Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Open Source Security The Internet

Petition Asks Adobe To Open-Source Flash To Preserve Internet History (bleepingcomputer.com) 167

An anonymous reader quotes BleepingComputer: A petition is asking Adobe to release Flash into the hands of the open-source community. Finnish developer Juha Lindstedt started the petition a day after Adobe announced plans to end Flash support by the end of 2020. "Flash is an important piece of Internet history and killing Flash means future generations can't access the past," Lindstedt explains in the petition's opening paragraph. "Games, experiments and websites would be forgotten." The developer wants Adobe to open-source Flash or parts of its technology so the open-source community could take on the job of supporting a minimal version of the Flash plugin or at least create a tool to accurately convert old SWF and FLA files to modern HTML5, canvas data, or WebAssembly code... Lindstedt is asking users to sign the petition by starring the project on GitHub. At the time of writing, the petition has garnered over 3,000 stars.
A reporter at ZDNet counters that "the only way to really secure Flash is to get rid of it... If Flash lives, people will continue to use it, and without security support, it will be even more insecure than ever." He points out there's already several programs that convert Flash into other formats -- and that Adobe already open sourced its Flex framework for building Flash applications back in 2008 (now supported by the Apache Software Foundation as Apache Flex). "In other words, we don't need the Flash source code to convert or create Flash files. Just let Flash go already...!

"Usually, I'm favor with open-sourcing everything and anything. Not this time. Flash has proven to be a net of endless security holes. It's time to let it go for once and for all.
This discussion has been archived. No new comments can be posted.

Petition Asks Adobe To Open-Source Flash To Preserve Internet History

Comments Filter:
  • by Anonymous Coward

    History is history. Deleting it to chase some mythical "security" unicorn deletes a part of the internet's history.

    (Let's leave aside how top-down the Flash eradication campaign has been. The users still want it, and telling them they can't have it because you want to play with your shiny new HTML5 toys is a non-starter.)

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Lets smash all forms of analog storage mediums too! I mean look at all of those vinyl records that have ZERO copy protection! I mean how can we let this be! Destroy it all! Fuck preservation of history!

      • Re: (Score:2, Funny)

        by infolation ( 840436 )
        Flash needs to be treated like the smallpox virus. Once it's eradicated from the world, the source code needs to be preserved in an air-gapped laboratory that authorised members of the scientific community have access to in case of another outbreak.
    • Fuck that...it needs to die and the ground it is on needs to be salted in 10 feet of salt.
      • I'm kind of in both camps. Flash can not die soon enough. However I do have a collection of youthful stupidity that I made many moons ago that I'd love to be able to show to my grandkids one day. Maybe what's really needed is proper spec docs so a html5 converter project doesn't get bogged down in hellish reverse engineering

      • You really want the glory that is Lobster Magnet to be unviewable?

    • by theweatherelectric ( 2007596 ) on Sunday July 30, 2017 @05:10PM (#54910531)

      The users still want it

      Users don't know what they want. Users fundamentally don't care if their dancing pigs animation is implemented in Flash or something else.

    • Don't even need to read the ZD article to know it's wrong, and also dumb. No one is saying "Let's open source the code and include it in every browser!" Like, what, are people going to be giddy at the prospect of open source Flash and start rolling it into lynx or systemd**?

      Come 2020, regardless of whether Flash is open sourced or not, no one is going to be developing new jank for a dead platform that's not available in any modern browser. Because only a vanishingly small percentage of people will eve
    • I agree it's a shame to lose access to old Flash content, but really, some mythical "security" unicorn? Are you denying that we improve security by banning Flash, or are you just being snarky?

      • I agree it's a shame to lose access to old Flash content, but really, some mythical "security" unicorn?

        He's not wrong, you know. Flash is but one security flaw in an ecosystem of security flaws. Eliminating it will make very little difference, as the problem just moves to a new neighborhood.

        • Disagree. Flash was a pile of crap, far less secure than, say, Chrome. Eliminating that easy attack surface makes things harder for the bad guys.

          It also enabled cross-OS, cross-browser exploits.

      • That's a false dichotomy.

        Banning Flash is not contradictory to having it made open source so as to enable web preservation. From a security perspective, it might actually be quite desirable--you enable smooth conversion into modern formats now, without the problems and security risks of using back-engineered tools that may let the security flaws of the original slide through, and later use of Flash as an instructional tool. You can show it to students, and let them see for themselves the trainwreck, inste

        • I feel you're avoiding my point. Making Flash unavailable in ordinary browsers does improve security. There are no unicorns involved.

          • My point is that making it unavailable in ordinary browsers is a realistic measure, but you are indulging in magical thinking if you believe further in security will be had by losing its source code.

    • by fche ( 36607 )

      Thank goodness SJVN has no power to enforce the conclusions of his goofy logic.

