FLASH MUST DIE, says Facebook security chief Newly-minted Facebook security chief Alex Stamos has called for Adobe Flash to be taken out behind the shed by a shotgun-wielding world. The former Yahoo! security head joined Menlo Park this year and over the weekend said in two Tweets that it is time the death knell chimed for the Adobe's much-hacked tool. "It is time for …
This post has been deleted by its author
At least the BBC iplayer is delivering sound or video. I complained to (not about) my ISP about my broadband speed and they gave me some testing instructions, in particular to run the BT Wholesale Broadband Performance Test at speedtest.btwholesale.com. This is a crappy program that seems to have been written by some schoolkid and insists that Flash be installed, apparently so that it can show its progress bar, and in the end displays its results in a form that can't be cut-and-pasted back into an email to the ISP. It's all very well refusing to install Flash, permit Javascript, etc, but the Web is increasingly full of this kind of crap programming and some of the stuff is actually essential.
Yeah wouldn't it be nice. Except even though I have Flash set to "Ask to activate" I have to activate it literally dozens of times every day, to access content or services I'm absolutely NOT willing forego. Security is always secondary to actual functionality, and while I would certainly prefer to be less vulnerable, uninstalling flash will not happen a long as I'm forced to use it or accept being locked out.
Mostly. Not exclusively.
Flash is absolutely critical for a large corpus of electronic literature, for example. That may not be important to most people, but it is very important to a significant number of people. And those people are capable of using Flash only with trusted sources.
Stamos is Yet Another security-fundamentalist ass who believes that everyone must adhere to his personal threat model. These people are just as bad as the crap development organizations that produce vulnerable software in the first place.
"Nobody takes the time to rewrite their tools and upgrade to HTML5 because they expect Flash forever. Need a date to drive it."
Policy by tweets… don't you just love it? :-/ And who's going to pay them to do this? Facebook perhaps?
Where's the cross-platform solution for media rights holders?
I trawl Facebook Timeline pages for posts with videos. That used to extract posted URLs that referenced various video storage sites like Vimeo, YouTube, or Facebook.
This week it stopped working for videos stored on Facebook servers. They now have encoded tag parameters dedicated to "SWF" that have no obvious interpretation from which to derive an independent URL.
If you want to kill flash, create a FLA -> HTML5 converter. Then developers only need to compile the source files.
Of course, there are SWF to HTML5 converters, though they are really a lossy hack and don't always work very well.
At this point, why doesn't Adobe just allow an option to recompile FLA sources to native HTML5? Macromedia used to allow compiling to Java in the early days of the web. Then people might still use Flash for the IDE. No one ever cared about the binary format the data was saved as.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
