No no no no NO. It's time to get rid of Flash. Open-sourcing will make it live forever.
Flash has very little to offer that is not at this point duplicated (or improved upon) by others. It's also woefully insecure. "Many eyes make all bugs shallow" will only work for the most trivial bugs in the most common code paths. Plenty of vulnerabilities will remain. In open source, they'll be even easier for attackers to find and exploit. If you want something open-source and (mostly) Flash compatible, follow nkkollaw's suggestion: support one of the already-open-source alternatives.
Do you think Flash is insecure in principle, or in implementation? I think it is very much a problem of the implementation. I don't know if Adobe/Macromedia could have done better, or if the backwards compatibility requirements make it impossible to maintain, but I'd like to see for myself.
Anyway, you have no reason to be afraid. All mayor browsers are dropping support for plugins anyway. An open source flash player will most likely be used standalone, and not in a browser.
(I can't help but wonder if we are making a huge historical mistake here by the way. Because the Flash implementation was so bad, we were led to believe that plugins are bad per se. But at least in theory, it seems to me that the best architecture would be a minimal browser (just a layout engine), and everything as a plugin. Current browser are horrible monolithic giants, that only mega-corporations (and Mozilla ;-)) can maintain. That they are relatively secure is only due to the massive amounts of human-years that went into polishing and bug fixing in the recent decade.)
Very narrow minded. Tens of thousands of games rely on flash, along with many movies and general history of the internet. Open souring it will preserve countless hours of lost work.
I hate Flash. And yet, I fully support an effort to open source it. Just like I hate MS Word and would support an effort to open source it.
Open sourcing code does not carry any of the risks you mention because those risks relate to browsers, not to Flash, besides that the whole point is to 'make it live forever' so that the millions upon millions of hours spent building Flash stuff will not have been wasted.
Open sourcing abandonware is exactly the right thing to do.
Preservation and reduction of bit rot is a great reason to open source Flash or ensure there is always a definitive version available, even if all the browsers should ban it because it is a messy, unperformant security liability.
It's not about making it available for continued production use. It's about archiving the content people created with it.
That's getting harder and harder to do as platforms get more and more complicated. "Mostly" compatible is less than helpful. Having access to the actual primary Flash implementation would be invaluable for preservation efforts.
Wasn't this basically what people said about Netscape pre-Firefox? That worked out, and ushered in a new age of Internet.
Flash has an immense amount of value built in which cannot be replaced by any of the alternatives. Maintaining and fixing old code isn't as sexy as jumping on the latest competing standard, but it's far more valuable.
Even if we don't continue to develop new features for Flash, it's important to keep it alive so we don't lose the ability to run the wide variety of flash programs which at this point make up a significant portion of Internet culture and history.
Open source projects with no large company support or full-time employees == no browser will want to continue to support this.
Open sourcing flash just means that devs who have spent years building games in flash can still play those games. It is still a death sentence for the future of flash.
The security issues with Flash are due to it being closed-source. Make it open-source and a lot of the problems that lead it to being EOLed will be solved.
Flash has very little to offer as a tool, but as a platform with thousands of hours of beautiful, creative content made for it (Homestar Runner, games, interactive art, etc), it will be tragic to lose all that art and history.
If we open-source Flash, at least museums will have an option to preserve that content for future generations to learn from and enjoy.
I learned to program in ActionScript 2 on Macromedia Flash MX back in high-school. In spite of all the (deserved) hate Flash gets, we got to give it credit too.
- It was a response to the stagnant IE-dominated web that allowed people to experiment and create incredibly rich content that is still hard to replicate.
- It's editor was amazing for introductory programming. It was as easy and intuitive to use as any vector-graphics editor, but you could get really complex on your programming too. It was very visual, very graphical, which helped.
- It was great for animation. I really can't think of anything that compares. There's lots of animation software out there but most are targeted to video. There's lots of libraries for animating Canvas/SVG, but they don't have interfaces/editors for non-programmers. Flash was an amazing middle-ground; a great creative AND technical tool IMO.