  • Let it die. (Score:2, Insightful)

    by Anonymous Coward

    Don't open source it. Don't share or preserve it. Shoot it and bury the remains. It needs to go away. That's the point of EOLing it.

    • by Gondola ( 189182 )

      Adobe will never open source it in a million years. It's the most insecure piece of trash and is being EOL'd because new vulnerabilities keep showing up and Adobe isn't making enough money off of it anymore to warrant the team of coders to try to keep up with all the security issues.

    • by Khyber ( 864651 ) <techkitsune@gmail.com> on Sunday July 30, 2017 @08:26PM (#54911237) Homepage Journal

      Do open source it so we can look at the hackjob shitpile that is Adobe code and learn from their utter fuckups, and get a laugh at the same time!

    • F'ing something completely sounds like a job Adobe is perfectly qualified for!

  • by Anonymous Coward on Sunday July 30, 2017 @03:40PM (#54910129)

    To the guy who countered that flash should just be forgotten rather than open-sourced, his excuse for doing so is stupid.

    Yes, Flash in it's current closed-source state is riddled with security holes and vulnerabilities. However if it got open-sourced then one of the first things people would be able to do for the first time ever is pour over the source - find all those security holes - and fucking FIX them.

    And so long as that's the only thing people do with flash once it's open sourced (no more feature creep added by Adobe) then it should be just fine.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      How does making something "open source" magically make it bug-free and highly secure? Perhaps Flash is just so old, large and convoluted that there really isn't any way to completely fix it. It could be a hopeless cause and not some product of an "evil corporation" that seeks profit over security,

      Make something to convert AWAY from Flash but please don't keep Flash alive.

      PS: how long before Firefox becomes a completely bug-free and highly secure version of Netscape Navigator?

      • by Anonymous Coward

        "How does making something "open source" magically make it bug-free and highly secure? Perhaps Flash is just so old, large and convoluted that there really isn't any way to completely fix it."

        There's nothing magic about it. As I said, you just get the chance to fix the holes for the first time ever. Why give up without even trying? If it really is a tangled mess THEN people would be able to leave it (or rebuild it from scratch)

        But unless it's open-sourced we'll never know if it's fixable or not. And the dif

      • by LesFerg ( 452838 ) on Sunday July 30, 2017 @06:34PM (#54910867) Homepage

        How does making something "open source" magically make it bug-free and highly secure?

        Didn't you know open source has magical properties? Masses of people will suddenly give a shit about the state of the code and want to fix it. After all, when did an open source project ever stagnate and die from lack of interested developers? ... oh right...

        • It's true though, the first thing that happens if Adobe open-sources flash is that black hats scrutinize it to find vulnerabilities they can use against the people who are still running flash. And then they'll develop exploits, and then eventually we'll know there was a hole after a bunch of people get owned.

    • by TeknoHog ( 164938 ) on Sunday July 30, 2017 @05:54PM (#54910709) Homepage Journal
      Flash should be kept alive for the same reason we have museums of Nazism -- to remember history and learn from it.
    • by shess ( 31691 )

      And so long as that's the only thing people do with flash once it's open sourced (no more feature creep added by Adobe) then it should be just fine.

      I suggest you do a review of open-source software. For every case like Linux where there's a core pushing things in the right direction, there's a case like GNOME where rather than actually fix things, every so often they just give up on the old version and tell everyone to convert to the new incompatible version. Whether a project is open-source or closed isn't really relevant.

      https://www.jwz.org/doc/cadt.h... [jwz.org]

    • Adobe hasn't been adding new features. They fix dozens of security issues every month. You can read about these fixes on their security response blog.

      I do think its delusional to think just because something is open source means people are going to arrive and fix bugs. More than likely people will pour over the source to find new exploits to target users who's clients never got the kill command from their browser to stop loading Flash.

    • by tlhIngan ( 30335 )

      Yes, Flash in it's current closed-source state is riddled with security holes and vulnerabilities. However if it got open-sourced then one of the first things people would be able to do for the first time ever is pour over the source - find all those security holes - and fucking FIX them

      That's probably why it won't be open-sourced. Adobe is simply too embarrassed about the code.

      You see, Flash Player was free. It was never a revenue generating product (their producer software was the product they were sellin

    • find all those security holes - and fucking FIX them.

      Security is just a very small reason for letting that depreciated proprietary plugin dependent junk die.

    • However if it got open-sourced then one of the first things people would be able to do for the first time ever is pour over the source

      What are they going to pour over it? Gravy?

  • by Gravis Zero ( 934156 ) on Sunday July 30, 2017 @03:43PM (#54910149)

    Is there a petition I can sign for Adobe to delete the source code to Flash? I know it's almost dead but why wait? ;)

    • Let's start an anti-petition petition!

