So scientists would prefer to use a buggy unsecure medium to gather what is probably (scientifically) important data rather than sped a few hours rewriting it (and probably improving the user interface and such like). Don't these guys have under graduates for this kind of work?
When Adobe this week announced its intention to kill Flash by 2020, a cheer went up among techies everywhere – not least of which were the browser-makers, who seemed pleased to hasten its death on the web. But others, including Flash game devs and some in the sciences, seem less ready to suit up and deal with the fallout. …
"sped a few hours rewriting it "
You can learn a new programming language in just a few hours, and then you know how to use it securely? Impressive.
Or maybe, you think those people just have plenty of free time to spend on that?
" .. and then you know how to use it securely?"
You seem to be under the impression that they used flash securely to begin with.
'that they used flash securely to begin with'
With Flash, the main issue was the run-time security, not the applications'. The application needs to be written purposely to exploit the run-time vulnerabilities. So the problem is having the run-time installed. I don't believe researchers will create attacks by chance....
But, but - they used node.js. Surely, that'll be secure!
 IMHO - the offspring of VB6 and Flash..
Re: "So scientists..."
I find it rather disturbing that scientists, of all people, apparently find progress to be a "nuisance".
Aren't they the very people who should be forging on regardless?
Yes, everyone has a budget. Tesla had one, so did Edison, and Darwin and Einstein and da Vinci. Imagine if they'd all said; "You know, this business of 'changing stuff' is such a damned nuisance. If anyone dares to change even another single spec of dust on this planet, I shall rip up my quarterly budget statement and go back to living in a cave and worshipping stuffed animals".
What sort of person, scientist or otherwise, makes absolutely no contingency for the inevitability of change?
If only the Beeb would stop using Flash on www.bbc.co.uk/weather I think I'd be able to ditch it completely.
RE: Doctor Syntax
That sounds more difficult than going to Google and searching for "UK weather".
@Doctor Syntax - "If only the Beeb would stop using Flash on www.bbc.co.uk/weather"
Ummmm, it seems to work fine for me (with no flash installed), alternatively there is always the Met Office site.
"alternatively there is always the Met Office site."
Ummmm, it seems to work fine for me (with no flash installed)
Likewise. Even on my (Flash-free) Mac and my (flash-free) Android handset.
I suspect they use Flash if it's installed and fall back to more secure methods if it isn't.
"I'll now need to recode or retire some of my earlier Flash studies that are still collecting data," he added."
Well don't use java, 'cos that plugin was tossed out last update by those nice people at Firefox.
There's a fix, but good luck getting your user base to sign up for doing it.
Good. I think Java in the browser was even more exploited than Flash at one point. Which was pretty stiff competition...
I'd make an educated guess that since 2010 or so infections via Java outnumber Flash by at least an order of magnitude, even though Java in the form of applets in the browser is pretty much dead by now so Flash has had some time to catch up.
The reason being that the Java bugs were logical errors in the applet sandbox. Once you're out of the sandbox, you have full access to do anything to the computer.
100% reliable and even cross-platform.
Flash has nothing similar - the browser Flash Player simply doesn't have any APIs to do stuff to the underlying OS (like write files to disk arbitrarily and execute them). Flash bugs are, without exception, memory corruption and thus tend to be difficult to exploit reliably.
Surely this has an easy solution.
The academics have limited time and budget to replace it. But I'm sure the tech industry can find a way to easily provide them with compensation.
Adobe simply need to buy a small plot of land. Perhaps one on every continent? Then they place a grave and headstone saying "here lies the body of Flash died 2020 - much missed by malware writers the world over". Then all they need to do is bury some sort of piezo-electric doodad in the ground, and they'll generate megawatts of power from all the techies coming to dance on Flash's grave.
Pipe power to universities, they get the budget that would have been spent on that for Flash replacement, techies get fitter without having to pay for gym memberships... Everyone's a winner!
Re: Simple solution
The problem with this simple solution is likely to be the same problem with the current software.
