Sign in / up

back to article Facebook hammers another nail into Flash's coffin

Facebook has hammered another nail in to the coffin of Adobe Flash, by switching from the bug-ridden plug-in to HTML5 for all videos on the site. The Social NetworkTM explained the move by saying “Moving to HTML5 best enables us to continue to innovate quickly and at scale, given Facebook’s large size and complex needs.” …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Peter Prof Fox

    Is HTML5 pure and saintly

    OK, I accept 100% Flash is Dog's Breakfast that keeps walking. But the cider (I mean sceptic) inside me asks why is HTML5 assumed 'safe'? THEN: If there really is a good reason, then it's what we all need to know so the dirty bit of our code that deals with payments (etc.) can be re-done the saintly way.

    7 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Is HTML5 pure and saintly

      HTML5 can't do everything Flash does, that alone makes it more safe. There are surely some bugs in the implementations, but at least then you'd have a Chrome bug or Firefox bug or IE bug, not a Flash bug that affects everyone.

      Flash was originally developed for animations but its power was extended with a full fledged programming language that was designed with little attention paid to security. It was then able to be used for almost anything - but most people only installed it in their browser because it was required to watch videos from Youtube and other sites.

      Unfortunately there was no way to get a "streaming video only" lite version of Flash, because Adobe didn't want to fragment their market. Instead they let it die because now that streaming video from all major sites has moved away from Flash, there is no reason for 99% of people to install it in their browser. It is only needed if you visit some outdated site that still uses it.

      24 4 Reply
      1. David Bird
        Reply Icon

        Re: Is HTML5 pure and saintly

        "outdated site that still uses it" - that will be the BBC then, about the only site I visit these days that nags me to install it.

        20 0 Reply
        1. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: Is HTML5 pure and saintly

          "outdated site that still uses it" - that will be the BBC then, about the only site I visit these days that nags me to install it.

          We're working on it right now (in true BBC glacial fashion)

          http://www.bbc.co.uk/html5

          4 0 Reply
          1. A Known Coward
            Reply Icon

            Re: Is HTML5 pure and saintly

            "We're working on it right now (in true BBC glacial fashion)

            http://www.bbc.co.uk/html5"

            "To use the player, visit BBC iPlayer or iPlayer Radio"

            So not BBC News then? That's the only BBC News site I visit daily ...

            (That doesn't mean I don't watch BBC programmes, I do, just through the higher quality DVB broadcasts stream on a large 'monitor' which I call a television™ attached to a magical box which records everything I could possibly want.)

            0 0 Reply
        2. Quortney Fortensplibe
          Reply Icon
          Alert

          Aunty Past It

          "..."outdated site that still uses it" - that will be the BBC then, about the only site I visit these days that nags me to install it....

          Not only that.

          You used to be able to do a quick User-Agent spoof to say you were viewing the BBC site on a tablet browser and would then get the HTML5 version served to you. A while back they 'broke' this workaround so you now just get an error if you try that. So, not only nagging you to use Flash, but actively preventing you from avoiding using Flash.

          [Yes, I know all about the HTML 5 Beta option, but that's a fairly recent thing, is so well-hidden you'd think they didn't want you to know about it. And doesn't work for all content.]

          3 0 Reply
      2. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: Is HTML5 pure and saintly

        "HTML5 can't do everything Flash does"

        And when it can the amount of boiler plate code required to do it makes you weep. I know its easy to knock flash and god knows it deserved it for all its bugs. But from a functional point of view HTML5 isn't even in view of the same ballpark yet, never mind in it.

        "Flash was originally developed for animations but its power was extended with a full fledged programming language that was designed with little attention paid to security"

        I don't think it was that so much, after all, browser makers could have sandboxed it just like with java craplets - it was more the endless exploitable bugs.

        1 0 Reply
        1. Quortney Fortensplibe
          Reply Icon
          WTF?

          Re: Is HTML5 pure and saintly

          "...And when it [HTML5] can the amount of boiler plate code required to do it makes you weep..."

          
                
                
          <video width="xxx" height="yyy" controls>
          
                
                
          <source src="somevideo.mp4" type="video/mp4">
          
                
                
          <source src="somevideo.ogg" type="video/ogg">
          
                
                
          Your browser does not support the video tag.
          
                
                
          </video>

          You must cry very easily.

