# Flash is really, really dead



## drhowarddrfine (Dec 10, 2016)

I get the impression some folks think Flash is still a viable product and will be around for a long time. The reality is driven home even more by Chromium's announcement yesterday:



> HTML5 by Default
> 
> ...this change disables Adobe Flash Player unless there’s a user indication that they want Flash content on specific sites, and eventually all websites will require the user’s permission to run Flash.
> 
> ...


----------



## kpa (Dec 10, 2016)

Is flash dead? Is the pope catholic?


----------



## getopt (Dec 10, 2016)

kpa said:


> Is the pope catholic?


Catholics belief in rebirth.


----------



## obsigna (Dec 10, 2016)

getopt said:


> Catholics belief in rebirth.


Since when?


----------



## scottro (Dec 10, 2016)

Unfortunately, even with Google trying, I doubt flash will be  gone anytime soon.  Lots of sites still use, and will probably continue to use, it.  
On the other hand, at least these days, most browsers make it trivial to block autoplay, whereas with html5, the only way that I have found to consistently work is to block javascript.  (CNN, for example--do they really think it gives a better experience?  One wonders how many people now avoid CNN because of their autoplay, and how much they paid the people who decided it was a good idea.)


----------



## drhowarddrfine (Dec 10, 2016)

scottro said:


> Lots of sites still use, and will probably continue to use, it.


Legacy stuff that hasn't or won't be updated. Among the people I know who write for the web, Flash is never even mentioned except for old stuff people ask me to convert for them. Note: I haven't had that request in years.

Autoplay is dumb and a UI blasphemy. Any site that does that is stupid; and I'm being kind. 



scottro said:


> block javascript



I just had a discussion online about users who do this. The surveys I read say that less than 2% of everyone doesn't do that and those who do are aware of the issues they present themselves so the general consensus is that one need not code for them. In my company's case, we have zero people who visit any of our client sites with javascript disabled. 

On the other hand, there is a group of people who will say you need to make your site still work in case the javascript doesn't get downloaded, such as on mobile devices when the train goes through a mountain. My question is, then they are just as likely to not receive other elements of the page like CSS. I never get a sensible reply to that.

For smaller companies that rely on services to handle things like credit cards, there is no option. You must use javascript. So if javascript is required for that basic functionality, what good does it do to not have javascript run the entire site?

And that's where the web is going. You can say it's there today. Especially developers who are only copy/paste artists and pooh any attempts at real coding and will lambaste you for think such.

What we do is make our sites work as much as possible with plain HTML and CSS and only require javascript when it's out of our control.


----------



## kpa (Dec 10, 2016)

Interestingly Microsoft very recently added both 32-bit and 64-bit flash players to Windows 10 as part of the basic install of the OS. I can't believe that MS has any faith in the future of flash, they are not that dumb regardless of what you think of them. I suspect that they only did it because someone with a big enough support contract threatened to pull the plug and look elsewhere if MS didn't continue to provide direct support for flash in windows.

Edit: MS has in fact added both 32-bit and 64-bit flash but only the 32-bit control panel item is present.


----------



## drhowarddrfine (Dec 10, 2016)

kpa said:


> someone with a big enough support contract threatened to pull the plug


I would believe that or someone paid enough to keep it on there.


----------



## rorgoroth (Dec 10, 2016)

kpa said:


> Interestingly Microsoft very recently added both 32-bit and 64-bit flash players to Windows 10 as part of the basic install of the OS.



Not sure about the 32/64 but they have been shipping flash with Windows since version 8.


----------



## getopt (Dec 10, 2016)

obsigna said:


> Since when?


Since they recognize that eternal life is lasting too long and tends to become boring.


----------



## Phishfry (Dec 10, 2016)

rorgoroth said:


> they have been shipping flash with Windows since version 8


That software has been there much longer in OCX form
http://www.dslreports.com/forum/r24636223-Macromed-folder-hidden

http://superuser.com/questions/3750...ve-the-default-install-of-flash-on-windows-xp


----------



## rorgoroth (Dec 10, 2016)

Phishfry said:


> That software has been there much longer in OCX form


Nice find, I had no idea about that.
I guess they only made it visible in control panel in 8. On my Win64 machine now it only shows "Flash Player (32 bit)", files:

```
Directory: C:\Windows\System32\Macromed\Flash


Mode                LastWriteTime         Length Name
----                -------------         ------ ----
-a----       29/10/2016     00:56         160534 activex.vch
-a----       29/10/2016     00:56       28204024 Flash.ocx
-a----       29/10/2016     00:56         689144 FlashUtil_ActiveX.dll
-a----       29/10/2016     00:56         934392 FlashUtil_ActiveX.exe
```


----------



## Phishfry (Dec 10, 2016)

The funny thing is the post about the macromed folder being hidden means he is infected. In the early days it was common to have a malicious ocx replace the flash one and make itself read only. It was a mess from the very beginning.