- ActionScript was nice; it wasn't daunting, it had types to help you, but they didn't clutter the syntax. If I recall correctly, the tooling wasn't too shabby either, with good auto-complete and suggestions as you type.
It's thus no wonder it caught on like wildfire and there was so much content for it. It was a good option for technical projects and creative ones, beginners and experts. I definitely don't want to see Flash making a comeback on web, but I wouldn't mind seeing it in standalone applications (assuming security doesn't become an issue), and I could see its value on education, granted, with the right editors and tools.
So much hate for Flash. Yes it has regular security holes, is CPU hungry and a lot of people used it to create some mightily annoying things....
But Flash was a gift from the gods back in the early days of IE and most people forget that. If you wanted to make some HTML look nice you had little more than the dreaded 'blink' tag to work with.
If it weren't for Flash I doubt we'd have anywhere near as advanced CSS, SVG, Canvas and HTML5 bells and whistles that designers can actually use now.
I doubt Adobe will open source it though. They probably know there's a whole heap of other security issues in it that'll get found and exploited as soon as they release it. Your average user won't be able to patch fast enough!
It's ok to dislike something and recognize how poor it is compared to better implementations it helped inspire, but still respect what it did for us in the past.
Flash, Java Applets, and jQuery all changed the web for the better and were amazing things at one time. But we should move on.
> They probably know there's a whole heap of other security issues in it that'll get found and exploited as soon as they release it.
So wait until 2020, after all major browsers have dropped support for it. No reason to worry about vulnerabilities in software that nobody's using in production anymore. If anyone still cares, they can always fix the security problems themselves.
As the currently-most-upvoted hater, I kind of agree. Flash was fantastic back in the day. I played many games and movies that way, and was thusly enriched. But the Sega Genesis was also great in its day. So was the vinyl record. Those days are gone. Flash has accrued negatives, which now outweigh the positives.
If it weren't for Flash I doubt we'd have anywhere near as advanced CSS, SVG, Canvas and HTML5 bells and whistles that designers can actually use now.
And the web is much worse because of it.
The one thing that was excellent about flash was that you could easily disable it and all the security issues and annoying crap would disappear. You can't do that today without breaking stuff.
Again. From my game dev days, the people that really lose (over and over) are the artists. Millions of hours have been sunk into laying out vector graphics with the Flash IDE. Code I understand should eventually be tossed away, but, not art. I guess staring at millions of beautiful vector timelined illustrations changed my opinion - but it is art to me. And like books, I think its a sin to toss. I hope the artists convert their .fla files over and save what they can.
I can't understand why people are against open sourcing some proprietary code, why would it affect you? If you hate Flash that much you will have the opportunity to see the source code and confirm that is bad. All the open source reimplementation are incomplete, so with the opening up of Flash the open source ones could have a look (if license allows) and finish the reimplementation.
True, but even a non-functional source dump with lots of the guts ripped out and redacted would be extremely useful for researchers and preservationists.
> We understand that there are licenced components you can not release. Simply leave them out with a note explaining what was removed. We will either bypass them, or replace them with open source alternatives.
As bdcravens and ghaff allude to elsewhere in this subthread, the question is whether Adobe can be convinced to put in the effort required to strip out licensed IP. Maybe a crowdfunded campaign with a bounty to cover Adobe's costs would be more compelling than a slacktivist petition like TFA.
Now I'm really curious if that's the case. It could explain why they didn't open source the Flash runtime back when they open sourced the flex compiler.
FWIW I posted[1] in the Flash EOL thread the other day that an Adobe employee told me years ago that licensing issues were the main hindrance to open sourcing the Flash player. (Another HN user who said they used to work for Adobe seems to back this up.) A lot of technology in the player was licensed and difficult to remove/refactor such that the player code could realistically be opened up, and there was little business incentive to invest resources into it. I'd imagine the incentives are even less now.
I worked at Adobe near the Flash team back in the day, and the PMs I knew would have absolutely loved to open-source the Player. The problem isn't willingness, it's third-party code, of which there is apparently a lot.
