Petition Asks Adobe To Open-Source Flash To Preserve Internet History (bleepingcomputer.com) 167
An anonymous reader quotes BleepingComputer:
A petition is asking Adobe to release Flash into the hands of the open-source community. Finnish developer Juha Lindstedt started the petition a day after Adobe announced plans to end Flash support by the end of 2020. "Flash is an important piece of Internet history and killing Flash means future generations can't access the past," Lindstedt explains in the petition's opening paragraph. "Games, experiments and websites would be forgotten." The developer wants Adobe to open-source Flash or parts of its technology so the open-source community could take on the job of supporting a minimal version of the Flash plugin or at least create a tool to accurately convert old SWF and FLA files to modern HTML5, canvas data, or WebAssembly code... Lindstedt is asking users to sign the petition by starring the project on GitHub. At the time of writing, the petition has garnered over 3,000 stars.
A reporter at ZDNet counters that "the only way to really secure Flash is to get rid of it... If Flash lives, people will continue to use it, and without security support, it will be even more insecure than ever." He points out there's already several programs that convert Flash into other formats -- and that Adobe already open sourced its Flex framework for building Flash applications back in 2008 (now supported by the Apache Software Foundation as Apache Flex). "In other words, we don't need the Flash source code to convert or create Flash files. Just let Flash go already...!
"Usually, I'm favor with open-sourcing everything and anything. Not this time. Flash has proven to be a net of endless security holes. It's time to let it go for once and for all.
A reporter at ZDNet counters that "the only way to really secure Flash is to get rid of it... If Flash lives, people will continue to use it, and without security support, it will be even more insecure than ever." He points out there's already several programs that convert Flash into other formats -- and that Adobe already open sourced its Flex framework for building Flash applications back in 2008 (now supported by the Apache Software Foundation as Apache Flex). "In other words, we don't need the Flash source code to convert or create Flash files. Just let Flash go already...!
"Usually, I'm favor with open-sourcing everything and anything. Not this time. Flash has proven to be a net of endless security holes. It's time to let it go for once and for all.
That reporter is a moron (Score:1, Insightful)
History is history. Deleting it to chase some mythical "security" unicorn deletes a part of the internet's history.
(Let's leave aside how top-down the Flash eradication campaign has been. The users still want it, and telling them they can't have it because you want to play with your shiny new HTML5 toys is a non-starter.)
Re: (Score:2, Insightful)
Lets smash all forms of analog storage mediums too! I mean look at all of those vinyl records that have ZERO copy protection! I mean how can we let this be! Destroy it all! Fuck preservation of history!
Re: (Score:2, Funny)
Re: (Score:3)
Re: That reporter is a moron (Score:2)
I'm kind of in both camps. Flash can not die soon enough. However I do have a collection of youthful stupidity that I made many moons ago that I'd love to be able to show to my grandkids one day. Maybe what's really needed is proper spec docs so a html5 converter project doesn't get bogged down in hellish reverse engineering
Re: (Score:2)
You really want the glory that is Lobster Magnet to be unviewable?
Re:That reporter is a moron (Score:5, Insightful)
The users still want it
Users don't know what they want. Users fundamentally don't care if their dancing pigs animation is implemented in Flash or something else.
Re: (Score:2)
Come 2020, regardless of whether Flash is open sourced or not, no one is going to be developing new jank for a dead platform that's not available in any modern browser. Because only a vanishingly small percentage of people will eve
Re: (Score:2)
I agree it's a shame to lose access to old Flash content, but really, some mythical "security" unicorn? Are you denying that we improve security by banning Flash, or are you just being snarky?
Re: (Score:3)
I agree it's a shame to lose access to old Flash content, but really, some mythical "security" unicorn?
He's not wrong, you know. Flash is but one security flaw in an ecosystem of security flaws. Eliminating it will make very little difference, as the problem just moves to a new neighborhood.
Re: (Score:2)
Disagree. Flash was a pile of crap, far less secure than, say, Chrome. Eliminating that easy attack surface makes things harder for the bad guys.
It also enabled cross-OS, cross-browser exploits.
Re: (Score:2)
That's a false dichotomy.
Banning Flash is not contradictory to having it made open source so as to enable web preservation. From a security perspective, it might actually be quite desirable--you enable smooth conversion into modern formats now, without the problems and security risks of using back-engineered tools that may let the security flaws of the original slide through, and later use of Flash as an instructional tool. You can show it to students, and let them see for themselves the trainwreck, inste
Re: (Score:2)
I feel you're avoiding my point. Making Flash unavailable in ordinary browsers does improve security. There are no unicorns involved.