----------



## Phishfry (Dec 10, 2016)

No coincidence that the NSA showed up around the same time
https://www.heise.de/tp/features/How-NSA-access-was-built-into-Windows-3444341.html


----------



## drhowarddrfine (Dec 10, 2016)

Does every thread here have to include a story about the NSA?


----------



## BSD-Kitsune (Dec 10, 2016)

drhowarddrfine said:


> Does every thread here have to include a story about the NSA?



It's a legitimate concern these days. If you use a non open source desktop OS that hasn't been neutered of spyware they install, then you're not safe. I've already neutered 7 in my case.


drhowarddrfine said:


> I get the impression some folks think Flash is still a viable product and will be around for a long time



I think it'll still be relatively common in a few years because Mozilla discontinued Shumway, which I think was a poor decision. Without either a JIT to convert Flash to HTML5 or some other emulation system how does one expect the current flash products on the market to function in absence of NPAPI or PPAPI support?



drhowarddrfine said:


> I just had a discussion online about users who do this. The surveys I read say that less than 2% of everyone doesn't do that and those who do are aware of the issues they present themselves so the general consensus is that one need not code for them. In my company's case, we have zero people who visit any of our client sites with javascript disabled.
> 
> On the other hand, there is a group of people who will say you need to make your site still work in case the javascript doesn't get downloaded, such as on mobile devices when the train goes through a mountain. My question is, then they are just as likely to not receive other elements of the page like CSS. I never get a sensible reply to that.
> 
> ...



To answer your question, I've never seen JS load before CSS. If you don't need the features of JS on your pages, you should not use it, IMHO. It's a security risk and a huge slowdown - I can still use the web on an SGI Octane, a Bebox or a HP C8000 in absense of Javascript .


----------



## gpatrick (Dec 11, 2016)

drhowarddrfine said:


> Does every thread here have to include a story about the NSA?


As someone that has family who works in the US Intelligence Community I can tell you the organizations aren't evil, and are staffed by individuals with families.

It is tiresome.


----------



## drhowarddrfine (Dec 11, 2016)

TeamBlackFox said:


> It's a legitimate concern these days.


My point is, this topic is about Flash being slowly eliminated from Chromium, not international intrigue.



TeamBlackFox said:


> how does one expect the current flash products on the market to function in absence of NPAPI or PPAPI support?


A company still using Flash on the web for its products made that mistaken decision years ago and will suffer the consequences. Is anyone still selling home TVs with CRTs?



TeamBlackFox said:


> To answer your question, I've never seen JS load before CSS.


That misses the point. That if one is concerned about a page not loading javascript, why aren't they concerned about the same page not loading CSS?



TeamBlackFox said:


> It's a security risk and a huge slowdown


Not any longer. Security problems are not the issue nowadays and you can bog a site down with bad programming so don't do bad programming and learn lazy loading, use HTTP/2, delayed downloads and all the things to prevent that.


----------



## drhowarddrfine (Dec 11, 2016)

gpatrick said:


> As someone that has family who works in the US Intelligence Community I can tell you the organizations aren't evil, and are staffed by individuals with families.
> 
> It is tiresome.


I've always said that I found it amazing that so many online sites and anonymous posters know so much about the inner workings of the most secret agency in the world as if everyone had exclusive insight into all their comings and goings. But remember how everything used to be the CIA? I guess they're happy that it's taken focus off them.

Not to mention all the other government spy agencies running around the world.


----------



## BSD-Kitsune (Dec 11, 2016)

drhowarddrfine said:


> I've always said that I found it amazing that so many online sites and anonymous posters know so much about the inner workings of the most secret agency in the world as if everyone had exclusive insight into all their comings and goings. But remember how everything used to be the CIA? I guess they're happy that it's taken focus off them.
> 
> Not to mention all the other government spy agencies running around the world.



You ever hear the saying "If you tell a secret to anyone, it isn't a secret anymore?" Pretty hard to keep a secret if you have many people who know it. The darknet has all the answers.



drhowarddrfine said:


> My point is, this topic is about Flash being slowly eliminated from Chromium, not international intrigue.



Anytime you bring up software with security issues you invite other discussion



drhowarddrfine said:


> A company still using Flash on the web for its products made that mistaken decision years ago and will suffer the consequences. Is anyone still selling home TVs with CRTs?