If there was just a button to be pressed, Adobe would have pressed it circa 2010. But at this point, I think open-sourcing Flash Player is the kind of thing where the project to figure out what all would need to be done would cost more than Adobe would want to invest, never mind actually doing the necessary work (both engineering and legal).
Flash has generated a tremendous amount of assets that will be lost. Preserving them for historical reasons is extremely important but i am far less interested in preserving the technology than preserving the idea or creation itself. I would love to see an effort around conversion or transcoding flash assets to other technologies. For example, flash movies being rendered to an open standard or flash games being automatically converted to javascript/html5. The content creator deserve to have their legacy recorded and maintained but this is not the solution. (granted it may be a solution for other use cases, but i am not sure what those are)
There could be an issue of opening up even more security issues for people with Flash still installed. That, in turn, will likely lead to an all out campaign to remove Flash from everything possible (maybe not a bad thing at this point).
But, honestly - Flash as a platform hasn't advanced much in quite a while. What it once offered - rich multimedia runtime engine across platforms - is either available in the browser directly or can be attained through even more rich engines such as Unity3D.
There is an all out campaign to remove flash from everything possible. Soon it will be gone from every major browser and phone. That's exactly what this is in response to.
Personally I just want to ensure there's a way for me to go back and look at all the work I did in high school. It's already a pain to figure out how to run my old SWF files, and soon it's going to be nearly impossible.
Maybe I should just snapshot a VM with everything set up correctly?
No, you don't need your silly flash player to play free games in your web browser or offer to users at a payment plan and method of your choosing. We've got this great app store for you to use that only costs $100 a year to submit apps to and we keep 30% of all the money you make on your game.
Notice: The idea is not to save Flash Player, but to open source Flash!
What exactly is being referred to here? The Flash authoring tool I assume? As in, the application that you install on your desktop and use to create Flash animations with?
I think a better description of the purpose of this petition might be a good idea. A lot of people conflate Flash and Flash Player.
No, they're talking about the player. But they don't want to save it from doom, but instead to preserve it so all the current code targeting flash can still potentially be used.
Think of it like an emulator. It would still be stripped from browsers, but you could download the SWF and play it locally, in the "flash emulator". Except it'd be based on the real thing, and as such, would achieve perfect compat right away.
Just for historical reasons, it's good to have the source out there. Fifty or a hundred years from now, someone may want very badly to recover some old .swf file.
I don't think anybody wants to see what's actually under the covers. Also, I'm pretty sure they've licensed patents from other participants, so it's not very likely they would bother trying to figure out all those details.
Future history does need a copy they can use in the future to look at web sites of the past though. Content that relies on proprietary technology will be lost in the annals of history.
Open sourcing code allows a new vector for finding vulnerabilities. Just because the software reaches its EOL doesn't mean it is removed from every computer.
I believe that open sourcing Flash should be done for the sake of software preservation. But I would recommend 2025 (end of life for Windows 10 and IE11) as the earliest release date.
You have to understand the source of the problem. The browsers do NOT want to support this level of plug-in since it is less secure. That is why the Unity plug-in went away, that is why ALL plugs ins are going away. Flash is still alive as AIR in mobile and desktop. But it is DEAD in browsers.
[+] [-] notacoward|8 years ago|reply
Flash has very little to offer that is not at this point duplicated (or improved upon) by others. It's also woefully insecure. "Many eyes make all bugs shallow" will only work for the most trivial bugs in the most common code paths. Plenty of vulnerabilities will remain. In open source, they'll be even easier for attackers to find and exploit. If you want something open-source and (mostly) Flash compatible, follow nkkollaw's suggestion: support one of the already-open-source alternatives.
[+] [-] captainmuon|8 years ago|reply
Anyway, you have no reason to be afraid. All mayor browsers are dropping support for plugins anyway. An open source flash player will most likely be used standalone, and not in a browser.
(I can't help but wonder if we are making a huge historical mistake here by the way. Because the Flash implementation was so bad, we were led to believe that plugins are bad per se. But at least in theory, it seems to me that the best architecture would be a minimal browser (just a layout engine), and everything as a plugin. Current browser are horrible monolithic giants, that only mega-corporations (and Mozilla ;-)) can maintain. That they are relatively secure is only due to the massive amounts of human-years that went into polishing and bug fixing in the recent decade.)
