So scientists would prefer to use a buggy unsecure medium to gather what is probably (scientifically) important data rather than sped a few hours rewriting it (and probably improving the user interface and such like). Don't these guys have under graduates for this kind of work?
Flash... Nu-uh! Tech folk champing at the bit to switch off life support
When Adobe this week announced its intention to kill Flash by 2020, a cheer went up among techies everywhere – not least of which were the browser-makers, who seemed pleased to hasten its death on the web. But others, including Flash game devs and some in the sciences, seem less ready to suit up and deal with the fallout. …
COMMENTS
-
-
-
-
Friday 28th July 2017 05:52 GMT Anonymous Coward
'that they used flash securely to begin with'
With Flash, the main issue was the run-time security, not the applications'. The application needs to be written purposely to exploit the run-time vulnerabilities. So the problem is having the run-time installed. I don't believe researchers will create attacks by chance....
-
-
Friday 28th July 2017 18:28 GMT Oh Homer
Re: "So scientists..."
I find it rather disturbing that scientists, of all people, apparently find progress to be a "nuisance".
Aren't they the very people who should be forging on regardless?
Yes, everyone has a budget. Tesla had one, so did Edison, and Darwin and Einstein and da Vinci. Imagine if they'd all said; "You know, this business of 'changing stuff' is such a damned nuisance. If anyone dares to change even another single spec of dust on this planet, I shall rip up my quarterly budget statement and go back to living in a cave and worshipping stuffed animals".
What sort of person, scientist or otherwise, makes absolutely no contingency for the inevitability of change?
-
-
-
-
-
-
Friday 28th July 2017 07:02 GMT Don Dumb
@Doctor Syntax - "And its demand to enable a stupid number of javascript sites."
Despite what webmasters think, it is not a *demand*, it is a *request*, to use those javascript sites and yet the pages work just fine without them (or simply only allowing the specific metoffice ones). Is that not your approach to all sites?
-
-
-
Thursday 27th July 2017 12:38 GMT Stevie
Bah!
"I'll now need to recode or retire some of my earlier Flash studies that are still collecting data," he added."
Well don't use java, 'cos that plugin was tossed out last update by those nice people at Firefox.
There's a fix, but good luck getting your user base to sign up for doing it.
-
-
Thursday 27th July 2017 19:32 GMT patrickstar
Re: Bah!
I'd make an educated guess that since 2010 or so infections via Java outnumber Flash by at least an order of magnitude, even though Java in the form of applets in the browser is pretty much dead by now so Flash has had some time to catch up.
The reason being that the Java bugs were logical errors in the applet sandbox. Once you're out of the sandbox, you have full access to do anything to the computer.
100% reliable and even cross-platform.
Flash has nothing similar - the browser Flash Player simply doesn't have any APIs to do stuff to the underlying OS (like write files to disk arbitrarily and execute them). Flash bugs are, without exception, memory corruption and thus tend to be difficult to exploit reliably.
-
-
-
Thursday 27th July 2017 12:43 GMT I ain't Spartacus
Simple solution
Surely this has an easy solution.
The academics have limited time and budget to replace it. But I'm sure the tech industry can find a way to easily provide them with compensation.
Adobe simply need to buy a small plot of land. Perhaps one on every continent? Then they place a grave and headstone saying "here lies the body of Flash died 2020 - much missed by malware writers the world over". Then all they need to do is bury some sort of piezo-electric doodad in the ground, and they'll generate megawatts of power from all the techies coming to dance on Flash's grave.
Pipe power to universities, they get the budget that would have been spent on that for Flash replacement, techies get fitter without having to pay for gym memberships... Everyone's a winner!
-
Thursday 27th July 2017 12:56 GMT quxinot
Re: Simple solution
The problem with this simple solution is likely to be the same problem with the current software.
Or were you infering that Adobe could get someone competent to do the implementation of the celebratory power generation?
I'd be terrified of megawatts of power being run through a dozen tatty power cables comprising more patch than cable. :)
-
-
-
Thursday 27th July 2017 12:50 GMT I ain't Spartacus
Then the malware writers would have access to the code too. Could the open source community patch the new vulnerabilities fast enough? It could be like trying to fill a bucket faster than the water can pour out of the holes.
Anyway, what if everyone pointed and laughed? Or it turned out the code was written in crayon, by an infinite number of monkeys?
-
Thursday 27th July 2017 14:35 GMT dmacleo
http://gizmodo.com/adobe-flash-fans-want-a-chance-to-fix-its-one-million-b-1797284544
honestly would not mind seeing this even if I seldom use it. lot of older stuff can't (from what I understand, could be wrong) be ported over so worth a shot. if it fails in no worse shape then present really.
-
Thursday 27th July 2017 19:18 GMT Random Handle
>I wonder how much of the problems with Flash would be solved if it was open sourced?
Most of the problems can be solved using openfl to target html5+ or native - slightly more complex to build for non-devs but the bulk of code would be re-usable and stimuli etc identical for replication. A good (honest) dev will be charging in hours and days not weeks - in-house will find it a fairly painless leap and be back on their day jobs in no time.
-
Thursday 27th July 2017 20:15 GMT Kevin McMurtrie
Open source Flash
Is JavaScript. It does almost everything you need to do in a browser. Hopefully the death of Flash can result in some JS language changes to support reliable performance. Right now authors must consult lists of what arbitrary features of the day may accidentally de-optimize on each browser.
-
Friday 28th July 2017 07:55 GMT stephanh
concerning magic pixie open-source dust (lack thereof)
"I wonder how much of the problems with Flash would be solved if it was open sourced?"