As a person who owns both OLED and CRT TVs made in the last 10 years, I'll have you know that CRTs are not obsolete. They still produce the best colour representation, are infinitely scale-able, and can produce 4K resolution if they're a CRT projection TV - with some modifications. CRTs are heavy, and they make noise, yes, but when you're talking to someone who owns a lot of old games that rely on CRT scan patterns, not to mention has worked with TV broadcasts and knows why they still use CRTs for certain functions, you'll get immediately that they're still in wide use.



drhowarddrfine said:


> That misses the point. That if one is concerned about a page not loading javascript, why aren't they concerned about the same page not loading CSS?









So does this image get my point across? CSS and JS serve entirely different functions on a website, logically. CSS is formatting and display whereas JS is interactivity, arrays, dates and has more functionality than CSS that could, on a mobile site, for instance, prove tertiary to the function of the site.



drhowarddrfine said:


> Not any longer. Security problems are not the issue nowadays and you can bog a site down with bad programming so don't do bad programming and learn lazy loading, use HTTP/2, delayed downloads and all the things to prevent that.



Security issues fed by JS are a *huge* issue. Need I remind you the Tor site raid of 2013? They got people's IPs from a JS bug in the Tor Browser. Need I remind you of Cross-site scripting?

You're making excuses to cover things up and bury things under new technology, which is exactly what the Linux community has done:



			
				PersonA said:
			
		

> ALSA's broken!





			
				PersonB said:
			
		

> We'll design PulseAudio *around* ALSA's bugs!



Clear yet? No? Here's another:




			
				NeXTSTEP Developer A said:
			
		

> So Mach isn't fully compatible with UNIX...






			
				NeXTSTEP Developer B said:
			
		

> Why don't we take Mach and BSD and put them together? Mach x BSD! Mach Kernel, BSD APIs!



Hopefully that's ming bai enough for you, as my Chinese buddies would say.


----------



## drhowarddrfine (Dec 11, 2016)

TeamBlackFox said:


> Pretty hard to keep a secret if you have many people who know it.



It's a fad. No one ever knew anything about this until it was all the rage on reddit and other gathering places for UFO sightings.



TeamBlackFox said:


> Anytime you bring up software with security issues you invite other discussion


I didn't bring up the subject.



TeamBlackFox said:


> As a person who owns both OLED and CRT TVs


This is irrelevant to anything I said.



TeamBlackFox said:


> CSS and JS serve entirely different functions on a website...


This also has nothing to do with what I'm talking about.



TeamBlackFox said:


> Security issues fed by JS are a *huge* issue.


You are not up-to-date with security and javascript and I don't feel like educating you. There are plenty of current day tutorials you should find online. After 12 years of doing web development for mid-sized web sites, I frustrate easily with comments like this.

The rest of your post is so far off base from this thread, I'm just not responding to you anymore cause you show you have a tendency to go off into the fringe and I avoid reddit for that very reason. I rarely see it here and I hope never to see it.


----------



## sgeos (Dec 12, 2016)

Sadly, I was recently contacted about a potential opportunity with a company that specializes in creating Flash content.  I did not hear back after giving an honest opinion.  No less there.


----------



## Sevendogs (Dec 12, 2016)

All I am going to add is that Flash is a security nightmare and needs to die quickly.


----------



## BSD-Kitsune (Dec 12, 2016)

drhowarddrfine said:


> It's a fad. No one ever knew anything about this until it was all the rage on reddit and other gathering places for UFO sightings.



Can you stop passively aggressively insulting me? 



drhowarddrfine said:


> I didn't bring up the subject.


*You started the thread, you called other people out for discussion.*




drhowarddrfine said:


> This is irrelevant to anything I said.
> This also has nothing to do with what I'm talking about.


 You brought up CRT TVs calling them obsolete. As for JS/CSS it did - you made a slippery slope argument about if you design a site around it being workable without JS, then why care about CSS? And that's a fallacious argument. CSS and HTML have advanced greatly since JS was invented - it isn't as necessary to have JS as it was 10 years ago.





drhowarddrfine said:


> You are not up-to-date with security and javascript and I don't feel like educating you. There are plenty of current day tutorials you should find online. After 12 years of doing web development for mid-sized web sites, I frustrate easily with comments like this.



You're acting as if you can brush my arguments under the table for the sake of satiating your points. There's relevant issues to using Javascript but sadly you just don't seem to care. Depressing, to say the least. 



drhowarddrfine said:


> The rest of your post is so far off base from this thread, I'm just not responding to you anymore cause you show you have a tendency to go off into the fringe and I avoid reddit for that very reason. I rarely see it here and I hope never to see it.



I'm not even an avid redditor *drhowarddrfine*, you argue passive aggressively and bring nothing to the table except your opinions, which you can't really prove. Yeah, maybe I do the same but I at least try to add to the discussion. Maybe if your arguments actually held water you'd be able to add to the discussion. Need I remind you, you did the other day attempt to tell me a userspace program made by Microsoft could have possibly altered an Apple macOS kernel driver.


----------

