Flash - the George Bush of Web Technology

I didn't vote for George Bush in his second term; truth be told, I wasn't that keen on him his first term, but found him better than the alternative. But despite this opinion, I never felt it fair to blame him for all the awful events that happened on his watch. The Crash of 2000, Katrina, Enron, MCI, the sub-prime mess, 9/11, I'm sure I'm missing a few. Sure, they happened while he was president, but the seeds for all these events were planted long before he got to the White House. He just turned out to be the unluckiest president ever.

Now, I'm starting to get the same feeling about how some very vocal computer users are starting to criticize Flash. Slow performance? Must be Flash. Instability? Flash. Slow to load a web page? Gotta be Flash. Fan whirring? Flash.

Sure, like all big lies there are some seeds of truth in these accusations, but let's look at the overarching facts. Flash is on 98% or so of all computers - perhaps I'm naive, but technologies that totally suck - both absolutely and compared to other available technologies - don't achieve this kind of success. If you look at the rhetoric about Flash, you'd think it was a Toyota-sized problem, with product recalls and Congressional inquiries. But there aren't any.

Then there's my own personal experience. I work on Mac and Windows computers all day long, from 8-core workstations to much less powerful notebooks on both platforms. I'm pretty passionate about computing and vocal about my concerns. But Flash as an offensive technology - a "dreaded plug-in" - never made my radar screen. Vista? Heck yeah - I wrote two columns about my dislike of that OS. But Flash? No, it's installed on all my computers and always seem to work just fine.

Plus, I remember the truly offensive technologies that Flash replaced. I could get very passionate about hating the RealPlayer, which wanted to own my computer from MIME types to background processes. But there was a time where you couldn't live without it. Ditto with Windows Media Player, which is the most consistently disappointing program I can think of. Then came Flash - it was small, it was discrete, it didn't try to take over your computer. You could brand, you could customize, and then came VP6 and later H.264 and the video finally was gorgeous. You could build animation and then later sophisticated rich internet applications around it. Hey, it was so good, so pervasive, so successful, that Microsoft created Silverlight to compete against it.

Seriously, if you had to rate the top technologies that helped make Internet video possible - both historically and currently - could Flash not be #1? Now there's a public hate-fest about Flash - at least among some technical cognescenti -- though it's usually prosecuted by those with a clear alternative agenda, whether it's the web would be "better" if it was completely open source and non-proprietary, or simply protecting App Store revenue. Hey, if that's your agenda, promote that --- don't denigrate Flash.

The other disturbing parallel for me in this Bush/Flash comparison is the blind assumption that the newer alternative will be superior. I voted for President Obama, but it wasn't because I believed his campaign promises. I just concluded that (once again) he was the better of two poor alternatives. Now, 18 months later, Guantanamo is still open, we're still in Iraq and Afghanistan, public debt is skyrocketing at even a faster pace and though Europe likes us a bit better, we're at the low point of American/Israel relations. President Obama's number one agenda item seems to be a health care system that few taxpayers really want. I certainly don't long for the days of George Bush, but even the most ardent Obama supporter would have to admit that things haven't quite gone swimmingly up to this point.

So now HTML5 here to save us from a "plug-in hell" many of us didn't know we were actually in. My tests (seeFlash Player: CPU Hog or Hot Tamale? It Depends)  indicate that on most platforms and browsers, Flash 10.1 was more efficient than any HTML5 alternative except one. The sole exception is the Safari browser on the Mac platform, where Apple's own browser benefits from GPU acceleration that isn't available to Adobe, and either not available or not utilized by Google's Chrome.

Beyond the benchmarks, is HTML5 even close to a replacement for Flash or Silverlight at this point? Show me how HTML5 will provide DRM (digital rights management), adaptive streaming and multicast. Don't tell me it's technically feasible, show me a commercial company who's using it. How will the HTML5 crowd agree on these thorny issues when they can't even choose a single codec? Show me that there's sufficient penetration of HTML5-capable browsers that I could drop Flash and not lose viewers on my own web site.

