Not logged in » Login
Jul 26 2017

Adobe Buries Flash… in 2020

In April 2010, the late Steve Jobs wrote an open letter to tell Adobe and the rest of the world about his "Thoughts on Flash." In it, he explained why the multimedia software was no longer allowed to run on iPhones, iPods and iPads. Aside from performance issues on mobile devices, he cited security concerns as one key reason for the decision. Moreover, Jobs was also confident that more capable and secure web technologies could easily take over Flash's role. Some seven years later, Adobe is finally preparing to give in to the Apple founder's verdict.

Or at least that's the impression you get when reading through the somewhat premature obituary that appeared on the company's blog on July 25. 'Premature' because the article says that Adobe will only "stop updating and distributing the Flash Player at the end of 2020," thus leaving content creators with ample time to overhaul their works so they will comply with standards like HTML5 and WebGL. In addition, this could also be the death knell for the far less popular Shockwave format, which has lagged far behind Flash's user numbers for several years. If everything goes as now planned, the discontinuation of both products would close a chapter in software history that's rife with crash reports, delayed and/or buggy updates, major security flaws, and above all user anguish and still lasted for 25+ years.

Other than that, Adobe's statement pretty much reflects what Steve Jobs had to say in 2010 – some may even find it a little spooky because it sounds as if the legendary Apple CEO was speaking from his grave. Take a look at this paragraph, for instance:

"[But] as open standards like HTML5, WebGL and WebAssembly have matured over the past several years, most now provide many of the capabilities and functionalities that plugins pioneered and have become a viable alternative for content on the web. Over time, we've seen helper apps evolve to become plugins, and more recently, have seen many of these plugin capabilities get incorporated into open web standards. Today, most browser vendors are integrating capabilities once provided by plugins directly into browsers and deprecating plugins."

Creepy fantasies set aside, this passage appears to give a concise if somewhat dry and humble account of what happened to render the once ubiquitous Flash and related technologies obsolete. Only it doesn't – at least not if you happen to equate "concise" with "accurate." Instead, it manages to pass over some of the more problematic aspects in Flash's history. So let's shed a light on two of those, just to set the record straight.

In the early days of the web, Flash was indeed an indispensable technology for all publishers and webmasters who wanted to treat their audiences to audio and video content or online games. As a consequence, the client piece of the software (aka Flash Player) found its way onto north of 95% of all desktop PCs. However, the relationship between the software and its users wasn't exactly hassle-free, as Flash would soon become notorious for being a resource hog that would occupy memory and CPU cycles – please remember, we're talking about the time when Win95 was the OS of choice, processor speeds were measured in megahertz and RAM capacities in megabytes, and most users thought they'd never be able to save more than a lavish 512 MB of data on their hard drive over their entire lifetime. Needless to say, Flash's hunger provoked innumerable crashes, and so began a seemingly endless update/upgrade cycle that soon developed its own, shall we say, peculiarities. Quite often, it took weeks or sometimes even months for these fixes to arrive, and even then, they wouldn't necessarily solve the problems you were experiencing. But then how were you to know, when release notes for the new version hardly ever revealed which issues had been addressed (although one must concede that this is not an Adobe specialty)? Meanwhile, though, the quality and frequency of upgrades have considerably improved, and modern PCs with their multi-core CPUs and tons of main memory will no longer suffer from Flash-related performance issues. So everything's fine, right?

Sadly, no. From a strict security perspective, the Flash client should have been retired shortly after the turn of the millennium. For Adobe, such a decision would have resulted in a much less devastating track record: Since 2013 alone, Flash Player has amassed a total of 784 entries in MITRE's Common Vulnerabilities and Exposures (CVE) database – more than three quarters of the 1030 it scored over a 12-year-period. Moreover, 628 of these flaws (more than 80%) could have been used by hackers to execute arbitrary code. Altogether, the numbers mean Flash Player is the seventh-most vulnerable software of the 21st century, and the third-most vulnerable application (after Chrome and Firefox). Even Internet Explorer and Windows XP, which must often serve as examples for bad product security, each ended up with a considerably smaller number of errors and glitches – 860 and 729, respectively. These numbers explain why practically all leading browser vendors have added Flash blockers to their plug-in portfolios – some of them as early as 2004.

Against this backdrop, we can't help but thoroughly welcome Adobe's decision to phase out its outdated and essentially defective product. Still we would suggest that they run a massive "Dump Flash" campaign over the next 3.5 years – otherwise they might end up living through the same agonies Microsoft is undergoing with the undead WinXP, which still ran on 7.5% of all desktop PCs at the end of June 2017, according to Netmarketshare.


Comments on this article

No comments yet.

Please Login to leave a comment.


Please login

Please log in with your Fujitsu Partner Account.


» Forgot password

Register now

If you do not have a Fujitsu Partner Account, please register for a new account.

» Register now