          0 3 Reply
          1. Anonymous Coward
            Reply Icon
            Anonymous Coward

            'You must cry very easily'

            I don't think he was referring to using Flash for videos, but using Flash for other tasks that can be easily accomplished using its scripting language, such as games. There may be some loss of capability that comes with Flash's demise, but losing stuff like browser-based games that can't be implemented using HTML5 is worth it for the reduction in threat exposure. Flash is the most insecure piece of software installed on the average computer, and deserved to die.

            3 0 Reply
          2. Jan Hargreaves
            Reply Icon

            Re: Is HTML5 pure and saintly

            I much preferred encoding only one format rather than the two you need to for HTML5. If you have a lot of video, you now need double the disk space.

            Also things like masking, transitions, overlays are terrible with HTML5 in comparison to flash but the web moves on/ backward.

            0 0 Reply
          3. Anonymous Coward
            Reply Icon
            Anonymous Coward

            Re: Is HTML5 pure and saintly

            "You must cry very easily."

            Congratulations on proving you have no idea what flash can due. Here's a clue - it does more than just play videos.

            0 0 Reply
      3. John Sanders
        Reply Icon
        Facepalm

        Re: Is HTML5 pure and saintly

        I can't stop thinking how obtuse and plain stupid Adobe has been with the whole Flash saga.

        They should have open sourced the player minus the DRM parts offered as a plugin.

        Had they done that Flash would have been fixed and made part of all browsers, Adobe would be in control of a standard and we would have less headaches.

        The internet works on open standards or it doesn't work.

        1 0 Reply
    2. Mike Bell
      Reply Icon

      Re: Is HTML5 pure and saintly

      HTML 5 doesn't do anything magical in respect of video playback. It just offers your browser the choice of playing MP4, WebM or Ogg files, depending on what's available on the server.

      It's likely the case that player implementations for these file formats do have uncovered vulnerabilities. It's not so long ago that tainted JPEG files could poison a PC, for example. Such is life.

      2 0 Reply
      1. Adam 52 Silver badge
        Reply Icon

        Re: Is HTML5 pure and saintly

        "Such is life"

        I don't really understand why this is such a big a part of life. Buffer size errors shouldn't be an issue any more, the language support and tooling to make them obsolete has been around for decades. Privilege escalation as a class of error have no place in a video or image fornat because there's no reason to have scripting.

        There will always be nasty protocol errors and tools like VMware and Xen will take shortcuts for speed but the implementations should be robust by now.

        Clearly there are smart people at Adobe etc, so there must be something I'm missing.

        7 0 Reply
        1. Crazy Operations Guy
          Reply Icon

          Re: Is HTML5 pure and saintly

          "Privilege escalation as a class of error have no place in a video or image fornat"

          Except that most OSes pass video decoding to the processor, which could be susceptible to a buffer overflow. All a malicious video would need is a couple of extra bits to hijack the CPU (just needs to get the CPU to execute a JMP to whatever memory address the video's payload has been dropped into)

          0 0 Reply
      2. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: Is HTML5 pure and saintly

        "It's not so long ago that tainted JPEG files could poison a WINDOWS PC"

        There, FTFY.

        2 5 Reply
        1. Crazy Operations Guy
          Reply Icon

          Re: "FTFY"

          That four letter acronym has surpassed YOLO on my list of phrases that allow me to ignore people while knowing that nothing of value has been lost. The phrase is very insulting and condescending as well as showing that the user doesn't have enough intelligence to come up with their own rational, or original, thought.

          Of course, with your comment, I am doubly assured that you have nothing to contribute to the conversation because you are parroting the demonstrably-false myth that only Windows machines have coding errors.

          1 2 Reply
          1. Anonymous Coward
            Reply Icon
            Anonymous Coward

            Re: "FTFY"

            "The phrase is very insulting and condescending"

            Its supposed to be. Have you only just figured this out? Welcome to online forums.

            "well as showing that the user doesn't have enough intelligence to come up with their own rational, or original, thought."

            Really? Well apparently the original poster can't tell the difference between the hardware - a PC - and software - the OS. Just making a blanket statement that a "jpg can poison a PC" is ignorant rubbish.

            0 0 Reply
    3. Adam 1
      Reply Icon

      Re: Is HTML5 pure and saintly

      HTML 5 is a spec. It isn't inherently safe or unsafe. That depends on the quality of the software that implements the spec.

