Not Obvious

Intended to be Interesting, Intriguing & Insightful. Most Likely Mundane.
 

...To A Dead End

I really do not want to give Adobe any more publicity in their Flash campaign, but felt compelled to blog-respond to Dave McAllister's "Following the open trail" post on his Open at Adobe blog.

Flash is not open.

Dave takes a shot at groups like the W3C, whom I'll focus on for part of this bit. No standard is "perfect", but standards themselves benefit greatly from a decent-sized, diverse, unbiased (in the generic sense of the term...we all have biases) collection of individuals. If this were not the case, XML, SOAP would have been a complete failure and HTML 5 & CSS 3 would not embraced by so many designers and high profile sites. Even if we move into IETF territory, what would OAuth, IMAP or our beloved RFC 2616 (HTTP :-) look like if it were all controlled by one business with it's own agenda?

I don't need closed tools to build web sites, craft data repositories or design code to access web services. I can use (if I had any graphic or design talent) thoughtfully-debated, cross-platform markup to build incredibly useful services that are accessible from practically any device. And I can pass credentials, check my e-mail and surf the internet to dribble like this post knowing that Very Smart People have discussed the efficacy of each protocol.

Given that the target audience for Dave's post were those that are not exactly Flash proponents, I do find it semi-amusing that he did not bother to ensure the availabity of an HTML 5 compatible YouTube page for the "Open at Adobe" link (or that it did not link directly to an HTML 5 representation).

With regard to open sourcing the Flash player, I'm not sure what that would really buy the "community". Publishing the Flash SWF, RTMP & other file formats does not make Flash "open". Microsoft published their Office XML file formats with the intent to keep you locked in to their products. Not exactly a compelling argument. Furthermore, if they were truly being honest about the open source Player argument, they could take the route of Paint.NET and utilize creative licensing for some of the code and not release other components that would be in violation of their contractual obligations.

I will admit that the list of truly open source frameworks is accurate and should be lauded, even though the ultimate destination is the Flash platform for most of them. It should be ironic to all (except for, perhaps, Adobe staff) that they have built reliance on WebKit: the open source rendering engine that powers Safari, Chrome and a few other browsers and apps.

Flash is not and will not be "open". Adobe wants you feeding from their trough and buying their expensive tools for as long as possible. It is no different (except for the fact they made versions for multiple platforms) than Microsoft ActiveX or browser-specific tags (how many of you are in an enteprise where internal apps just do not work under Gecko- or WebKit-based browsers?). It is this same lack of openness, combined with the creativity, ingenuity and collaboration of countless smart folks on knock-down-drag-out standards bodies that will ultimately mean the end of Flash.

Loading mentions Retweet
Filed under  //   activex   adobe   css   css 3   flash   flash player   html    html 5   open source   webkit  
Posted February 8, 2010 by boB Rudis 
// 0 Comments
 

Why Do (I) People Hate Flash?

Nick Wangler (@SweetTea023) asked me why people hate Flash (no doubt referred to me by @Wygle or one of my Seattle cohorts). The answer is far more than 140 and has been answered posited and pondered by many more qualified than me. I will, however, endeavour to round out the corners of the various arguments against it and be as non-duplicative as possible.

 

Security

A very quick search on NVD shows 77 vulnerabilities for "Flash Player". Flash is an add-on for your browser; an expansion that you install (or have installed for you by an OS distribution or computer manufacturer) in addition to the base components. By default, that creates yet-another vector for attackers and even levels the playing field a bit for them since they can target multiple platforms and multiple browser configurations with roughly the same exploit. Believe me, Microsoft & Apple do not need any more help making their browsers or their systems more vulnerable to attack and we certainly do not need to give the malware writers more soft targets.

Flash is also one of the few items on my system (yes, I have it installed despite loathing it) where I actually need to hit an external site to configure it. If you've never been to one of those settings screens, they've been around in one form or another since ~2004. Even those settings could not stop a pretty nasty attack vector that Adobe had to close by removing functionality (that it should never had added in the first place).

