Dancing on the grave of Flash
- 12 October, 2015 15:25
I’ll be honest. I hate Flash. I loathe Flash. I abhor Flash. And these are educated feelings. Flash is tremendously insecure, has no way of managing updates across a fleet of computers, is needlessly inefficient, chews up battery life, is as proprietary and closed a system as they come in an era where we have rich and stable open Web standards, and in general is a tax on the Web experience. I could not be happier to see Flash go.
Opinions vary about exactly when Flash died. A minor but vocal group, consisting largely of Web advertisers, still says it’s alive. (Think again, folks.) Some attribute the final nail in Flash’s coffin to the decision by video giant YouTube in September to stop delivering video content to users of modern browsers with Flash and instead use the cross-platform open standard HTML5. (YouTube had to wait until better buffering technology arrived in the HTML 5 standard so that the provider could switch bit rates for streaming video on demand for less buffering as the traffic shape required.) Others say it’s when Google disabled Flash-based advertising in Chrome and developed a tool that let AdWords, its advertising platform, automatically convert advertisements created in Flash to HTML5 on the fly.
Still others say Flash was doomed as soon as the iPhone was launched even way back in 2007 without support for the Flash runtime, support that was never added as even Steve Jobs himself decried Flash on Apple devices in his open letter in 2010. “The avalanche of media outlets offering their content for Apple’s mobile devices demonstrates that Flash is no longer necessary to watch video or consume any kind of Web content,” writes Jobs in his letter, casually called “Thoughts on Flash.” “And the 250,000 apps on Apple’s App Store proves that Flash isn’t necessary for tens of thousands of developers to create graphically rich applications, including games. New open standards created in the mobile era, such as HTML5, will win on mobile devices (and PCs too).”
Other says various security holes, one or another or still another, were its final demise.
Regardless, there are few defenders of Flash’s future left and many staunch supporters of open Web standards and HTML5 such that the latter has become the de facto way of delivering multimedia experiences on essentially any device.
[Related: 5 takeaways from Adobe Flash’s death march]
I see a few key reasons behind why Flash is moribund, which, taken together, could prove incredibly instructive for the Internet and the industry as a whole.
Flash was an insecure protocol that collapsed under the weight of its own patches.
Rarely did two consecutive months go by without a serious or critical severity zero-day vulnerability having been discovered with Flash. Given Flash’s at one time massive installed base, such vulnerabilities and their eventual exploits essentially made vast swaths of the Internet sitting ducks. Even if Adobe was able to patch most of these vulnerabilities – and that was not always the case, either in a timely manner or at all – users’ lax behavior about updating their own machines plus IT departments’ growing frustration with Adobe updates left many machines unprotected even after updates that mitigated these vulnerabilities were made generally available.
The security issue got so bad that earlier this year when two zero-day vulnerabilities were exploited, affected users got heaps of malware installed on their Windows machines, and it led the Mozilla Foundation to completely disable the Flash plug-in within users’ browsers until it was updated. That says something about your security when the browser developer has to turn you off, doesn’t it?
Flash did not respect the rise of mobile devices, including smartphones and tablets, and did not tighten and modify its code base to support these form factors and unique usage characteristics.
The biggest here was battery life: Flash on phones, especially phones before 2010, really just stank at conserving battery life. You even saw this on standard corporate-issue laptops – playing videos on YouTube would just eat up a battery like nobody’s business.
Adobe simply failed to acknowledge the post-PC awakening where people used devices on the go and expected to get more than two hours of life out of them at a time. It also ignored the fact that most Flash user interface elements were predicated on cool events firing upon mouse pointer events, and of course mice on smartphones were exceedingly uncommon … another example of Flash being the wrong product for the post-PC phenomenon. And whether it was infeasible (doubtful – the H.264 hardware decoder chip, which eliminated the need for power-eating software codecs was fairly common around this time) or the company was simply unwilling to make the necessary changes to the codebase, Flash simply became an also-ran, popular with web developers who disliked change but not well-regarded by users or anyone familiar with the benefits of HTML5, especially on mobile devices.
Flash did not secure the support of the industry juggernauts that bring the users and the audience with them.
Sometimes you have to stand on the shoulders of giants, especially in the tech world. Adobe essentially failed at that: When Adobe lost Apple vis-a-vis Flash, there was no turning back. Apple singlehandedly awakened the smartphone market with the introduction of the iPhone, and it’s impossible to ignore the power of that market when it comes to enabling technologies – and killing them.
You may well know that Microsoft tried to introduce a Windows XP-based tablet PC that was ahead of its time back in 2001-2002. It was highly functional -- and failed miserably in terms of market acceptance. Apple in 2009 decided to release an iPad that was more or less just a bigger iPhone without cellular service and it took the world by storm.
Even if you have the best tech in the world, which I don’t think anyone would argue that Flash is, you simply have to go with the big boys sometimes and live to fight another day. Steadfastly digging in your heels (as in the case of Adobe circa the late oughts) does nothing to improve your technology’s chances of survival when the giants turn on you.
What might our takeaways be then as we near the end of this Flash post mortem? Here are three:
- Embrace open standards when possible lest you be caught out in a vulnerable position when a new market force takes the world by storm.
- Develop with security in mind at all times, not just as a bolt-on, and understand how your servicing model can be as seamless and quick as possible for those inevitable vulnerability mitigations.
- Flash sucks, and we should all be glad it’s gone. Cheers!