      11 0 Reply
    4. sisk
      Reply Icon

      Re: Is HTML5 pure and saintly

      It's not so much that HTML5 is assumed 'safe' as we know Flash is most definitely 'unsafe'. At this point it seems like every time Adobe fixes a bug in Flash three more seem to crop up. There's also a lot less code backing HTML5 than Flash, which means there's less room for bugs to begin with. But really it boils down to the fact that there's a new exploit popping up in Flash every time we turn around. Whether HTML5 is actually safe or not it has to be better.

      0 0 Reply
  2. Pascal Monett Silver badge

    "being able to apply changes directly in the browser allow us to move fast"

    Good on Zuckland for killing off Flash. Given its market reach, it is a very important step in securing the Web in general.

    That said, I always cringe when I hear IT people talk about moving "fast". Practically every time I've witnessed a project moving fast, it generally ended up right in the wall and not moving at all until somebody found a way to revive it.

    No doubt we'll see how fast they can _safely_ move in short order.

    1 0 Reply
    1. Frumious Bandersnatch
      Reply Icon
      IT Angle

      Re: "being able to apply changes directly in the browser allow us to move fast"

      I always cringe when I hear IT people talk about moving "fast"

      Agreed. As that guy who recently won an MMA title fight said, "timing beats speed, precision beats power."

      0 0 Reply
  3. Doctor_Wibble
    Flame

    HTML5?

    Is that the one that my HTML5-capable browser apparently doesn't do? The one where those twats have those hilariously jolly "dang poot" and "gosh snap" messages? How about instead of being such total nob-ends people put up a single static frame from the video with a simple informative message stating that the test for video capability didn't work?

    And bbc and sky I'm looking at you here, having that message *not* almost entirely obscuring said possibly-representative frame, and along with everyone else, yes this does mean someone actually looks at what's in the video and making an editorial decision which for any news site I think is not a bad idea.

    TLDR: possibly yay, when it works it's great, but when implemented by retards, not so much.

    P.S. yes any excuse for an 'anti social media rant', noting free gift of multiple emphatic word grouping options there, not least because it's all completely evil and I normally never touch the stuff. And no, I absolutely make no claim to being suitably informed. It's the internet.

    3 1 Reply
    1. Destroy All Monsters Silver badge
      Reply Icon
      Paris Hilton

      Re: HTML5?

      This posting opened my mind.

      0 0 Reply
      1. TeeCee Gold badge
        Reply Icon
        Facepalm

        Re: HTML5?

        It made mine escape through my left ear.

        It seems that, while mindless, I opened a bloody facebook account........

        0 0 Reply
      2. Doctor_Wibble
        Reply Icon

        Re: HTML5?

        > This posting opened my mind.

        I'm actually quite glad about that because my electric spork has been on the blink lately and is in for repairs - it's one thing to openly confess like this but to be caught unawares without a working one would have been more than just a little shameful.

        0 0 Reply
    2. Vic
      Reply Icon

      Re: HTML5?

      The one where those twats have those hilariously jolly "dang poot" and "gosh snap" messages?

      Whenever I see those, my first reaction is usually "Thank $deity for that", as I'm generally more interested in the text content than watching the same info being narrated to me by a talking head...

      Vic.

      3 0 Reply
  4. TheProf
    Devil

    Just about sums up life in general

    “We saw more errors, longer loading times, and a generally worse experience.”

    2 0 Reply
    1. Amorous Cowherder
      Reply Icon
      Facepalm

      Re: Just about sums up life in general

      Sums up Facebook in general!

      1 0 Reply
  5. speco
    Trollface

    Funny observation

    Users spent more time with videos after the switch! Not because it worked as easy as flash, bloody!! It look longer to load and has very poor caching implementation. Obviously you have to spend lot of time waiting for the damn video to load! he he he!

    2 2 Reply
  6. Anonymous Coward
    Anonymous Coward

    Flash and Privacy

    The most likely reason Farcebook took itself up short with Flash is, by using Flash they were giving away tons of the precious user data that Farcebook perfers to mine and sell. Read the disclaimer you agree to when you update or install Flash. The sooner everyone adopts HTML5 the better.

    3 2 Reply
    1. fuzzie
      Reply Icon

      Re: Flash and Privacy

      Many sights still keep a little bit of Flash around, because people aren't generally clued up enough to know about Flash cookies. Many privacy filters etc will keep a tight lid on your browser's cookie jar, but can't do the same for Flash cookies...the other (back door) tracking mechanism.

