Even the EU shores up Adobe Flash now

In a bizarre twist of fate, Viviane Reding one of the non-democratically elected EU Commissioners put up her weekly video entitled "Protecting privacy in the digital age", in the privacy invading Adobe Flash format. This gives a privacy problem like the following screenshot (example I'd saved, she's not using youtube from what I could tell):



I've written about the security and privacy flaws in Flash before. Due to Flash being a proprietary binary that the user has no control over, it can happily just ignore all the cookie and privacy settings in the browser. Happily sending and receiving cookies, as well as maintaining a large set of cached files and data locally that the user is unaware of.

All we need now is for the information commissioner to advocate Adobe Flash, seeing as he's already using unique google tracking cookies to monitor the populace for two years.

I wonder how much/commission_barroso/reding/_bin/favideo/skins/ClearOverAll.swf cost us all to make, on top of the £556 price for a copy of Adobe "Flash Pro CS4" (dabs.com price). Not a good use of our EU taxpayers money!

Flash vs Web, Adobe Flash considered harmful

Be it security exploits or crashes, there are multiple practical reasons not to install Adobe Flash.

The best reason to avoid Flash is that it's a counter to the openness of the Web. Each Flash item embedded into a page isn't being displayed by the browser, but by the Adobe plugin, it's a comprehensive alternative to the Web. Flash ignores all the privacy and security settings in the browser, sending secret cookies to websites, and if there is a bug or security in the Adobe plugin we're powerless to spot that or fix it as they don't warn you.

What's far better for consumers in the marketplace is for technologies to complete against each other. However, as Flash is just a proprietary system developers can't even see the specification they would need to implement to play a Flash files (without signing an unreasonable license agreement and payments).

Flash isn't compatible with many devices, as Adobe only release it on select 32bit OSs. Flash doesn't work on mobile devices, and when it does it's the Flash "Lite" incompatible subset. Webmasters don't realise they shouldn't put Flash files on public pages as defaults, for users it is better to just have Flash as a secondary option to open web standard pages.

Adobe marketing spin will tell you 98% of desktops support Flash, but what they don't tell you is that includes Windows95 machines running Flash5. YouTube, BBC, Facebook all necessitate Flash9.

Adobe have also added DRM, compulsory adverts and prevented people downloading content recently; all very anti-consumer.

The problem for Adobe is that they won't open up Flash while they have a de facto monopoly, and so they'll only open up to widen their base when MS have taken the monopoly with Silverlight, but that will be too late for Flash and Adobe unfortunately. If wise, they would open up now, standardise and secure their dominance for longer.

Others have posted similar to me I see. I like the quote from Tim Berners-Lee:

Anyone who slaps a 'this page is best viewed with Browser X' label on a Web page appears to be yearning for the bad old days, before the Web, when you had very little chance of reading a document written on another computer, another word processor, or another network.

It is a shame so many people now embed YouTube Flash files and others into their pages as the default choice when services like blip.tv also offer in modern open web formats.

Flash does show what can be achieved though, take this Flash 3D web UI demo. We just need open web standards to achieve the same, AJAX and an OpenGL|ES binding would be a good start :)

Shockwave Flash crash takes out Firefox

If like me you see the problem with Adobe's Flash format and how it diverts us away from the openness of the interweb market which has facilitated so much progress you'll see the bugs in Adobe's software as just another problem in their strategy.

Today I needed to use a computer in an office running Windows, at least it was Firefox, but Adobe Flash still managed to bring it down with a crash!It's fully reproducible from this page, linked from this other page with Firefox 2.0.13 and Shockwave Flash 9.0 r60, DLL v9.0.60.184 backtrace:

NPSWF32! 3000d6fa()
NPSWF32! 300d106d()
NPSWF32! 300d343e()
NPSWF32! 300e580e()
NPSWF32! 300e5a22()

3000D6FA   mov         ecx,dword ptr [eax+1Ch] <--Crash
3000D6FD   call        3000D705
3000D702   ret         4

I have plugins installed:

Shockwave Flash

File name: NPSWF32.dll
Shockwave Flash 9.0 r60

MetaFrame Secure Access Manager

File name: npCtxCAO.dll
Endpoint Analysis Client

VLC Multimedia Plugin

File name: npvlc.dll
Version 0.8.6c, copyright 1996-2006 The VideoLAN Team

http://www.videolan.org/

I've posted here as they don't provide any email address for bug reports, and they've never replied to any other communication I've sent about crash bugs in their propreitary software. Will they ever fix this? Not sure when they have loads of other exploits and privacy issues (secret cookies which ignore browser settings etc)

Flakey GNU Flash (Gnash) causes Firefox to hang

I'm running the latest Kubuntu 7.10 which comes with Firefox 2 and through I would see what all the fuss is about with Gnash (aka GNU Flash). Gnash is the GNU/FSF branded project to implement decoding support of Adobe's Proprietary Flash file format that is sadly so common on the net these days (seems contrary to the No MS-Word documents strategy you're probably thinking too?)

Anyway I followed the instructions:

apt-get install mozilla-plugin-gnash

Gnash installed ok, so I headed over to youTube to hear a new track by a band I heard on the radio earlier. I hadn't' thought to save my draft email in another tab.. pretty risky this software stuff.. My laptop started chugging and churning, I ran "top" and could see gtk-gnash was using 1.6% of RAM in its two process threads, and 20% CPU in one process and 79% in the other one! This went on for 5 mins before I managed to close the tab (after several warnings from Firefox about a script which had stopped responding). There were no errors reported, and the clip never worked. I did get a glimpse of the spinning loading icon youTube uses though, before it all went grey.

Bizarrely, there is a context menu item in Gnash (from within the browser) where you can "Quit".. so I did this and it went down to one process taking up 80% of CPU time!

So it looks like.. unfortunately for the Gnash developers.. that the implementation is presently as flaky ass the GNU+FSF strategy to support Adobe is.