Convince me that chucking Flash or Silveright for HTML5 will improve my web experience. As much as we seem to vilify them, player-based solutions like Flash, Silveright or QuickTime, succeed because one company owns it and is charged with making it work. With HTML5, it's up to the browser manufacturer, who all have their own unique interests and agendas.

I'm unfortunately old enough to remember the first big round of browser wars, with proprietary tags and "Best viewed in Internet Explorer." Do you really believe that Microsoft, or Apple or Google for that matter, will release a browser for the public good, one that doesn't support their own proprietary agenda? If you were a shareholder do you believe they should? That leaves Mozilla as the only sizable independent browser developer, and if you scratch beneath the surface, you'll learn that they're supported almost entirely by search engine revenue from Google. How independent can they be? How long will Google continue to send the cash now that Chrome is picking up steam?

Overall, the HTML5 crowd seems to be saying that HTML5 is "good" because Flash is "bad." Other than vague generalities, no one has shown me an HTML5 page that's superior in any way to a similar page running Flash or even Silverlight. So why all the fuss? Other than highly technical users, most netizens simply want their videos to play. They don't care that it's a proprietary Adobe plug-in that's playing, or HTML5 for that matter. And they typically wouldn't "upgrade" to a new technology unless it promised some concrete benefit.

Disagree? Fine, You're welcome to comment below -  but I'm going to delete every note that disagrees with me and doesn't say "I've uninstalled Flash because its cons outweigh its pros."  Hey, put your money where your mouth is. Because if you can't live without Flash today, we're really not disagreeing - you're just not honest enough to admit it.


Comments (12)

Paul
Said this on 3-23-2010 At 10:59 am

I hope you're a fan of irony.

Out of the three major operating systems -- Windows, Mac OS X, and Linux -- only OS X comes with a Flash player plugin straight out of the box. In both Windows and most Linux distros you have to install the plugin first if it's not an OEM computer.

It's part of the OS X security updates and even point releases, OS X v10.6.1 was released so quickly partly because Apple bundled an outdated version of Flash Player in their Snow Leopard discs.

The fact that Jobs vehemently opposes Flash and pushes for rapid HTML5 adoption on their mobile devices is in stark contrast on how their desktop operating system include Flash as an integral part of the package.

Said this on 3-24-2010 At 09:53 am
Interesting information, I didn't know. It is ironic that Flash is essential for Macs but an unstable CPU Hog for the iPad.

Thanks!

jan
Jim
Said this on 3-24-2010 At 12:31 am

"Seriously, if you had to rate the top technologies that helped make Internet video possible - both historically and currently - could Flash not be #1? Now there's a public hate-fest about Flash - at least among some technical cognescenti -- though it's usually prosecuted by those with a clear alternative agenda, whether it's the web would be "better" if it was completely open source and non-proprietary, or simply protecting App Store revenue. Hey, if that's your agenda, promote that --- don't denigrate Flash."


Flash didn't make Internet video possible. The Internet made Flash video possible. Flash is very much riding on the back of open protocols and open formats that the Internet is built on in the first place. Closed technologies are the exception rather than the rule on the Internet.


"So now HTML5 here to save us from a "plug-in hell" many of us didn't know we were actually in. My tests (seeFlash Player: CPU Hog or Hot Tamale? It Depends)  indicate that on most platforms and browsers, Flash 10.1 is more efficient than any alternative. The sole exception is the Safari browser on the Mac platform, where Apple's own browser benefits from GPU acceleration that isn't available to Adobe, and either not available or not utilized by Google's Chrome."


With respect to video, lessening depedence on proprietary plugins is only one aspect driving the design decisions for HTML5. The further benefits are direct integration of video with the rest of the page layout - which lets you manipulate it with JavaScript and style it with CSS, both of which let you build far more interesting and dynamic pages than the usual "here's my plugin, here's its box" page layout that pages relying on plugins must by necessity conform to.