      0 0 Reply
    2. Roland6 Silver badge
      Reply Icon

      Re: Flash and Privacy

      The sooner everyone adopts HTML5 the better.

      For whom?

      I doubt HTML 5 grants any more privacy than what it replaces; at best it means your data only goes to the website (and it's selected partners) rather than to Adobe et al.

      What I find irritating about HTML 5 is that there seem's to be no subsets or profiles defined as part of the specification. This is going to make it difficult to consistently code for 'mobile' or reduced subsets, and the creation of browser controls that permit such things as turning off the 'Flash' equivalent functionality.

      0 0 Reply
  7. Anonymous Coward
    Anonymous Coward

    The sooner everyone adopts HTML5 the better

    That way we can make it harder for you to block annoying ads.

    2 0 Reply
  8. Anonymous Coward
    Anonymous Coward

    Now if only HR would stop using it

    All their mandatory "training videos" are in Flash...

    1 0 Reply
  9. DropBear

    "...not least because YouTube's also flushed Flash"

    ...which in Youtube's interpretation means "now supports x264" - WebM or Ogg not so much, so if your (red-hued-flaming-sly-beast-themed) browser just doesn't do x264 you're SOL as far as they're concerned.

    0 0 Reply
  10. yaswant0708

    I have no knowledge about Adobe or HTML 5 and so cannot comment in this regard,but being a member of Facebook, I have repeatedly represented that soon on uploading any video, a member is barred from further uploading for the reason that the video contained some material relating to third party i.e. violating copy right norms.It can well be understood that a member might not be knowing that the video, being uploaded, would violate the copy right norms.

    You Tube, under such circumstances, do not allow a member to have right for monetization but do not remove video uploaded by the member.It will be in the interest of Facebook, if same principles are followed as You Tube in regard to the norms of copy right.Many members have the same complaint that they are barred frequently from uploading video/audio songs.Of course, all those who are facing this problem may not be representing, but it is true.So it is my fervent appeal for revising policy relating to copy right.

    0 3 Reply
    1. Vic
      Reply Icon

      a member is barred from further uploading

      Hmmm. We could really do with a button for "I'm really suspicious of this post". Or is the "report abuse" button to be used for that?

      Vic.

      2 0 Reply
      1. Quortney Fortensplibe
        Reply Icon
        WTF?

        Babel Fishy! Here, Babel Fishy!

        "...Hmmm. We could really do with a button for "I'm really suspicious of this post"..."

        I'm withholding judgement until they release the English language version.

        0 0 Reply
  11. Barbarian At the Gates

    FutureSplash Animator

    When you look back on the history of where Flash came from, it seems obvious why it's a festering pile of...software. I will miss it about as much as RealAudio, webpages with auto playing MIDI music, and <blink> tags.

    3 0 Reply
  12. Matt Bryant Silver badge
    Go

    Good.

    Title says it all.

    0 0 Reply
  13. Destroy All Monsters Silver badge
    Mushroom

    Flash Bullshit is alive! Dispatch war rocket Ajax...

    SpaceX demands that I install Flash to livestream theior launch attempt.

    What the fuck is this

    0 0 Reply
  14. Anonymous Coward
    Anonymous Coward

    Flash off

    And you too Facebook.

    0 0 Reply
  15. saikosys

    ... except that the next version of Flash will export to HTML5.

    The accounts of Flash's death are greatly exaggerated. It still has some of the best animation tools around for the money.

    0 0 Reply
    1. Vic
      Reply Icon

      It still has some of the best animation tools around for the money.

      Do you have any affiliations you'd like to disclose, perhaps?

      Vic.

      0 0 Reply
  16. Anonymous Coward
    Anonymous Coward

    In a perfect world...

    In a perfect world, the browser vendors and Adobe would show respect for legacy content and it's creators and users and developed a native actionscript 3 run time. It's an ECMA script just like JavaScript and would have also given browser developers a choice of scripting their HTML5 application using ActionScript.

    I have been developing with JavaScript and HTML since the late 1990s and ActionScript since soon after that and I believe AS3 to be a superior language than any version of JavaScript and it is a shame that history is not full of the correct technology choices because we would have binned JavaScript and the Flash player and gone with HTML5 and ActionScript 3 in the browser.

    But hey, I still am still running with the last gasps of AS3 contracting out there - I'm enjoying the superior tooling and the super language much more than my last contract which was mainly Angular and TypeScript.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like