[+] [-] wildbunny|8 years ago|reply
[+] [-] jacquesm|8 years ago|reply
Open sourcing code does not carry any of the risks you mention because those risks relate to browsers, not to Flash, besides that the whole point is to 'make it live forever' so that the millions upon millions of hours spent building Flash stuff will not have been wasted.
Open sourcing abandonware is exactly the right thing to do.
[+] [-] gburt|8 years ago|reply
[+] [-] Rusky|8 years ago|reply
That's getting harder and harder to do as platforms get more and more complicated. "Mostly" compatible is less than helpful. Having access to the actual primary Flash implementation would be invaluable for preservation efforts.
[+] [-] djhworld|8 years ago|reply
There's a lot of content out there made with flash, especially games.
[+] [-] wslh|8 years ago|reply
So does DOS, OS/2, CPM, AmigaOS, etc. Let individuals decide what to do with the source code.
[+] [-] tarboreus|8 years ago|reply
[+] [-] romwell|8 years ago|reply
Pray, tell me of a universally-supported compact interactive vector graphics animation format, with sound, in a single file.
Back in the year 2000 I could send a Valentine card with an animated message that could be downloaded as an email attachment and kept forever.
So, what's the improved version of that?
[+] [-] kerkeslager|8 years ago|reply
Flash has an immense amount of value built in which cannot be replaced by any of the alternatives. Maintaining and fixing old code isn't as sexy as jumping on the latest competing standard, but it's far more valuable.
Even if we don't continue to develop new features for Flash, it's important to keep it alive so we don't lose the ability to run the wide variety of flash programs which at this point make up a significant portion of Internet culture and history.
[+] [-] egonschiele|8 years ago|reply
Open sourcing flash just means that devs who have spent years building games in flash can still play those games. It is still a death sentence for the future of flash.
[+] [-] est|8 years ago|reply
How about streamable vector animation without hogging your CPU like HTML5 canvas or svg? (Zing!)
And also, authoring tools that guaranteed to work everywhere as you draw graphs.
[+] [-] sergiotapia|8 years ago|reply
[+] [-] 0x0|8 years ago|reply
[+] [-] flashman|8 years ago|reply
[+] [-] odbol_|8 years ago|reply
If we open-source Flash, at least museums will have an option to preserve that content for future generations to learn from and enjoy.
[+] [-] zaklaus|8 years ago|reply
[+] [-] aylmao|8 years ago|reply
- It was a response to the stagnant IE-dominated web that allowed people to experiment and create incredibly rich content that is still hard to replicate.
- It's editor was amazing for introductory programming. It was as easy and intuitive to use as any vector-graphics editor, but you could get really complex on your programming too. It was very visual, very graphical, which helped.
- It was great for animation. I really can't think of anything that compares. There's lots of animation software out there but most are targeted to video. There's lots of libraries for animating Canvas/SVG, but they don't have interfaces/editors for non-programmers. Flash was an amazing middle-ground; a great creative AND technical tool IMO.
- ActionScript was nice; it wasn't daunting, it had types to help you, but they didn't clutter the syntax. If I recall correctly, the tooling wasn't too shabby either, with good auto-complete and suggestions as you type.
It's thus no wonder it caught on like wildfire and there was so much content for it. It was a good option for technical projects and creative ones, beginners and experts. I definitely don't want to see Flash making a comeback on web, but I wouldn't mind seeing it in standalone applications (assuming security doesn't become an issue), and I could see its value on education, granted, with the right editors and tools.
[+] [-] jarym|8 years ago|reply
But Flash was a gift from the gods back in the early days of IE and most people forget that. If you wanted to make some HTML look nice you had little more than the dreaded 'blink' tag to work with.
If it weren't for Flash I doubt we'd have anywhere near as advanced CSS, SVG, Canvas and HTML5 bells and whistles that designers can actually use now.
I doubt Adobe will open source it though. They probably know there's a whole heap of other security issues in it that'll get found and exploited as soon as they release it. Your average user won't be able to patch fast enough!