When you say "Flash 10.1 is more efficient than any alternative", you didn't in fact test "any alternative". An obvious choice that was overlooked was playing back an Ogg Theora video of equivalent image quality. Theora has lower computational complexity than H.264 (and by extension H.264 + Flash). What's certainly true on my Linux system running Firefox with the latest release of Flash Adobe can provide me, playback of Theora encoded video within Firefox has substantially less CPU utilisation than H.264 in Flash. Even comparing the Theora video file with the H.264 video file using video playback software, the same holds true (albeit the difference is less significant).


Try it yourself using the venerable "YouTube / Ogg Theora comparison" from Greg Maxwell. I'd speculate you'll see a CPU difference in Firefox on OS X:


http://people.xiph.org/~greg/video/ytcompare/comparison.html


The differences will become more exagerrated as browsers add hardware acceleration to their layout engines. Mozilla is working on it (see http://www.basschouten.com/blog1.php/2009/11/22/direct2d-hardware-rendering-a-browser) and so is Microsoft for IE9. Firefox may get there first.


"Convince me that chucking Flash or Silveright for HTML5 will improve my web experience. As much as we seem to vilify them, player-based solutions like Flash, Silveright or QuickTime, succeed because one company owns it and is charged with making it work. With HTML5, it's up to the browser manufacturer, who all have their own unique interests and agendas."


The problem is that it frequently doesn't work. Flash is a major vector for virus propagation. Whenever a new vulnerability is exploited in Flash, it affects a great many people and it's up to one company to solve that. Something Adobe has often been lax in addressing. That's the problem with a monoculture - one flaw has far reaching consequences. In contrast, multiple independent implementations will never be exploitable in the same way. Diversity is an important aspect of system security for any large network and the Internet is no exception. Increased security will improve your web experience.


"I'm unfortunately old enough to remember the first big round of browser wars, with proprietary tags and "Best viewed in Internet Explorer." Do you really believe that Microsoft, or Apple or Google for that matter, will release a browser for the public good, one that doesn't support their own proprietary agenda? If you were a shareholder do you believe they should?"


As opposed to one vendor's proprietary agenda as in Adobe with Flash? Multiple software companies working to open standards will never have the same control as one company controlling a closed standard.


"That leaves Mozilla as the only sizable independent browser developer, and if you scratch beneath the surface, you'll learn that they're supported almost entirely by search engine revenue from Google. How independent can they be? How long will Google continue to send the cash now that Chrome is picking up steam?"



At least until the end of 2011 (see http://www.mozilla.org/foundation/documents/mozilla-2008-financial-faq.html). And as the FAQ states, Mozilla is always looking to diversify it's revenue stream. 

All you're really saying here is that diversity is better than monoculture, and that's right. Fortunately, there's more than one search engine in the world. I'm sure that given the chance Microsoft would very happily enter into a deal with Mozilla to make Bing the first preferred search engine offered to users of Firefox. In any case, the argument that "Mozilla gets a lot of money from one company and that's bad" seems logically inconsistent with the earlier assertion that "Flash comes from one company and that's good".


"Other than highly technical users, most netizens simply want their videos to play. They don't care that it's a proprietary Adobe plug-in that's playing, or HTML5 for that matter. And they typically wouldn't 'upgrade' to a new technology unless it promised some concrete benefit."


This is something of a tautology. Non-technical users will of course never care about technical matters. They won't need to take any direct action to get HTML5 support. All major browsers have built in update mechanisms. Many non-technical users already have it in their browser of choice, be it Firefox or Chrome or Opera or Safari. Many more will get it once IE9 is released if they don't switch to another in the meantime.


Flash is at its apogee of usage today. It will begin its slide into obsolescence as its number one use case - video - continues to be eroded by prominent HTML5 implemetations. Speaking for myself, I only have Flash installed for the sake of a handful of sites. Once they stop requiring Flash (as they are certain to) there's no longer a reason for me to keep Flash installed.

Said this on 3-24-2010 At 10:23 am

Jim:

>>When you say "Flash 10.1 is more efficient than any alternative", you didn't in fact test "any alternative".