Re: (Score:2)
My point is that making it unavailable in ordinary browsers is a realistic measure, but you are indulging in magical thinking if you believe further in security will be had by losing its source code.
Re: (Score:2)
Thank goodness SJVN has no power to enforce the conclusions of his goofy logic.
Re: (Score:2)
well there's this thing that you can actually vmware emulation run the stuff to forever already.
the animations you can convert to .. well, mp4.
but as an interesting sidenote, how aware people are of that flash almost became (essentially) what is android now? they had a semi-decent implementation running on mobile phones of flash lite that was less limited than j2me and more easy to program for than symbian (this was around 2004 or so, the time when symbian ruled the 100 to 700 dollar smartphone segment).
dev
Let it die. (Score:2, Insightful)
Don't open source it. Don't share or preserve it. Shoot it and bury the remains. It needs to go away. That's the point of EOLing it.
Re: (Score:3)
Adobe will never open source it in a million years. It's the most insecure piece of trash and is being EOL'd because new vulnerabilities keep showing up and Adobe isn't making enough money off of it anymore to warrant the team of coders to try to keep up with all the security issues.
Re:Let it die. (Score:5, Funny)
Do open source it so we can look at the hackjob shitpile that is Adobe code and learn from their utter fuckups, and get a laugh at the same time!
Re: (Score:2)
F'ing something completely sounds like a job Adobe is perfectly qualified for!
Re: (Score:3)
Also, Flash being moribund is kind of a blessing here -- a game from 2010 or 2005 is pretty unlikely to use an exploit announced in 2017.
Re: (Score:2)
Also, Flash being moribund is kind of a blessing here -- a game from 2010 or 2005 is pretty unlikely to use an exploit announced in 2017.
No but the runtime will. Also cheap developers in 3rd world outsourced countries maybe more familiar with flash and will keep using it rather than learn HTML 5 for clients in the 1st world. Only when marketshare declines will they learn and use something different.
Hell if corporations had their way we all would still be using XP, VBScript, and IE 6 as everyone had it at one time and everyone know how to do it ... well debatable with IE 6 rendering bugs :-)
Re: (Score:1)
I knew someone would ask for Java to die, not realizing that, for years and years, Java is being used on the server, not in the browser. Nobody uses applets anymore, and they are **already** being EOLed.
Asking to EOL Java because applets have security issues is as relevant as asking to EOL C++ or PHP. Nobody uses any of those to execute code in the browser. If you still think they are, then you're still living in 1999.
Re: (Score:2)
Java is being used on the server, not in the browser. Nobody uses applets anymore, and they are **already** being EOLed.
Yeah, we're only 1/3 of the way here. Applets are gone, but Dalvik/ART and Java-on-server still need to be purged off the face of the Earth.
Re: (Score:2)
Dalvik/ART and Java-on-server still need to be purged off the face of the Earth.
Well, let's have it then. Why?
Re:Let it die. (Score:3)
as relevant as asking to EOL C++ or PHP. Nobody uses any of those to execute code in the browser.
Sorry, buddy, I;ve got news for you...
https://en.wikipedia.org/wiki/... [wikipedia.org]
And with that you can run C++ in the browser. It sounds like a gimmick but it's not. I know people using it in production for serious stuff. Because C++ is rather parsimonious and ASM.js actually maps well enough to the hardware (it's essentially to within some not outrageously huge constant factor of actual native code) stuff written in C++
Re: (Score:2)
It takes LLVM bitcode - which can be generated from C/C++, using llvm-gcc (DragonEgg) or clang, or any other language that can be converted into LLVM - and compiles that into JavaScript
Not really running C++ then is it?
Re: (Score:2)
If so, then nothing ever runs C++ or C for that matter.
Re: (Score:3)
And with that you can run C++ in the browser. It sounds like a gimmick but it's not. I know people using it in production for serious stuff
The argument that JavaScript is actually close to the hardware really made my evening. We are living in the future!
Re: (Score:2)
JavaScript in general is very far from the hardware. ASM.js on the other hand is a very restricted subset of JavaScript that is. That means it can be efficiently jitted to machine code without suffering from the usual problems, namely the dynamic typing if the main bit of JS.
The entire point is to have a subset that can be efficiently compiled. By app accounts it works. You won't get native C++ performance, but you'll get within a factor of 5 and it'll be predictable.
Re: (Score:2)
Although some of us seem content to live in the past.
