), high-quality embedded fonts, 3D transforms, etc. You might find prototypes of one or two of these things implemented as proprietary extensions in a couple of browsers... but that's a far, far cry from reliable support on the majority of Internet-connected computers.
There are only two types of people that think flash has a place anymore. Adobe employees and people who are employed to make flash objects.
Full disclosure: I do work at Adobe, though not on Flash, and as someone with years of AJAX web development experience I can honestly say I believed all this before I worked there too.
In your second category... there are over a million Flash developers out there, and there's a good reason why there are still so many. Flash is simply an easier, less expensive, more designer-friendly platform to build on. For a given investment, a web site creator can typically affor
Not true. Adobe says: "There are no restrictions on the development of SWF authoring tools, and anyone can build their own SWF or FLV/F4V player."
The application developers would maybe like to use Flash (or maybe not) but are hindered by insane licensing fees.
There are no licensing fees for using Flash. There are completely free, some even open-source, tools available for producing Flash content.
Adobe really tried to get people to develop whole applications in Flash, but I could never see a compelling reason to do this. HTML works well enough for most things (even more with HTML5), anything more demanding is maybe not a good candidate for implementing as a web-based application.
I think one of the big reasons for Flash's popularity is that you can build complex things in it far more easily than with HTML. So, while you could theoretically hand-code some animation in HTML5+canvas, it's far faster to do it graphically in Flash -- which is why Flash still dominates web animation (and gaming). And while you can build interactive apps like GMail using JavaScript, it's prohibitively expensive for most medium or small companies to do so -- which is why static, full-page-refresh sites still dominate the web. (And it's also why GMail's level of interactivity still doesn't hold a candle to the richness of Flash sites built by larger companies).
p.s. -- there was at least one Flash email client, Goowy. Like many startups, it got acquired and killed. But there still are other Flash-based communication/social apps out there, such as TweetDeck.