Yes, I tested HTML5 vs. Flash.

Not to be offensive, but your answers seem like they were automatically spawed by some kind of HTML5/Ogg-bot. Little new thought, even less authoritative proof. Is your strategy just to wear me down?

For example:

>>Theora has lower computational complexity than H.264 (and by extension H.264 + Flash). What's certainly true on my Linux system running Firefox with the latest release of Flash Adobe can provide me, playback of Theora encoded video within Firefox has substantially less CPU utilisation than H.264 in Flash. Even comparing the Theora video file with the H.264 video file using video playback software, the same holds true (albeit the difference is less significant).

-All you proved is that on one Linux box using unknown CPU and graphics card, playing back a totally non-representative cartoon, CPU utilization was "substantially less." Useless. The world is 50% Windows XP, and with Flash Player 10.1, and a supported graphics card, H.264 will benefit from GPU acceleration. Which cards support Ogg?

And I checked your Mozilla reference about Browser acceleration. I couldn't tell, will that apply to Ogg?

>>Try it yourself using the venerable "YouTube / Ogg Theora comparison" from Greg Maxwell.

Don't get me started on this. Why compare YouTube and Ogg with an animated file, a cartoon? Every independent test (e.g. not done by a Xiph employee) found that H.264 provides superior quality to Ogg. You would do yourself a service by never referring to this totally flawed study again.

>>Flash is a major vector for virus propagation. Whenever a new vulnerability is exploited in Flash, it affects a great many people and it's up to one company to solve that. Something Adobe has often been lax in addressing.

So you say. Any references? Could you not say the same thing about Windows, OS X and other operating systems? Don't all browsers have the same issues from time to time? Seriously, how could Flash be such risky plug-in, a Calamity Jane and Typhoid Mary, be installed in 98% of the world's connected computers and not shut computing down periodically?  Why would corporations allow it to be installed on their computers? Why does it ship with Macs? Why does Motorola ship Flash with the Droid? Is everyone else stupid and HTML5 proponents smart? There are security risks to all programs, the point of the editorial is that Flash's get blown totally out of proportion. Clearly, the benefits of Flash outweigh these risks.

>>In any case, the argument that "Mozilla gets a lot of money from one company and that's bad" seems logically inconsistent with the earlier assertion that "Flash comes from one company and that's good".

That's not what I said. The point is that with Chrome at the heart of Google's browser and operating system strategy, which it wasn't when Google started their agreeement with Mozilla, how long can Google justify paying 50+ million a year to Mozilla? Along the same lines, why would Microsoft? Everyone needs a browser -- if they stop paying Mozilla, their market share will go up proportionately. In plain English, why subsidize a competitor for a mission critical product? 

>>Flash is at its apogee of usage today.

Well, certainly its PC penetration can't jump 25% since it's already at 98%. But on a device basis, including PCs, mobiles and the like, Flash usage will grow for at least the next three years.

If you look back, I'm sure you can find statements like this about Micro$oft Windoze as well (emphasis from the comments, not mine). Last time I looked, Microsoft seems to be doing quite well.

Let's do this.

- Write back in when HTML5 has one codec, or Mozilla supports H.264. That will be significant.

- Write back in when a significant commerical site (e.g. one that makes money rather than exists via contributions) DROPs Flash on the general (e.g. not iPad) enabled site. Seriously, in your estimation, when's the earliest a site like CNN or ESPN could drop Flash? Think carefully now, since today, only 50% of browsers are HTML compatible, and Mozilla won't play H.264, the format chosen by YouTube and Vimeo. Or, do you assume that one of the advantages of HTML5 is that all supporters will have to provide their video in two formats?

- Write back when a commerical site uses an HTML5 based DRM, or adaptive streaming based solution.

I'll be sure to weigh back in if Apple decides to allow Flash on the iPad, which is at least a possiblity once competitive products come out from HP and other vendors that let their customers view every web page on the internet. Jobs has enough FU money not to admit his mistakes, but we'll see what happens when a credible competitive product is available.