From an enterprise perspective (the whole world does not revolve around home users), it is a royal pain to manage Flash versions across even a moderate large user-base, especially since Adobe has removed or munged functionality enough that some divisons or workgroups actually need to keep older versions installed. That means I have vulnerable target systems that I have to account for when I do a risk/threat profile. If such an institution is, say, a bank, that unpatched endpoint becomes one means for the "bad guys" to get to your data. (And, if you think that isn't likely, you have never been employed by a large financial institution).

 

Performance

Before I start this section I need to do a full disclosure: I am primarily an OS X user but have two Windows 7 boxes, a Windows 7 VM, a dedicated linux server at home, a linux VPS in Cali and countless linux VMs). I have to do that because - invariably - I will get the "you're just a whining Mac user" comment.

Flash browser performance - in general - sucks, just like Java applet performance - in general - sucks. This is primarily due to bad programming If Adobe (and before them, Macromedia) asks me to extend my browser, the least they could do would be to provide tools and a deployment process to ensure that inept programmers have to pass some sort of test before crashing my browsers (well, not Chrome, thanks to the process model Google uses, which I'll bet is due - in part - to Flash).

I know when Flash kicks in on a site because my fans start whirring, the CPU starts spiking and the batter starts draining much faster. Most Flash-heavy sites are even a dog on my Mini 9 with 2GB of RAM running Windows 7! And, forget about full-screen Flash video on linux. Adobe will swear it's not their problem, but they should have either not lowered the entry bar or figured out a way to truly optimize their code. They chose to make the plug-in and it not the responsibility of the OS builders to help them out.

 

Design

For those who have been around this Internet of ours for a while will understand the following: Flash is the modern equivalent of the <blink> tag and animated gifs. The minute I see Flash content (on a non-dedicated gaming site [kongregate/armor games] or non-dedicated movie site [hulu/youtube]), here's what goes through my head:

  • "oh, another design crutch" (i.e. the developers were not talented enough to use cross-platform HTML, CSS, graphics creation & Javascript techniques)
  • someone is attempting to sell me something

Not exactly two things I'd want associated with my site.

Granted, there are exceptions (I've seen some brilliant data visualizations in the New York Times and other sources), but in general, Flash == ugly and is there only in a pathetic attempt to grab my attention away from what I really want to see on a site (hence the continued growth of ClickToFlash usage by OS X Safari users).

 

Gatekeepers

While there may be some open source means of cranking out Flash, expensive Adobe tools are the primary means to develop these beasts and I am not fond of gatekeepers (I promise to not turn this into an iPad rant). In my infrequent programming ventures, I really shy away from closed frameworks because I do not want to be locked in. Until they made .NET a tad more open (e.g. the Mono project), this was the primary reason I stopped trying to make Windows software. While I consider myself a semi-proficient OS X developer, I loathe the fact my apps cannot run on any other platform (except the iPhone...and talk about gate-keeping!). At least Apple's tools are relatively free (I do pay for the OS, which is fine since I'm getting a much better experience than desktop linux). I can even make first-rate apps with relatively free (though a bit more expensive than Apple) Microsoft tools (SharpDevelop & IronPython).

While the majority of end-users do not care, I do and I refuse to learn Adobe's insidious incantations just to make bits fly about in a browser window. It's the same reason folks do not just make PDFs of their Word documents and put them up as web pages (and this is coming from someone who used to code PostScript by hand). Generally speaking, we want the freedom to express our creativity without lock-in which is one reason I'm really looking forward to ubiquitous implementation of HTML 5.

 

Concluding

It turns out I ranted a bit and did, in fact, re-hash some well-worn arguments. Just as it's applet, tag and animated counterparts, Flash had it's day and will - hopefully - be a fading memory as open standards start to become more rich and versatile. Until then, I will enjoy my Flash-placeholder-boxes in Safari and the blue Lego block of ambiguity on my iPhone.

Loading mentions Retweet
Filed under  //   .NET   adobe   apple   design   flash   flash player   html 5   linux   macromedia   microsoft   mono   programming   security   xcode  
Posted February 1, 2010 by boB Rudis 
// 2 Comments