A foolish petition to open source Adobe Flash
Over the last few years, it seemed barely a week went by without another Adobe Flash security hole appearing. On one infamous day in 2015, Adobe announced it had fixed 13 — count ’em 13 — Flash vulnerabilities.
It’s only gotten worse since then. This June, Adobe patched 21 security holes. Of those, no fewer than 14 could lead to the ultimate hacker goal of remote code execution.
As I’ve said before, the only way to really secure Flash is to get rid of it.
So, why has Lindsted started a petition to open-source Flash? Lindsted explained: “Flash is an important piece of internet history and killing Flash means future generations can’t access the past. Games, experiments, and websites would be forgotten.”
He continued, “Open-sourcing Flash spec would be a good solution to keep Flash projects alive safely for archive reasons. Don’t know how, but that’s the beauty of open source: you never know what will come up after you go open source! There might be a way to convert swf/fla to HTML5/canvas/webgl/webassembly, or some might write a standalone player for it. Another possibility would be to have a separate browser. We’re not saying Flash player should be preserved as is.”
That’s all well and good, but people are people. If Flash lives, people will continue to use it, and without security support, it will be even more insecure than ever.
Yes, that would be incredibly stupid of them. But, so what! People are still using stupid passwords like “123456,” “password,” and “qwerty.”
If you still want to play old Flash games, look at the preserved websites that made the mistake of using Flash for their front page, and so on. They can continue to use the Flash binaries. The Flash files aren’t going away.
As for Flash-to-other-format conversion tools, they’ve been around for years. You can use Mozilla’s Shumway or, while Google no longer supports it, the Flash-to-HTML5 conversion tool Swiffy. There are many other Flash conversion programs available.
You don’t even need to open source it to create Flash files. In 2008, Adobe open-sourced its Flex framework, a software development kit for building Flash applications. Today, Flex lives on as an Apache Software Foundation project.
In other words, we don’t need the Flash source code to convert or create Flash files. Just let Flash go already!
Besides, Google with Chrome, Microsoft with Internet Explorer and Edge, and Mozilla with Firefox are all turning off Flash. We should follow in their footsteps and close the door on Flash once and for all.
When I talk about shutting down Flash, I’m talking about the Flash Player, which is how you play and watch Flash video and gaming content. Adobe Animate CC, formerly Flash Professional, which is a design program, will live on. While you can still use Adobe Animate — please don’t — to create Flash games and videos, it now supports the far safer HTML5 video formats.
Yes, once upon a time, Flash content was more useful than harmful. As Flash’s creator, Jonathan Gay, said: “If you think Flash is difficult to use, you should try drawing with a joystick on an Apple II before the concept of undo was invented.” But he went on to create Flash in 1993.
Flash was great in its day. In 2005, Adobe acquired Macromedia, Flash’s then-parent company for a cool $3.4 billion. That same year, YouTube started and decided to use Flash for video. Flash transformed quickly from being a popular animation and gaming program to being the default internet’s video player. It was never, ever safe enough for that, but Flash was what was available and it was already wildly popular.
That was then. This is now. There’s no excuse for using Flash video today.
By 2011, Adobe was moving from Flash to the HTML 5 video formats. These are Ogg files with the Theora video codec and Vorbis audio codec, MPEG4 files with the H.264 video codec and AAC audio codec, and Google’s WebM files with VP8 video codec and Vorbis audio codec.
So, why are we even talking about Flash still six years later? For the same reason I don’t want to give Flash any sort of second life. Unless you force people to run computers in new and secure ways, they’ll continue to use old, insecure methods and programs.
Usually, I’m favor with open-sourcing everything and anything. Not this time. Flash has proven to be a net of endless security holes. It’s time to let it go for once and for all.
via ZDNet | Linux And Open Source Blog RSS http://ift.tt/2v595PB