Jan

Jim
Said this on 3-24-2010 At 06:41 pm

"All you proved is that on one Linux box using unknown CPU and graphics card, playing back a totally non-representative cartoon, CPU utilization was "substantially less." Useless. The world is 50% Windows XP, and with Flash Player 10.1, and a supported graphics card, H.264 will benefit from GPU acceleration. Which cards support Ogg?"


My point was that you could have done that comparison using the same hardware configuration that you used for Flash and H.264 HTML5 video. That would have been useful. You didn't, so the comparison was very much less useful, particularly in the case of HTML5 video. What you would have seen is lower CPU usage across a broad range of browsers on a broad range of operating systems.


"Don't get me started on this. Why compare YouTube and Ogg with an animated file, a cartoon? Every independent test (e.g. not done by a Xiph employee) found that H.264 provides superior quality to Ogg. You would do yourself a service by never referring to this totally flawed study again."


I assume you're aware that many other sites have said exactly the same thing about your H.264 verus Theora comparisons. In any case, it isn't a H.264 verus Theora comparison. It's a "what YouTube does with H.264" versus "what YouTube could do with Theora" comparison. No one's disputing H.264 can be better than Theora encodes, but when in major deployments they're not the point becomes moot. Here's another comparison:


http://people.xiph.org/~maikmerten/youtube/


">>Flash is a major vector for virus propagation. Whenever a new vulnerability is exploited in Flash, it affects a great many people and it's up to one company to solve that. Something Adobe has often been lax in addressing.

So you say. Any references?"



Sure, there are many such examples. Here's one:


http://news.cnet.com/8301-27080_3-20000898-245.html?tag=newsLeadStoriesArea.1


Adobe products are the major vectors in these 2.6 million system compromises. Really, I'm rather surprised by your lack of sophisication here.


"The point is that with Chrome at the heart of Google's browser and operating system strategy, which it wasn't when Google started their agreeement with Mozilla, how long can Google justify paying 50+ million a year to Mozilla?"



This is somewhat silly. Why would Google pay Mozilla? Because the deal is clearly profitable for Google. You seem to think Google is throwing away millions a year for no gain.


"Along the same lines, why would Microsoft? Everyone needs a browser -- if they stop paying Mozilla, their market share will go up proportionately. In plain English, why subsidize a competitor for a mission critical product?"


Because Microsoft has to anyway. Right now and for free. Why wait until forced by law to include a browser ballot to promote alternative browsers when you could instead be making money by driving visitors to your web services? Profit and good PR is always better than legal sanction.

 

 

Said this on 3-24-2010 At 07:17 pm

Well, I couldn't run the same comparison with Ogg from YouTube because YouTube doesn't play Ogg files. Given that YouTube is 70% of all Internet video, that seemed pretty important.

As my article states, Flash Player can't access GPU acceleration on Linux. According to http://www.w3counter.com/globalstats.php, linux is 1.5% of market share of internet connected devices, while Windows is 85%, Mac 8%. So, my tests covered 93% of the market, yours 1.5%, and you're calling mine "less useful" than it could have been?  I challenge your assumption that Ogg takes less CPU horsepower to decode. Test Ogg vs. H.264 on Flash Player 10.1 with difference browsers on Mac and Windows computers and post the results. Everyone "assumed" HTML5 was more efficient until I proved that it wasn't in most test cases. Don't throw your theories out there - do the work and post the results.

Show me an Ogg vs. H.264 comparison that's not posted on Xiph. My comparison wasn't perfect, but after three tries I think it's the most useful, objective comparison out there. I used released code posted on the Xiph site, which is what most video producers would use, and posted all my results - both video and still image comparisons, as well as procedures. My test file has multiple segments comprising everything from talking heads to high action; in contrast, Greg Maxwell used a cartoon, and the other comparison a single, low motion interview file.

As I stated, I'll update the results for any released version of Ogg. I offered to send my test file to Greg Maxwell and he didn't respond. I'll say it again. If anyone from Xiph wants to encode my test file with released code (not developmental) and tell me how they did it so I can duplicate the results, I'll publish their findings -- assuming that I can duplicate their results. I don't know how to be more objective or transparent.