Or were you infering that Adobe could get someone competent to do the implementation of the celebratory power generation?
I'd be terrified of megawatts of power being run through a dozen tatty power cables comprising more patch than cable. :)
I wonder how much of the problems with Flash would be solved if it was open sourced?
Then the malware writers would have access to the code too. Could the open source community patch the new vulnerabilities fast enough? It could be like trying to fill a bucket faster than the water can pour out of the holes.
Anyway, what if everyone pointed and laughed? Or it turned out the code was written in crayon, by an infinite number of monkeys?
honestly would not mind seeing this even if I seldom use it. lot of older stuff can't (from what I understand, could be wrong) be ported over so worth a shot. if it fails in no worse shape then present really.
"Anyway, what if everyone pointed and laughed? Or it turned out the code was written in crayon, by an infinite number of monkeys?"
I think a lot of people would say "I KNEW it!"
>I wonder how much of the problems with Flash would be solved if it was open sourced?
Most of the problems can be solved using openfl to target html5+ or native - slightly more complex to build for non-devs but the bulk of code would be re-usable and stimuli etc identical for replication. A good (honest) dev will be charging in hours and days not weeks - in-house will find it a fairly painless leap and be back on their day jobs in no time.
Gnash only implements a (very) small fraction of Flash. In web browser parlance it'd be like comparing Netscape 2 to a modern browser.
Open source Flash
concerning magic pixie open-source dust (lack thereof)
"I wonder how much of the problems with Flash would be solved if it was open sourced?"
Would you like to work on a bug-riddled and probably poorly documented and tested legacy code base for free?
Open-sourcing Flash could work if there were a bunch of companies would would consider it in their enlightened self-interest for Flash to continue existing, and would be willing to pay developers to work on the code base.
But I don't see any such white knights on the horizon. Google, Apple and Microsoft have clearly already made their choice for HTML5.
It could be like trying to fill a bucket faster than the water can pour out of the holes.
To cross-pollinate threads - this sounds like an apt description of Brexit..
Virtual Learning Environments are going to suffer
I would have thought academia was more concerned about flash based material in moodle / blackboard
Cry me a river, whingeing academics
Th university community the world over is noted for its less than serious approach to IT security. Adobe has been courteous enough to give the unis a couple of years in which to get their act together, change grant proposals, address staffing, and the like. Yes, it will cost more in the short run. But compared to the impact of massive malware infestations (and Flash has to be considered the most successful one to date), not so large an investment.
Re: Cry me a river, whingeing academics
And even then, just 'cos Adobe stop updating it doesn't mean it will suddenly stop working for any kit that you already have; labs kitted out with banks of PCs will still work for as long as the hardware remains viable.
Given its notorious insecurity, we could decide that putting flash on a website is implicitly an attempt to hack visitor's computers.
Flash was destined to die, if you haven't already worked out your escape strategy, you are a fucking numpty.
Re: Flash point
OR, you could be the "computer janitors" that are told what technology they will be implementing by the numpties wearing suits. In the last year we've had 3 more "enterprise" applications foisted on us that use Java and/or Flash. The one that only uses Java broke when Java updated to 1.8.141 - rollback to 131 and block Java updates for a subset of the domain computers, yay! At least the 2 that use Flash won't work unless Flash is on the latest update.
We are stuck with several Flash and Java dependent legacy apps also and the powers that be refuse to spend the cash to transition to something else - if there is even a competing product that doesn't use Flash/Java which isn't always the case.
Re: Flash point
"We are stuck with several Flash and Java dependent legacy apps also and the powers that be refuse to spend the cash to transition to something else - if there is even a competing product that doesn't use Flash/Java which isn't always the case."
Hundreds of companies will be like this and use Flash for the next decades, and be open for all exploits !
Just make sure you're not into security.
Flash started as a tool for interactive games and presentations
But then people used it to stream videos.
Those wanting to get rid of Flash have forgotten its origins, the things it was good at from the beginning.
Flash isn't just video
Such a program will run in a web page and was HUGELY more secure (and cross platform) than the alternative at the time, Active X.