Re:Let it die. (Score:4, Insightful)
Kinda shortsighted counter.. (Score:5, Insightful)
To the guy who countered that flash should just be forgotten rather than open-sourced, his excuse for doing so is stupid.
Yes, Flash in it's current closed-source state is riddled with security holes and vulnerabilities. However if it got open-sourced then one of the first things people would be able to do for the first time ever is pour over the source - find all those security holes - and fucking FIX them.
And so long as that's the only thing people do with flash once it's open sourced (no more feature creep added by Adobe) then it should be just fine.
Re: (Score:2, Insightful)
How does making something "open source" magically make it bug-free and highly secure? Perhaps Flash is just so old, large and convoluted that there really isn't any way to completely fix it. It could be a hopeless cause and not some product of an "evil corporation" that seeks profit over security,
Make something to convert AWAY from Flash but please don't keep Flash alive.
PS: how long before Firefox becomes a completely bug-free and highly secure version of Netscape Navigator?
Re: (Score:1)
"How does making something "open source" magically make it bug-free and highly secure? Perhaps Flash is just so old, large and convoluted that there really isn't any way to completely fix it."
There's nothing magic about it. As I said, you just get the chance to fix the holes for the first time ever. Why give up without even trying? If it really is a tangled mess THEN people would be able to leave it (or rebuild it from scratch)
But unless it's open-sourced we'll never know if it's fixable or not. And the dif
Re:Kinda shortsighted counter.. (Score:4, Funny)
How does making something "open source" magically make it bug-free and highly secure?
Didn't you know open source has magical properties? Masses of people will suddenly give a shit about the state of the code and want to fix it. After all, when did an open source project ever stagnate and die from lack of interested developers? ... oh right...
Re: (Score:3)
It's true though, the first thing that happens if Adobe open-sources flash is that black hats scrutinize it to find vulnerabilities they can use against the people who are still running flash. And then they'll develop exploits, and then eventually we'll know there was a hole after a bunch of people get owned.
Re:Kinda shortsighted counter.. (Score:4, Insightful)
Re: (Score:3)
And so long as that's the only thing people do with flash once it's open sourced (no more feature creep added by Adobe) then it should be just fine.
I suggest you do a review of open-source software. For every case like Linux where there's a core pushing things in the right direction, there's a case like GNOME where rather than actually fix things, every so often they just give up on the old version and tell everyone to convert to the new incompatible version. Whether a project is open-source or closed isn't really relevant.
https://www.jwz.org/doc/cadt.h... [jwz.org]
Re: (Score:2)
Adobe hasn't been adding new features. They fix dozens of security issues every month. You can read about these fixes on their security response blog.
I do think its delusional to think just because something is open source means people are going to arrive and fix bugs. More than likely people will pour over the source to find new exploits to target users who's clients never got the kill command from their browser to stop loading Flash.
Re: (Score:3)
That's probably why it won't be open-sourced. Adobe is simply too embarrassed about the code.
You see, Flash Player was free. It was never a revenue generating product (their producer software was the product they were sellin
Re: (Score:2)
find all those security holes - and fucking FIX them.
Security is just a very small reason for letting that depreciated proprietary plugin dependent junk die.
Re: (Score:2)
However if it got open-sourced then one of the first things people would be able to do for the first time ever is pour over the source
What are they going to pour over it? Gravy?
Re: (Score:2)
Wait a second... (Score:3)
Is there a petition I can sign for Adobe to delete the source code to Flash? I know it's almost dead but why wait? ;)
Re: (Score:2)
Let's start an anti-petition petition!
(seriously, I'll sign it)
If 5000 so-called artists want to save Flash and 500000 programmers want to kill it, Adobe will have to go with the higher number.
Re:Wait a second... (Score:5, Insightful)
If 5000 so-called artists want to save Flash and 500000 programmers want to kill it, Adobe will have to go with the higher number.
Few things have caused as much damage as old religious texts and their users, but I don't want them destroyed. They should be kept so we can remember history and not be doomed to repeat it.
A majority, no matter how big, should not be allowed to erase part of history, whether it's burning books or wiping code. This is especially true for bad history.
Re:Wait a second... (Score:4, Funny)
Is there a petition I can sign for Adobe to delete the source code to Flash? I know it's almost dead but why wait? ;)
NO. I have a bar bet regarding how many times the comment "# For the love of God, fix this before next release!!!" appears in the source.
OMG NO!!!!!! (Score:2)
Do NOT open source flash!@!##! Some crazy bunch will turn it into a project and keep it alive. Let the monstrosity die already!