      (seriously, I'll sign it)

      If 5000 so-called artists want to save Flash and 500000 programmers want to kill it, Adobe will have to go with the higher number.

      • by arth1 ( 260657 ) on Sunday July 30, 2017 @11:37PM (#54911767) Homepage Journal

        If 5000 so-called artists want to save Flash and 500000 programmers want to kill it, Adobe will have to go with the higher number.

        Few things have caused as much damage as old religious texts and their users, but I don't want them destroyed. They should be kept so we can remember history and not be doomed to repeat it.
        A majority, no matter how big, should not be allowed to erase part of history, whether it's burning books or wiping code. This is especially true for bad history.

    • by 93 Escort Wagon ( 326346 ) on Sunday July 30, 2017 @07:00PM (#54910955)

      Is there a petition I can sign for Adobe to delete the source code to Flash? I know it's almost dead but why wait? ;)

      NO. I have a bar bet regarding how many times the comment "# For the love of God, fix this before next release!!!" appears in the source.

  • Do NOT open source flash!@!##! Some crazy bunch will turn it into a project and keep it alive. Let the monstrosity die already!

  • Here's an idea (Score:5, Insightful)

    by Anonymous Coward on Sunday July 30, 2017 @03:47PM (#54910175)

    Wait until it's completely dead, buried, and gone, even from grandma's old Windows XP machine, THEN open-source it for the sake of history, when there's no risk anyone is ever going to start using it again.

  • by Anonymous Coward

    I'm not saying there's nothing of value in joe-shmoe's ancient server full of flash junk, but maybe we can work on this after we get the mainstream game industry to stop shutting down DRM servers without releasing an end-of-life patch first.
    Ya know, so you can still play the game- that you payed money for.

  • by v1 ( 525388 ) on Sunday July 30, 2017 @03:55PM (#54910203) Homepage Journal

    Oh, you think Flash is a security problem now? Publish the source code to it. The malware writers will go over that with a fine toothed comb, and the rate of zero-days will go up by a factor of 10 until they finally exhaust it.

    That, and everyone and their mom will be forking it to try to patch the holes they find. It'll be complete chaos.

    Though... now that I think about it.... that will make flash SOOO much more of a security hazard that even most of the morons that are refusing to migrate their old crap will be forced to action. Maybe that'll be a net good? "Difficult to say... always in motion the future is."

    • Nope, it would make those idiots go with this solution: "This website requires OSSFlash fork 42 rev 54 to run properly".

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      SO.. what you're saying is security through obscurity actually does work?

      • Of course it does. What doesn't work is when that's your only line of defense. Keeping sensitive stuff secret is obviously part of good security.

      • Security through obscurity works as long as the obscurity is there.

        In this case, any bug in the code can be found from painstakingly trying out various combinations of input to Flash. It's a slow method of poking through the obscurity, but it will eventually find all security holes.

        Publishing the source code is simply a quicker way to remove the obscurity.

        In either case, yes, it works as long as the obscurity remains, as is always the case with security through obscurity.

    • My mom doesn't know how to code, so I think we're safe.

    • by sad_ ( 7868 )

      Oh, you think Flash is a security problem now? Publish the source code to it. The malware writers will go over that with a fine toothed comb, and the rate of zero-days will go up by a factor of 10 until they finally exhaust it.

      great, then it will be so vile and dangerous nobody in their right mind will use it. just stopping support will not finish off flash (just look at the amount of people still using win-xp).

  • Enough saiid.
  • Comment removed (Score:4, Insightful)

    by account_deleted ( 4530225 ) on Sunday July 30, 2017 @04:02PM (#54910225)
    Comment removed based on user account deletion
    • Someone is going to recreate Flash, Adobe lacks the power to kill it.

      Nope. Flash is dying and doing so very rapidly. We're at a stage now where you can happily browse the internet without it. It's basically going the way of ActiveX without the caveat that ActiveX was implemented by a lot of the finance world.

      The world migrated away from it one site at a time. Even without it being killed, there's already very little reason to have it as a plugin browser.

      • Comment removed based on user account deletion
        • You missed the point. I can build a steam engine at home, that doesn't mean the steam engine is effectively dead.

          Adobe doesn't lack the power to kill Flash, it lacks the power to keep it alive. It's terminal and lying on its death bed.

          • Comment removed based on user account deletion
            • I'm not sure how you can qualify that statement given that Flash is dying because a successor has already taken over (direct support in HTML + modern browser capabilities) and none of that has come close to being the security disaster that is Flash.

  • Kill it with fire and pour acid on the ashes. It's only use in history is as a horrible cautionary tale.
    • That's not enough. I say we ask for presidential orders – signed in triplicate, sent in, sent back, queried, lost, found, subjected to public inquiry, lost again, and finally buried in soft peat for three months and recycled as firelighters.