>>This is somewhat silly. Why would Google pay Mozilla?

Well, because they're contractually obligated to until 2011. You think it's silly to question whether it will continue? I guess I'm not aware of that many circumstances where companies essentially subsidize their competitors. What, if Mozilla went away, you think those customers would be irrevocably lost and wouldn't browse the web anymore? You think Google is in the browser market to stay at 5% share? It can only grow by stealing share from someone, and ceasing to fund the number two browser would seem like a good start.

>>So, CNET says: "Found in ads delivered from those networks was JavaScript code that Avast dubbed "JS:Prontexi," which Avast researcher Jiri Sejtko said is a Trojan in script form that targets the Windows operating system. It looks for vulnerabilities in Adobe Reader and Acrobat, Java, QuickTime, and Flash and launches fake antivirus warnings, Sejtko said."

Hmm. What's replacing Flash in HMTL5? Javascript. The browsers didn't find the malware, Java didn't find the malware and QuickTime didn't find the malware. This is a perfect example of why I wrote the column in the first place. Why no uproar that Java or QuickTime are susceptible to Malware?

You think hackers will simply stop trying to hack once Adobe leaves? They're just the biggest, most unified target, but that also makes them the most likely and capable of responding to these attacks.

>>Because Microsoft has to anyway. Right now and for free. Why wait until forced by law to include a browser ballot to promote alternative browsers when you could instead be making money by driving visitors to your web services? Profit and good PR is always better than legal sanction.

Perhaps. If I was the IE Product Manager, my goal would be to make the product so good that no one would want Firefox and use whatever legal tactics that were necessary to make that happen. Granted, my browser of choice is Firefox and I never use IE so I don't think they're close. But if Google stops funding Mozilla, Firefox goes away very, very quickly. You remember Netscape don't you?

Jan

Said this on 3-24-2010 At 12:03 pm

Thanks, Jan... I thought your title weird at first, but then realized that the common core was "techniques to attack a popular incumbent". Wonder how this particular analogy will spin out in the blogosphere though.... ;-)

I was also sorry to see you attacked for publishing benchmarks. "The best antidote to free speech is better speech", but those who can't speak better, smear... verbosely, digressively, and often pseudonymously. Time is against them, but they make the world less pleasant in the meantime.... :(

 

jd/adobe

Said this on 3-24-2010 At 05:56 pm
Thanks JD;

My favorite was a web site that commented that I was an Adobe employee. I know I've been in the building a few times, but where did THAT come from?

This is an opinion piece and I expect fair comment. But the benchmarks were as objective as I could make them.

Oh well, momma said you can't please everyone all the time. Thanks for weighing in.

Jan
Tran
Said this on 3-31-2010 At 04:29 am

Flash has a bad reputation because Adobe's plugins are a big problem for web security. 80% of exploits in 2009 were implemented through Adobe plugins - Adobe Reader, Adobe Flash and amusingly Reader in combination with Flash.

http://www.computerworld.com/s/article/9157438/Rogue_PDFs_account_for_80_of_all_exploits_says_researcher
http://www.computerworld.com/s/article/9135796/Adobe_confirms_Flash_zero_day_bug_in_PDF_docs
http://www.computerworld.com/s/article/9156038/Adobe_to_rush_out_another_critical_Reader_patch

That's why I follow the advice of Brad Arkin from Adobe in the third article and I don't allow the Reader plugin to run in my browser. I also use FlashBlock to limit when Flash is allowed to run. It's difficult to make the case that the one company in control of Flash is doing a good job here. It's a problem that seems too big for Adobe to handle.

DRM is something of a white elephant as far as Flash is concerned, isn't it? When has DRM ever been effective on the desktop? Look at blu-ray. They spent many years and much money developing a DRM scheme that was defeated almost immediately after the first blu-ray discs were released. It only takes one person, once to defeat it. When the practical outcomes are the same, you have to wonder why DRM should be bothered with in the first place.