[+] [-] riffraff|8 years ago|reply
I honestly wish we'd stuck with flash.
[+] [-] mawburn|8 years ago|reply
Flash, Java Applets, and jQuery all changed the web for the better and were amazing things at one time. But we should move on.
[+] [-] Ajedi32|8 years ago|reply
So wait until 2020, after all major browsers have dropped support for it. No reason to worry about vulnerabilities in software that nobody's using in production anymore. If anyone still cares, they can always fix the security problems themselves.
[+] [-] notacoward|8 years ago|reply
[+] [-] tjoff|8 years ago|reply
And the web is much worse because of it.
The one thing that was excellent about flash was that you could easily disable it and all the security issues and annoying crap would disappear. You can't do that today without breaking stuff.
[+] [-] nkkollaw|8 years ago|reply
http://lightspark.github.io/
https://www.gnu.org/software/gnash/
[+] [-] ransom1538|8 years ago|reply
[+] [-] eric_h|8 years ago|reply
[+] [-] rachkovsky|8 years ago|reply
[+] [-] simion314|8 years ago|reply
[+] [-] nradov|8 years ago|reply
[+] [-] larsiusprime|8 years ago|reply
[+] [-] matt_kantor|8 years ago|reply
> We understand that there are licenced components you can not release. Simply leave them out with a note explaining what was removed. We will either bypass them, or replace them with open source alternatives.
As bdcravens and ghaff allude to elsewhere in this subthread, the question is whether Adobe can be convinced to put in the effort required to strip out licensed IP. Maybe a crowdfunded campaign with a bounty to cover Adobe's costs would be more compelling than a slacktivist petition like TFA.
[+] [-] lj3|8 years ago|reply
[+] [-] TazeTSchnitzel|8 years ago|reply
[+] [-] mstade|8 years ago|reply
[1]: https://news.ycombinator.com/item?id=14850791
[+] [-] fenomas|8 years ago|reply
If there was just a button to be pressed, Adobe would have pressed it circa 2010. But at this point, I think open-sourcing Flash Player is the kind of thing where the project to figure out what all would need to be done would cost more than Adobe would want to invest, never mind actually doing the necessary work (both engineering and legal).
[+] [-] gamedna|8 years ago|reply
[+] [-] rnhmjoj|8 years ago|reply
I am already using gnash to run flash games and a feature complete open source implementation would be very welcome.
[+] [-] Anatidae|8 years ago|reply
But, honestly - Flash as a platform hasn't advanced much in quite a while. What it once offered - rich multimedia runtime engine across platforms - is either available in the browser directly or can be attained through even more rich engines such as Unity3D.
[+] [-] aarongolliver|8 years ago|reply
Personally I just want to ensure there's a way for me to go back and look at all the work I did in high school. It's already a pain to figure out how to run my old SWF files, and soon it's going to be nearly impossible.
Maybe I should just snapshot a VM with everything set up correctly?
[+] [-] JohnTHaller|8 years ago|reply
[+] [-] pan69|8 years ago|reply
I think a better description of the purpose of this petition might be a good idea. A lot of people conflate Flash and Flash Player.
[+] [-] roblabla|8 years ago|reply
Think of it like an emulator. It would still be stripped from browsers, but you could download the SWF and play it locally, in the "flash emulator". Except it'd be based on the real thing, and as such, would achieve perfect compat right away.
[+] [-] Animats|8 years ago|reply
[+] [-] midnitewarrior|8 years ago|reply
Future history does need a copy they can use in the future to look at web sites of the past though. Content that relies on proprietary technology will be lost in the annals of history.
[+] [-] scj|8 years ago|reply
I believe that open sourcing Flash should be done for the sake of software preservation. But I would recommend 2025 (end of life for Windows 10 and IE11) as the earliest release date.
[+] [-] BatFastard|8 years ago|reply
[+] [-] joe_momma|8 years ago|reply
[+] [-] mirekrusin|8 years ago|reply
Seriously, why start with sentences like that if you really care about it being open-sourced?