The idea of ActionScript and Flash (unlike Active X in a browser) isn't evil, the problem has been Adobe's crap implementation. Also the problem of newer versions being incompatible with older browsers on TVs, Setboxes, Personal Media Players etc that can't be updated (the problem of closed source and monolithic usually non-existent upgrades for a gadget less than a year from launch, contravenes SOGA, should be 2 to 6 support depending on product).
So problem is more Adobe than the concept of flash and ActionScript.
Re: Flash isn't just video
Except Adobe didn't really 'Implement' it. They got it when they bought Macromedia and all it's products like Dreamweaver etc. Macromedia Flash, Dreamweaver and the rest of the suite were pretty good tools, but hey, that was all before Web2.0
Are you listening, VMware?
Are you listening, VMware? That "web" client you have, which is written in Flash and is an inferior experience to the ancient Windoze-based client, needs to be overhauled and replaced with something usable.
Re: Are you listening, VMware?
No worries, they are working hard on porting it to Silverlight.
Aren't all the flash based psychological studies invalid anyway?
They exclude everyone with a clue about security from the sample.
Re: Aren't all the flash based psychological studies invalid anyway?
"They exclude everyone with a clue about security from the sample."
That's such a vanishingly small portion of the population that it does not make the studies invalid. They are invalid for completely different reasons.
Flash is dead to me
All our home systems have been flash free for the last couple of years. All new systems I'm building are flash-free. By flash-free, I'm referring to not installing flash AND not using Microsoft's Edge browser with pre-installed flash. They are better for it, a little bit safer, less vulnerable. Reducing attack vectors while improving reliability is important.
Surely someone will come out with a flash emulator to help scientists. We shouldn't need the flash plugin installed in billions of machines in order to be able to interact with a flash script. If I can play Moon Patrol and Joust over at the Internet Archives, surely I can also play a flash script the same way.
The demise of flash has been slow in coming, and predictable, lots of time to come up with a game plan.
I had an issue over the last few days where a work machine being used for shipping was thrown into a refresh loop on account of Adobe flashplayer, couldn't log in or do anything. FedEx has a stupid flash ad banner on their front page and something went wrong - clearing the cache and resetting things wouldn't solve the problem. I ended up circumventing this bug by installing an ad blocker and blocking the flash element. I won't miss flashplayer one bit. Good riddance to yet-another example of Adobe's terrible coding.
Re: Flash is dead to me
Home Star Runner
Although Flash has been a train wreck in the past 10 years sites such as Home Star Runner wouldn't have been possible without it. Back then it made websites on a 56k fully interactive at that stage was amazing.
Make no mistake, the only way we're ever getting rid of Flash is by forcing web developers / webmasters to stop relying on it in their websites - because nobody using it can ever be persuaded to fucking STOP using it and use something else: it seems the inertia of flash devs is effectively infinite for all practical purposes. Disabling it in your own browser is only ever going to be a partial solution for as long as it isn't effectively outlawed there always will be a non-negligible number of sites that you just need to use that simply don't work without it and refuse to change. So yeah, saying that I'm exceedingly happy those recalcitrant lazy fuckers will finally get officially booted off the web for good soon unless they move on is the understatement of the century. Actually, I'm mildly curious to see how the zillion giant flash-game collection sites will handle this...
OK, so you get rid of Flash
from the browser. I won't mourn its passing. But what do you do about all the sites that contain flash and don't get updated but do continue to be hosted?
I once crossed paths with a Macromedia "higher up" whilst in San Francisco. He sat next to me at a hotel bar, ordered his drink, then proceeded to count out coins to pay. Since I was ready for my next drink I told the bartender to put it on my tab so I wouldn't have to wait an eternity. That's when he introduced himself. I decided not to let on that I was into computers twenty years or so. I could see why Flash ended up the way it did after his talk. It wasn't bad per se. It just was conceived before Internet security needed to be designed in from the beginning. Adobe just made sure it got as bad as it did.