Would you like to work on a bug-riddled and probably poorly documented and tested legacy code base for free?
Open-sourcing Flash could work if there were a bunch of companies would would consider it in their enlightened self-interest for Flash to continue existing, and would be willing to pay developers to work on the code base.
But I don't see any such white knights on the horizon. Google, Apple and Microsoft have clearly already made their choice for HTML5.
-
-
Thursday 27th July 2017 13:56 GMT Joe Gurman
Cry me a river, whingeing academics
Th university community the world over is noted for its less than serious approach to IT security. Adobe has been courteous enough to give the unis a couple of years in which to get their act together, change grant proposals, address staffing, and the like. Yes, it will cost more in the short run. But compared to the impact of massive malware infestations (and Flash has to be considered the most successful one to date), not so large an investment.
-
-
Thursday 27th July 2017 16:31 GMT Nunyabiznes
Re: Flash point
OR, you could be the "computer janitors" that are told what technology they will be implementing by the numpties wearing suits. In the last year we've had 3 more "enterprise" applications foisted on us that use Java and/or Flash. The one that only uses Java broke when Java updated to 1.8.141 - rollback to 131 and block Java updates for a subset of the domain computers, yay! At least the 2 that use Flash won't work unless Flash is on the latest update.
We are stuck with several Flash and Java dependent legacy apps also and the powers that be refuse to spend the cash to transition to something else - if there is even a competing product that doesn't use Flash/Java which isn't always the case.
-
Friday 28th July 2017 06:30 GMT Anonymous Coward
Re: Flash point
"We are stuck with several Flash and Java dependent legacy apps also and the powers that be refuse to spend the cash to transition to something else - if there is even a competing product that doesn't use Flash/Java which isn't always the case."
Hundreds of companies will be like this and use Flash for the next decades, and be open for all exploits !
Just make sure you're not into security.
-
-
-
Thursday 27th July 2017 16:49 GMT Mage
Flash isn't just video
It includes actionscript, (a little like javascript). The ONLY way to run programs (by others or your self) on some older gadgets, is to write an actionscript program, It need not have any animation or video. It could be that's what some of these projects use.
Such a program will run in a web page and was HUGELY more secure (and cross platform) than the alternative at the time, Active X.
The idea of ActionScript and Flash (unlike Active X in a browser) isn't evil, the problem has been Adobe's crap implementation. Also the problem of newer versions being incompatible with older browsers on TVs, Setboxes, Personal Media Players etc that can't be updated (the problem of closed source and monolithic usually non-existent upgrades for a gadget less than a year from launch, contravenes SOGA, should be 2 to 6 support depending on product).
So problem is more Adobe than the concept of flash and ActionScript.
-
Friday 28th July 2017 06:58 GMT Tristan Young
Flash is dead to me
All our home systems have been flash free for the last couple of years. All new systems I'm building are flash-free. By flash-free, I'm referring to not installing flash AND not using Microsoft's Edge browser with pre-installed flash. They are better for it, a little bit safer, less vulnerable. Reducing attack vectors while improving reliability is important.
Surely someone will come out with a flash emulator to help scientists. We shouldn't need the flash plugin installed in billions of machines in order to be able to interact with a flash script. If I can play Moon Patrol and Joust over at the Internet Archives, surely I can also play a flash script the same way.
The demise of flash has been slow in coming, and predictable, lots of time to come up with a game plan.
I had an issue over the last few days where a work machine being used for shipping was thrown into a refresh loop on account of Adobe flashplayer, couldn't log in or do anything. FedEx has a stupid flash ad banner on their front page and something went wrong - clearing the cache and resetting things wouldn't solve the problem. I ended up circumventing this bug by installing an ad blocker and blocking the flash element. I won't miss flashplayer one bit. Good riddance to yet-another example of Adobe's terrible coding.
-
Friday 28th July 2017 12:55 GMT DropBear
Make no mistake, the only way we're ever getting rid of Flash is by forcing web developers / webmasters to stop relying on it in their websites - because nobody using it can ever be persuaded to fucking STOP using it and use something else: it seems the inertia of flash devs is effectively infinite for all practical purposes. Disabling it in your own browser is only ever going to be a partial solution for as long as it isn't effectively outlawed there always will be a non-negligible number of sites that you just need to use that simply don't work without it and refuse to change. So yeah, saying that I'm exceedingly happy those recalcitrant lazy fuckers will finally get officially booted off the web for good soon unless they move on is the understatement of the century. Actually, I'm mildly curious to see how the zillion giant flash-game collection sites will handle this...
-
Friday 28th July 2017 22:17 GMT hayzoos
I once crossed paths with a Macromedia "higher up" whilst in San Francisco. He sat next to me at a hotel bar, ordered his drink, then proceeded to count out coins to pay. Since I was ready for my next drink I told the bartender to put it on my tab so I wouldn't have to wait an eternity. That's when he introduced himself. I decided not to let on that I was into computers twenty years or so. I could see why Flash ended up the way it did after his talk. It wasn't bad per se. It just was conceived before Internet security needed to be designed in from the beginning. Adobe just made sure it got as bad as it did.
-
Thursday 5th July 2018 23:23 GMT rskurat
You've clearly never been an academic scientist. We recently had to phase out Friday evening pizza because $60 per week was too much money. In some departments the Chair will pick up this expense, given that they're making well into the six figures. Our chair is rarely seen, and his career (i.e., personal hype) is more important than the department he governs as an absentee landlord.