If you want to control content the best way to do it is to take the approach of video game consoles and control the entire hardware and software stack. That's what Sony does with PlayStation. That's what Apple does with iPods, iPhones, and iPads. On such platforms Flash doesn't offer anything as far as DRM goes.

I'll take that challenge you issued! I'm on Windows XP using the latest 10.1 Flash (which is still an unreleased beta, of course), with the latest Nvidia drivers for Windows, on an Intel Core 2 6600 with 2 gigs of RAM, and an Nvidia 7600 GS video card. Let's watch a video on YouTube in 720p in a window sized to 720p resolution:

http://www.youtube.com/watch?v=U2CbY4TTpUo

Now let's watch the same video in Ogg Theora:

http://ia331417.us.archive.org/3/items/FirefoxInMotion-TheoraHd/FirefoxInMotion-HD.ogv

I get 55% CPU usage for Firefox 3.6.2 in the Flash playback. I get 55% CPU usage in Firefox for the Theora playback. Result: draw. I don't understand why even after 14 years of development on its favored platform Flash is equaled by a nine month old implementation of video which presumably isn't even particularly well optimised. I suppose you're going to tell me that I need to upgrade my video card or something. I think I'd prefer to back the younger video implementation.

Adobe themselves are backing HTML5 video and I agree with Jen Taylor from Adobe. HTML5 video is the way to go:

http://www.youtube.com/watch?v=cih2WqFuoBk

In the meantime, CBS, the New York times, and Time are building out HTML5 video. Brightcove is doing it for the New York Times and Time:

http://www.brightcove.com/en/video-platform/solutions/html5

Said this on 3-31-2010 At 11:25 pm

Tran:

Thanks for your note. I have to say, you're seeing the trees and not the forest. The trees are problems that you point out. The forest is that to the best of my knowledge, no major corporation or government institution has banned Flash. If it's that big a security risk, you would assume that would have happened.

You also miss a couple of key points. First, the 80% number applies to PDF docs, not Flash. So I'm not really sure why that's relevant. You also missed the quote "Because Reader is installed on almost all desktop computers, a well-crafted Reader attack can affect more victims than one that targets Internet Explorer or Firefox." Adobe is targeted because their players are ubiquitous. You think if Adobe dropped Flash and Acrobat the hackers would retire, maybe become teachers or social workers? Or turn to the next product and start hacking it?

A quick search in your favorite magazine yields plenty of other programs with issues. here are some favorites.

iPhone, Safari, IE8, Firefox all fall on day one of Pwn2Own (http://www.computerworld.com/s/article/9174078/iPh...)

Mozilla shipped worm with Firefox add-on (http://www.computerworld.com/s/article/9084078/Moz...)

Mozilla fixes 16 flaws with Firefox 3.5.4 (http://www.computerworld.com/s/article/9140008/Moz...). I particularly like this one because vulnerabilities were noted in the Javascript engine, which, of course, would replace some Flash functionality.

So, no program is totally safe from hackers. Adobe is a victim of their own ubiquity. Nonetheless, again, if security was truly that big an issue, why is Flash ubiquitous? Why do governments and corporations allow it to be installed?

Your viewing of the Jenn Taylor video reaches Tariq Aziz-like denial and misdirection. She lathers on the compliments of HTML5 and then says "We hope that html5 achieves the promise of innovation … in the meantime we’re going to continue to innovate around Flash as a way to deliver consistent experiences across all operating systems and all browsers." It's perfect big corporation mis-direction - she's saying "HTML5 isn't here yet and Flash is and will continue to be." Which is exactly what she should be saying. Are open source tree-huggers forwarding this video around saying "Adobe has seen the light?" I guarantee that that the Flash division isn't shutting down anytime soon.

And let's see. You test H.264 playback on a card that doesn't support GPU acceleration and it's no more efficient than Ogg. Gosh, a system pushing the same number of pixels used the same amount of CPU. Shocking. Got a list of chips and graphics cards that will support Ogg going forwards? Be a very short list as near as I can tell. Oh, yeah, and every H.264 vs. Ogg comparison not hosted by www.xiph.* has found that that H.264 has higher quality than Ogg, which has to be worth something.