    • Pouring acid on ashes will only neutralize the lye produced when the ashes react with water.

  • I have three or four little flash games that I have downloaded over the course of time, keep on my computer, and play occasionally. I could live without them, I suppose; they aren't anything super-spectacular. But I like them.

    It would be nice to some kind of a local flash execution tool for that sort of thing. Right now I load them into Firefox to play them.

  • Just download the program and run it on the Flash player on your machine.

  • Publish the code, but under a restrictive license, so it can't be used until after the copyright expires (or until some predetermined date, since copyright may continue to be extended indefinitely). That way, flash dies, but it's still possible for future generations to look at material archived from the early internet. Why they'd want to is another question...

  • We'r talking about Adobe here, and herein lies the solution. Add Flash to the array of popular Adobe products that are now eyedroppered out to users on a monthly rental basis only under its Creative Cloud. Make Flash CC cost $10 a month, and everyone will finally stop using it.

  • A ton of not-so-obscure companies (cough SAP cough cough) have been releasing front ends to their products that run in a browser with...FLASH! So EOLing it is just going to cost everyone else more money to work around it.
  • by Anonymous Coward

    Once again, idiots designed a bunch of shit in a proprietary closed-source application...you deserve to lose everything.

    Try an open standard next time.

  • The complaint is that if Flash is available, people will not migrate away. What needs to happen is for the source to be prepped for open sourcing, but held in escrow for a time until migration away from flash is largely complete. It is critical that an open source Flash does not compete with migration away from it. So migration away must be a prerequisite.

  • by williamyf ( 227051 ) on Sunday July 30, 2017 @05:34PM (#54910611)

    Two reasons:

    1.) Opensourcing Flash would probably open Adobe to a lot of possible legal liabilities. It may incorporate technology licensed from 3rd parties, and expurging those from the source takes resources (engineers and lawyers). And even if they did a 100% perfect job removing every single thing non adobe controlled, that does not mean that anyone would disagree with them and take tham to court. That could be a honest disagreement, or some patent troll of sorts seeing what can be extorted...

    2.) Adobe already makes programming tools which allows you to take a FLA or SFW file and convert it to todays HTML5/CCS3/ECMAScript standards. And as time passes, those will get better, and rake adobe lots of £€¥$ .

    The best bet to preserve the parts of the web heavy on flash, is to develop a prupose built minimal browser, only for those sites, where the 2020 version of the plugin resides "as is" with no other plugins or ad-ons, and which can ONLY browse Whitelisted sites... Even better if you develop an addon for 2020 browsers that says "Open in flash" (analogous to the current "Open in IE"Plugins nowadays) and invoke that minimal browser for that site and that alone...

  • Penis face never heard of change.org?

  • They should release the source code just to make sure that everyone sees how NOT to create an abomination like that again, also, if you do, hopefully an ultra-intelligent AI will pick up on it, try to make it work and we'll save the human race.

    Also, that bro-ski from ZDNet doesn't know what it's talking about. Flex is not Flash, Flex is a developer tool to make Flash applications. It requires Flash (the closed source plugin) to run the things that come out of Flex.

  • A reporter at ZDNet counters that "the only way to really secure Flash is to get rid of it... If Flash lives, people will continue to use it, and without security support, it will be even more insecure than ever."

    Flash was not intended to be the de facto scripting language for the web. Repeat: Flash was never intended to bring scripting to websites.

    Flash was designed to do one simple thing: Allowing animators to transmit animated movies [homestarrunner.com] over low-bandwidth dial-up connections. (YouTube version if you d [youtube.com]

  • Reminds me of the debate about whether we should keep or destroy the last remaining sample of Smallpox.
  • flash has been dying for the last 10 years yet it keep's on trucking. they even started updating linux flash again after they killed it. i bet 2020 will come around and they will make some excuse to keep it going.
  • by MoarSauce123 ( 3641185 ) on Monday July 31, 2017 @09:41AM (#54913187)
    The great advantage of Flash is that you can create a RIA once and it looks and behaves about the same no matter which browser or OS it is run on. HTML5 with JS is FAR FAR FAR away from that. There is no reasonable replacement for what Flash can deliver. With Flash going away the web loses a great tool. And yes, I understand the security issues...then again, cars are inherently dangerous and we still drive every day.
  • "Games, experiments, intrusive animated ads and websites would be forgotten."

    Corrected with emphasis. Marketers had so badly exploited Flash with intrusive animated ads that I HATED the Flash plugin. Other than YouTube in its early days, Flash has served little purpose for me.

    I would not shed any tears if Flash were left to be forgotten along with Clippy, Photophucket, and Microsoft Bob.

To stay youthful, stay useful.

Working...