Re: OMG NO!!!!!! (Score:3, Funny)
Systemd.flash
Re: (Score:2)
Great, now you gave them the idea. It's all your fault now, you know: The Internet Collapse of 2019, The Great Supernet Disruption of 2023 and the Meganet Crash of 2025.
Re: (Score:1)
server side flash servlets
Here's an idea (Score:5, Insightful)
Wait until it's completely dead, buried, and gone, even from grandma's old Windows XP machine, THEN open-source it for the sake of history, when there's no risk anyone is ever going to start using it again.
And nothing of value was lost (nt) (Score:2)
Good luck (Score:1)
I'm not saying there's nothing of value in joe-shmoe's ancient server full of flash junk, but maybe we can work on this after we get the mainstream game industry to stop shutting down DRM servers without releasing an end-of-life patch first.
Ya know, so you can still play the game- that you payed money for.
huuuuuge can of worms there (Score:5, Insightful)
Oh, you think Flash is a security problem now? Publish the source code to it. The malware writers will go over that with a fine toothed comb, and the rate of zero-days will go up by a factor of 10 until they finally exhaust it.
That, and everyone and their mom will be forking it to try to patch the holes they find. It'll be complete chaos.
Though... now that I think about it.... that will make flash SOOO much more of a security hazard that even most of the morons that are refusing to migrate their old crap will be forced to action. Maybe that'll be a net good? "Difficult to say... always in motion the future is."
Re: (Score:2)
Nope, it would make those idiots go with this solution: "This website requires OSSFlash fork 42 rev 54 to run properly".
Re: (Score:3, Insightful)
SO.. what you're saying is security through obscurity actually does work?
Re: (Score:2)
Of course it does. What doesn't work is when that's your only line of defense. Keeping sensitive stuff secret is obviously part of good security.
Re: huuuuuge can of worms there (Score:2)
Re: (Score:3)
Security through obscurity works as long as the obscurity is there.
In this case, any bug in the code can be found from painstakingly trying out various combinations of input to Flash. It's a slow method of poking through the obscurity, but it will eventually find all security holes.
Publishing the source code is simply a quicker way to remove the obscurity.
In either case, yes, it works as long as the obscurity remains, as is always the case with security through obscurity.
Re: (Score:2)
My mom doesn't know how to code, so I think we're safe.
Re: (Score:2)
As opposed to the average, run-of-the-mill Flash "programmer"?
Re: (Score:2)
Shit. My hat off to you sir.
Re: (Score:2)
Oh, you think Flash is a security problem now? Publish the source code to it. The malware writers will go over that with a fine toothed comb, and the rate of zero-days will go up by a factor of 10 until they finally exhaust it.
great, then it will be so vile and dangerous nobody in their right mind will use it. just stopping support will not finish off flash (just look at the amount of people still using win-xp).
I'd rather forget. (Score:1)
Comment removed (Score:4, Insightful)
Re: (Score:2)
Someone is going to recreate Flash, Adobe lacks the power to kill it.
Nope. Flash is dying and doing so very rapidly. We're at a stage now where you can happily browse the internet without it. It's basically going the way of ActiveX without the caveat that ActiveX was implemented by a lot of the finance world.
The world migrated away from it one site at a time. Even without it being killed, there's already very little reason to have it as a plugin browser.
Re: (Score:2)
Re: (Score:2)
You missed the point. I can build a steam engine at home, that doesn't mean the steam engine is effectively dead.
Adobe doesn't lack the power to kill Flash, it lacks the power to keep it alive. It's terminal and lying on its death bed.
Re: (Score:2)
Re: (Score:2)
I'm not sure how you can qualify that statement given that Flash is dying because a successor has already taken over (direct support in HTML + modern browser capabilities) and none of that has come close to being the security disaster that is Flash.
Re: (Score:2)
Please God, No! (Score:1)
Re: (Score:2)
That's not enough. I say we ask for presidential orders – signed in triplicate, sent in, sent back, queried, lost, found, subjected to public inquiry, lost again, and finally buried in soft peat for three months and recycled as firelighters.
Re: (Score:2)
Pouring acid on ashes will only neutralize the lye produced when the ashes react with water.
Flash games stored locally (Score:2)
I have three or four little flash games that I have downloaded over the course of time, keep on my computer, and play occasionally. I could live without them, I suppose; they aren't anything super-spectacular. But I like them.
It would be nice to some kind of a local flash execution tool for that sort of thing. Right now I load them into Firefox to play them.
Re:Flash games stored locally (Score:5, Informative)
Re: (Score:2)
Re: (Score:2)
For those of you with Windows: Media Player Classic [mpc-hc.org] runs Flash stored locally.
Flash doesn't have to run in a browser (Score:2)
Just download the program and run it on the Flash player on your machine.
NO (Score:2)
Nuke it from orbit, it's the only way to be sure. [cdn.meme.am]
Don't open source it, but release the source code (Score:1)
Publish the code, but under a restrictive license, so it can't be used until after the copyright expires (or until some predetermined date, since copyright may continue to be extended indefinitely). That way, flash dies, but it's still possible for future generations to look at material archived from the early internet. Why they'd want to is another question...
My solution: Add Flash to Creative Cloud (Score:2)
We'r talking about Adobe here, and herein lies the solution. Add Flash to the array of popular Adobe products that are now eyedroppered out to users on a monthly rental basis only under its Creative Cloud. Make Flash CC cost $10 a month, and everyone will finally stop using it.
Meanwhile, in the real world (Score:2)
Re: (Score:2)
Don't save it, don't open source it... (Score:1)
Once again, idiots designed a bunch of shit in a proprietary closed-source application...you deserve to lose everything.
Try an open standard next time.
Delayed Open Source (Score:2)
The complaint is that if Flash is available, people will not migrate away. What needs to happen is for the source to be prepped for open sourcing, but held in escrow for a time until migration away from flash is largely complete. It is critical that an open source Flash does not compete with migration away from it. So migration away must be a prerequisite.
Adobe will not OpenSource Falsh (Score:5, Interesting)
Two reasons:
1.) Opensourcing Flash would probably open Adobe to a lot of possible legal liabilities. It may incorporate technology licensed from 3rd parties, and expurging those from the source takes resources (engineers and lawyers). And even if they did a 100% perfect job removing every single thing non adobe controlled, that does not mean that anyone would disagree with them and take tham to court. That could be a honest disagreement, or some patent troll of sorts seeing what can be extorted...
2.) Adobe already makes programming tools which allows you to take a FLA or SFW file and convert it to todays HTML5/CCS3/ECMAScript standards. And as time passes, those will get better, and rake adobe lots of £€¥$ .
The best bet to preserve the parts of the web heavy on flash, is to develop a prupose built minimal browser, only for those sites, where the 2020 version of the plugin resides "as is" with no other plugins or ad-ons, and which can ONLY browse Whitelisted sites... Even better if you develop an addon for 2020 browsers that says "Open in flash" (analogous to the current "Open in IE"Plugins nowadays) and invoke that minimal browser for that site and that alone...
Never heard of... (Score:2)
Penis face never heard of change.org?
Source code for posterity only (Score:2)
They should release the source code just to make sure that everyone sees how NOT to create an abomination like that again, also, if you do, hopefully an ultra-intelligent AI will pick up on it, try to make it work and we'll save the human race.
Also, that bro-ski from ZDNet doesn't know what it's talking about. Flex is not Flash, Flex is a developer tool to make Flash applications. It requires Flash (the closed source plugin) to run the things that come out of Flex.
Reporter is an ignoramus (Score:2)
Flash was not intended to be the de facto scripting language for the web. Repeat: Flash was never intended to bring scripting to websites.
Flash was designed to do one simple thing: Allowing animators to transmit animated movies [homestarrunner.com] over low-bandwidth dial-up connections. (YouTube version if you d [youtube.com]
Digital Smallpox ??? (Score:2)
hears the thing (Score:2)
No Flash replacement (Score:3)
Intrusive Animated Ads (Score:2)
Corrected with emphasis. Marketers had so badly exploited Flash with intrusive animated ads that I HATED the Flash plugin. Other than YouTube in its early days, Flash has served little purpose for me.
I would not shed any tears if Flash were left to be forgotten along with Clippy, Photophucket, and Microsoft Bob.
Re:Has no one heard of Handbrake? (Score:5, Informative)
The "big deal" is things beyond simple video content.
Hopefully things like Shumway [github.io] will provide a path forward for viewing old content in the future.
Re: (Score:2)
Hopefully
I think that sums up the basic problem with Flash. You're put in a position where you have to petition and hope. The Shumway git repository [github.com] hasn't seen much activity for a couple of years.
Re: (Score:2)
Re: (Score:2)
You...do know that most of the emulators used for playing ROM files are backwards-engineered, some laboriously so, because the inner workings are kept secret? There's some reason to doubt that some of the game system manufacturers themselves know anymore what the inner workings of the hardware were, given that some ports look to be 'ROM+emu' packages.
The knowledge on the inner workings of the player enable a faster, smoother development of an emulator. But, really, I would expect the source for Flash to b