Come to think of it, why even bring Ogg up. You think Apple plans to support hardware acceleration of Ogg in Safari anytime soon? Assuming that IE 9 replaced all current IE installations tomorrow and HTML5 compatibility was ubiquitous, less than 35% of the browsers out there would even support Ogg playback, not to mention zero iPhones, zero iPads, zero Zunes. Cripes, even YouTube doesn't support Ogg - why are you even bringing it up? It's one Google announcement (open sourcing VP8) away from being totally irrelevant.

And the New York Time and Time are building out HTML5 sites for the iPad - you make it sound like they're abandoning Flash. If you read my interview with the president of Brightcove on streamingmedia.com, you'd see that their HTML5 offering lacks support for Ogg (irrelevant for the iPad), support for third party advertising engines, DRM and lots of other stuff that little sites like the NY Times and Time need to like ... stay in business. Brightcove has a road map for most of these features, and they'll get there, but why would the NY Times or Time abandon Flash in the near term when only 50% of the market has browsers that are HTML5 compatible?

HTML5 has made some impressive strides over the last few weeks, but it's totally riding on the coat tails of the iPad. That's great, technologies should ride whatever horse they can find. But again, what are the advantages of HTML5 TODAY? Other than the iPad, why would I want it? Take the iPad off the table and do you really think that the NY Times or Time would be launching their HTML5 sites? Can you possibly think that?

And puhleeze, please quite banging the security drum. Here's the editor of PC Magazine, Lance Ulanoff "Others may complain of system or security issues, but I've never experienced them. Flash has come a long way since its animation-only days as Future Splash, and I really hope it doesn't go anywhere except forward." I feel the same way, and so do literally hundreds of millions of other users who have it installed on their cell phones, computers and other devices.

So tell me, why do I want HTML5 today? Quit beating down Flash. Start selling the concrete advantages of HTML5, as in features that it can deliver that Flash can't.

Jan

Tran
Said this on 4-1-2010 At 03:11 am

Uh huh. How many of the security vulnerabilities you listed were deployed in the wild? The 80% figure is about live, deployed exploits. Pwn2Own in particular is about finding vulnerabilities before they get exploited in the field. Anyway, you seem to agree that single-vendor solutions lead to security headaches that get exploited on a huge scale. Multi-vendor standards based implementations will always limit risk.

I didn't bring up Ogg Theora versus Flash. You brought it up in the challenge you issued in one of your comments. Don't cry foul because Flash didn't come out a clear winner on hardware and software I'm sure many millions of other users around the world use.

You get very worked up about Flash. I recommend you take some time out for a nice cup of tea and a quiet lie down. Once rested, please enjoy Flickr's HTML5 video deployment:

http://blog.flickr.net/en/2010/04/01/viewing-flickr-videos-on-the-ipad/

 

Said this on 4-1-2010 At 07:39 am
Good one. I get worked up because I have to devote valuable time refuting recycled half-truths and seemingly deliberate misrepresentations of the facts. Otherwise, erroneous statements that stand uncorrected accumulate the patina of truth over time.

Again, the iPad, HTML5's point of the spear (maybe the entire spear). Hard to bet against Apple devices, it will be interesting to see the long term effect this has on general web standards. Certainly all the online video platforms competing with Brightcove and Kaltura will have to launch similar services and many, many commercial sites will have to launch iPad versions as well. So feel free not to point out these launches in this blog, or if you do, please note that they are iPad targeted sites, which you didn't do for the NT TImes, TIme and Flickr. That's what I get worked up about.

If you're going to comment, at least present the whole story; not just the part that supports your view.

Jan
Post a Comment
* Your Name:
* Your Email:
(not publicly displayed)
Reply Notification:
Approval Notification:
Website:
* Security Image:
Security Image Generate new
Copy the numbers and letters from the security image:
* Message: