There has been a lot of talk about Flash security lately. First Jobs made some claims about it in his “thoughts on Flash” rant, and now with the recent vulnerability a lot of people seem to think that he has been proven right.
But is there any truth in Flash being unusually insecure?
Jobs try to back up his FUD by mentioning a Symantec report which he claims “highlighted Flash for having one of the worst security records in 2009″. Of course he doesn’t quote anything from the report, nor provide a link. But if you actually read the report you will see that his claim is a blatant lie.
Nowhere in the report Flash is highlighted, and there is just no data in it to support that conclusion. In fact the report shows that Flash was the browser plug-in with the least reported vulnerabilities.
In the section about web browser plugins they write the following:
In 2009, Symantec documented 321 vulnerabilities affecting plug-ins for Web browsers (figure 9).ActiveX technologies were affected by 134 vulnerabilities, which was the highest among the plug-in technologies examined. Of the remaining technologies, Java SE had 84 vulnerabilities, Adobe reader had 49 vulnerabilities, Quicktime had 27 vulnerabilities, and Adobe Flash player was subject to 23 vulnerabilities. The remaining four vulnerabilities affected extensions for Firefox.
Considering how widespread the Flash Player is, combined with the fact that it runs scripts and has a lot of connectivity features, it’s obviously an extremely attractive target. So the fact that it has the least vulnerabilities is something that Adobe should get credit for.
So we can conclude that Jobs claim has nothing to do with the number of vulnerabilities.
Could it have to do with the severity of the vulnerabilities then?
Indeed Flash is mentioned again in the report:
Among the vulnerabilities discovered in 2009, a vulnerability affecting both Adobe reader and Flash player was the second most attacked vulnerability.Considering that Flash is installed of some 98% of computers it is hardly surprising to find that any vulnerability will be exploited to it’s fullest. But that one of the top five attacked vulnerabilities was involving Flash can hardly be used to support Jobs claim of Flash “having one of the worst security records in 2009″.
Search trough the document for when Flash is mentioned and you notice that that there is no other mentions of the security record of Flash other than what I quoted. There is a mention in the section about browsers, where Symantec provides advice about how to secure the browser:
Browser security features and add-ons should be employed wherever possible to disable JavaScript™, Adobe Flash player, and other content that may present a risk to the user when visiting untrusted sites. Organizations should consider adopting a policy of identifying a list of whitelisted, trusted, or authorized websites and block access to all other sites. Whitelists must be actively maintained due to the risk presented when trusted sites are compromised and used to host attacks or malicious software.Of course this is sound advice for enterprises with sensitive data to protect.
If security is vital you should only allow whatever is really necessary to run on your machines, and that obviously includes Flash. Some people try to interpret this as Symantec trying to imply that Flash is a major threat, but what it means is that Flash is a threat, just like any other piece of software, and for optimal security it should only be used when needed.Note that they recommend disabling JS as well, meaning that HTML5 , which Jobs seems to imply would be a more secure alternative, should be avoided as well. Disabling both JS and Flash and only allowing access to trusted sites does not make for a great Internet experience, but obviously that is not particularly desirable on enterprise workstations anyway.
So in conclusion there is absolutely no basis for Jobs claims in the report he mentions, and instead it shows a very good security record for the Flash player. But the features and obliquity of the Flash Player will of course mean that hackers will do everything they can to find vulnerabilities, and when they do it has the potential to affect many people.
So the claim that Flash was highlighted is a blatant lie, and it’s not a subject up for discussion. Symantec has a section with highlights in which Flash is not mentioned once. It’s interesting to note what does get highlighted in the report though.
This is what they say on Safari in the highlight section:
Of all browsers Symantec analyzed in 2009, Safari had the longest window of exposure (the time between the release of exploit code for a vulnerability and a vendor releasing a patch), with a 13-day average; Internet Explorer, Firefox, and Opera had the shortest windows of exposure in 2009, averaging less than one day each.Compared to other browsers this is a truly appalling security record. Not only did Safari have the second most vulnerabilities of the browsers, but average window of exposure was 13 days. Second place was grabbed by Chrome with 2 days.
Also they have the following to say about Safari:
Additionally, all browsers except Safari either remained status quo or showed an improvement in the window of exposure. This demonstrates an increased effort by vendors to minimize theamount of time that users are exposed to exploits.It seems quite clear that the way Jobs reads the report, according to him obscurity equals security. With a market share of a few percent obviously Safari will not make it in to any list of the most attacked vulnerabilities, but that does not make it’s security record any better. The record instead shows that Apple does not seem to care much about security when it comes to their own products.
While it’s very important that Adobe ensures that Flash is secure, there is simply no basis in fact for the claims that it has a particularly bad security record. The latest incident is unfortunate, both since it seems to be a fairly severe vulnerability, and because of the timing.
But according to Adobes security team there should be a patch to the release version tomorrow.
For those of you interested in details about the work of Adobes security team, I recommend reading this interview.
EDIT:
I just noted that the severity of the current vulnerability is classified to “Risk Level 1: Very Low” by Symantec. Secunia on the other hand is classifying it as “extremely critical”, so I guess the jury is still out on how severe it is. But it does seem like it’s not being actively exploited on large scale yet. According to Symantec the number of infections are 0-49 and the damage level is low as well.Related posts:
Can you tell me where I can find that info (i.e. what actual document)?
It’s linked in the second paragraph.
Here is a direct link to the actual PDF:
http://www4.symantec.com/Vrt/wl?tu_id=SUKX1271711282503126202
Thanks Leo
Also interesting that Quicktime had more vulnerabilities than Flash too
Thanks for raising awareness with this info. I’m a long-time Mac user but I don’t drink their “kool-aid.” I don’t own an iPhone or iPad as their business model is based on greed. The Rebel Forces must continue their fight against the Empire.
http://gawker.com/5559346/apples-worst-security-breach-114000-ipad-owners-exposed
How far down the rabbit hole are you willing to go?
http://blog.leefernandes.com/flash/2010/04/is-flashplayer-buggy-does-flashplayer-cause-crashes
http://blog.leefernandes.com/flash/2010/04/steve-jobs-is-full-of-it
In other news, Adobe lies about their (lack) of Mac support:
“Linux currently lacks a developed standard API that supports H.264 hardware video decoding, and Mac OS X does not expose access to the required APIs.”
from:
http://labs.adobe.com/technologies/flashplayer10/releasenotes.pdf
“Video Decode Acceleration Framework”
http://developer.apple.com/mac/library/technotes/tn2010/tn2267.html
I don’t know who started it, but if you make false statement about others’ software quality you should expect the same, no?
Here, in the real world, there is no good or evil, people bullshit for their own profit and this is what Adobe, Google and Apple are doing.
Sorry Martin, but you are a bit confused regarding the subject.
The Adobe document you refer to is written before Apple made the API available.
Six days after the API was made available Adobe released a preview version of the Flash Player for OSX with hardware acceleration.
Apple are proven to repeatedly lie to their customers, and that is not common practice with most companies since they know that would turn their customers away in the long run.
I understand that one can get a bit cynical by spending a lot of time in Apple’s walled garden, but out here in the open I see several companies that have very nice products and services which are perfectly marketable without resorting to lying.
OK, just checked, looks like there is hardware acceleration in the latest Flash, but
the Adobe document creation/modification date: 2/06/2010
Apple doc: March.
Adobe is confusing me
Actually in the Flash Player released yesterday there is no acceleration for OSX from what I understand.
It is a bit confusing, I guess they wanted rush out a version with HW acceleration considering that it has been so many complaints about video performance on OSX. So they made the “Gala” branch to get that into public beta a.s.a.p.
Ensuring that it is stable and works satisfactory takes some time though, so they said that they will make an update to the release version with HW acceleration soon after 10.1 was released.
The part you quoted in the pdf was part of the same document for earlier versions of the player released before the API was made available. It is now a bit incorrect because it says “does” rather than “did”. But the version of the player that the document refers to does not have HW acceleration for OSX, and the reason for that is that there was no API available.
So you do have a point that the information is incorrect considering the date of the document, but I would not call it a lie, but a minor oversight when updating the document.
You’re right, I wasn’t watching it in HD in my test.
h.264 in HD from youtube:
Flash: 80% of CPU usage
VLC .9.1: 27% of CPU usage
So Flash is only 3 times slower than other “software only” solution. I guess there’s not only lies in Apple speech.
Another interresting thing I found, the new Mac FlashPlayer plugin DOES contain a reference to /System/Library/Frameworks/VideoDecodeAcceleration. (run strings | grep VideoDecodeAcceleration on the executable inside the plugin). So, if it’s not enabled now, it’s probably very close.
I don’t think anyone is denying that the Flash Player performs bad on OSX.
There are so many factors involved in the performance of a browser plugin, so before you blame Adobe for the lackluster performance you experience you need to do some research as to why that is.
Firstly, all browser plugins perform worse on OSX than on Windows:
http://www.craftymind.com/guimark/
Even WebKit developers themselves call the plugin format “archaic”:
http://webkit.org/blog/96/background-music/
So while HW acceleration has shown to bring some benefits to video playback, don’t expect the Flash player to beat native applications on OSX just yet.
Look at this benchmark:
http://www.streaminglearningcenter.com/articles/flash-player-cpu-hog-or-hot-tamale-it-depends-.html
Flash Player in Firefox on windows uses about half the CPU compared to HTML5 video in Safari. So it’s certainly possible for Flash to perform really well, but for various reasons it does not do that in OSX.
Basically there are a few different factors to consider:
1) Plugin architecture. Since all browser plugins seems to perform worse on OSX, it seems like there is a lot of room for improvement in this area.
2) Hardware acceleration. While Apple has released an API which will be incorporated in to a release version of Flash Player soon, it only covers decoding of H.264 and not displaying and scaling.
According to Flash Player engineer Tinic Uro:
“Video playback is generally hardware accelerated on two levels: 1. Decoding H.264 bit streams itself and 2. Displaying & scaling the decoded YUV12 formatted video frames. The new API provided by Apple only covers H.264 decoding and we are well aware that we need to accelerate the display and scaling of video. CAOpenGLLayer is the vehicle for that. We are looking at how we can get this implemented soon, but it’s simply too late to include this into Flash Player 10.1.”
3) Various other hooks and features of the operating system. The Flash Player uses different native systems on different platforms, and of course the performance of the player will depend on the efficiency of those systems.
For example you have several systems on OSX to draw in the browser, and different browsers will allow the plugin to use different systems.
4) Optimization for various platforms. Adobe appears to be doing a lot of optimizations for OSX right now, not only by enabling HW acceleration for video, but by porting it to Cocoa and using Core Animation when supported.
But it’s a bit complicated when Apple is not that great on cooperating and often make changes to their system without announcing them ahead of release.
With a bunch of different drawing systems to support, optimizing for OSX is a lot more work than for the various flavors of windows which all use DirectX. It’s just not reasonable to spend the majority of your time optimizing for a platform that less than 10% of your audience uses.
Complaints about performance on OSX is not only limited to Flash and other browser plugins. I hear the same complaints from DAW users when they notice better performance when bootcamping into Windows. Same goes for games or creative suite.
And it doesn’t seem to matter if a company is very Mac-centric. For example Ableton Live is developed on OSX and has a majority of Mac users among their customers, and still performs worse on OSX.
Maybe the performance issues are not only to do with 3rd parties?
Could it be that OSX does not always provide what is needed to make optimal use of the hardware?
It certainly seems that way to me judging by various benchmarks, even if I’m sure there is more Adobe could do to improve the situation. In fact that is blatantly obvious considering that they are doing it. Just don’t expect that performance will be on par with Windows regardless of how much work Adobe puts in to the Flash Player.
OK, all you say here is right, but again, the number is 300% slower. I’m sure you are not implying that Safari or Mac OS X impose a 300% overhead on user code? We all know this is BS. You just want to avoid admitting that this stupid “Apple-Adobe war” actually have roots in some lazyness from Adobe. In all fairness, Adobe is probably not lazy at all and just prioritise on the biggest market share (Windows), but that was still leaving Apple at the mercy of a 3rd party.
If you look at for example GUIMark, the plugin which performs best on OSX compared to Windows is maybe somewhat surprisingly Silverlight, which runs at bit more than half the speed.
Of course 300% is worse, but at the same time performance of the Flash Player is still better in that particular test.
The end result is that all browser plugins run very bad in OSX, and Flash does not run worse than others, but it runs even better on Windows.
And the whole “at the mercy of 3rd party” argument is a bit out of touch with reality IMO. Unless Apple had complete control over the technologies and content on the web, as well as all software available for their platforms, they will be at the mercy of 3rd parties. That’s just how things work, and when manufacturing an OS you have to deal with that.
With HTML5, Apple will be at the mercy of third parties as well. HTML standards are not developed by Apple alone, and Safari does not have enough market share to dictate features. People will keep developing with Firefox and IE in mind, so Apple cannot push whatever change they want to the web.
Influencing Adobe to incorporate a feature can actually be a lot easier and quicker than getting it accepted as part of the HTML standard, getting it incorporated into all major browsers and getting those browsers out to the users.
Hi, thanks for the post. I like your writing style, and the balancad way yoy reply to flames.
I sweared to myself not to waste a single synapsi anymore on this apple-adobe ballet.
But again, reading comments, it amazes me how apple-supporters are dEtermined and full of hatred towards flash.
After all the adobe community has been publicly attacked and a reaction is expectable.
But why apple fans are so determined and angry?
There is some interesting psychological phenomenon, which reminds me the initial phases of totalitarian regimes.
I love apple hardware. But i do not understand why apple fans can’t notice that apple politics hurts primarily us, apple users.
We should open our eyes…
Love,
Filippo
And now that Flash is available on mobile platform (3 years late) we can compare:
http://newteevee.com/2010/08/31/video-flash-on-android-is-startlingly-bad/
If you like to compare to HTML5 I recommend having a look at this video: http://www.youtube.com/watch?v=rfmbZkqORX4
I have a Galaxy S with Flash 10.1, and it’s very rare that I have problems watching videos. And talking with other Android users most seem to think that the Flash Player works fine.
In fact I watched the video in question using Flash on my Galaxy S and it played without a glitch.
Much of the video you refer to is spending time showing issues with abc.com rather than with the Flash Player. The problems there are actually not related to Flash at all, but has to do with the JavaScript they use to serve ads and videos,
And Hulu blocking mobile devices of course is not an issue with the Flash Player, and if you change user agent you can watch their videos without problem.
If you read the comments several people say that they can watch the same metacafe videos without problems on their Nexus One, so rather than a general issue with Flash it seems like Kevins phone is having issues.
Of course there can be videos that is heavy for mobile devices to handle. With Flash you get access to video in a variety of formats. HTML5 on mobile devices is limited to baseline encoded h.264, which is made to be less taxing to decode. Flash however can play any h.264 video as well as VP6. So some videos will be heavy to decode and some will not be possible to decode using the GPU.
Flash will then display a warning that the video is not optimized for mobile. A lot of the time it will work fine anyway, such as the video in question which my Galaxy S can handle without issues despite not being baseline h.264. Sometimes framerate will suffer, and then you have the choice to stop watching if you don’t find the performance acceptable,
So Flash gives you a choice. Hopefully the content provider has made versions available that runs well on mobile devices, in which case Flash offers just as good performance as HTML5. If not you might be able to watch it anyway, or you might get unacceptable performance. You get to choose depending on the capabilities of your device and your opinion on what you find acceptable.
To only allow baseline h.264 would be like if Microsoft decided that Crysis should not be available for Windows since a lot of machines cannot get a decent framerate. As a user I cannot see how that is a preferable scenario instead of me having to option to choose myself.
Maybe my machine does run the game fine, or maybe I rather play at 15FPS than not play it at all.
Interresting comparaison indeed.
My video shows a guy that seems to try to do genuine tasks on real websites. Your video shows some guy using html5 experiments definitely designed for mouse interface and using heavy javascript that probably need a 2Ghz cpu to run acceptably.
The same guy tries to prove Flash stability in another video by not having it crashing for 1 min, this is a joke.
The video you posted shows a guy trying to access content targeted at desktops with a mobile device. In what way is that more genuine than doing the same for HTML5?
Should Google ban JavaScript because some applications require a 2GHz CPU? Is JavaScript a horrible technology because it does not work well on every device according to you?
Should we completely banish interactive content on the web because some machines cannot handle all applications?
The point is that regardless of the technology used you will have some content targeted at higher spec machines that will not run on low power devices. You will also have badly coded applications.
Blaming the technologies for that just exposes a lack of understanding.
Is Direct3D terrible because Crysis runs bad on a low-spec machine, despite that OpenGL would result in equally bad performance on underpowered machines?
Should Microsoft ban both Direct3D and OpenGL from Windows because some games using the technologies will run bad on some machines?
Good, we agree that those kind of videos and comparison are meaningless then? But why are you only showcasing the ones that are biased against Apple and try to make it look like it’s informations?
“In what way is that more genuine than doing the same for HTML5?”
Well, like I said he was using real websites (ABC.com, Fox.com) not useless (but cool) technology showcase. (like http://www.dontclick.it, http://www.chromeexperiments.com). That’s just what I meant by “more genuine”. If playing with bouncing svg balls is more your thing, than you may disagree of course.
Not sure why you’re trying to attribute the “banish interactive content” and “ban javascript” opinion to me, Obviously, I have the opposite opinion. Flash is now mostly a duplicate of the html5 stack and it does not work any better but is controlled by only one company.
The video I posted is a response to Jobs claims that Flash is not suitable for mobile devices. It’s obvious that any web technology can be used in a way that is not suitable for mobile devices, and HTML5 does not provide the benefits that Jobs implies that it does.
When Jobs is lying I think it’s fair enough to point that out. That’s just demonstrating facts and refuting biased claims.
And the reason he’s using demos to demonstrate HTML5 is that there are no serious applications using HTML5, which says a lot about how mature the technology is and demonstrates that HTML5 is nowhere near ready being a replacement for Flash.
So if you buy an iDevice it seems like playing around with bouncing svg balls is your thing. I like to use real games and applications, and then HTML5 is in no way a replacement for Flash.
The newteewee video is very biased since it blames Flash for issues that has nothing to do with Flash. Abc.com has issues with the JavaScript that does the ad and video rotation. Fox has issues with the site as well resulting in choppy playback. If you embed the video on a blank page it plays back fine as demonstrated in the follow-up post on newteewee:
http://newteevee.com/2010/09/02/is-flash-on-android-shockingly-bad-or-shockingly-great/
Also there is a demonstration of the metacafe videos playing back fine with the Android Flash Player, including the HD versions.
It’s a very bad demo full of technological misunderstandings, only catering for the uninformed to reinforce their misconceptions.
Since you blame Flash as a technology for bad performance with demanding or badly optimized applications, it seems like a logical conclusion that JavaScript would be to blame when HTML5 applications does not perform well on a device.
You claim that the video you posted can be used to compare performance, and then when you see a video with an HTML5 application with bad performance it’s all of a sudden not relevant because it’s an app that is not suitable for mobile devices. That’s a bit of a double standard.
And Flash is not a duplicate of the HTML5 stack. It had the functionality of HTML5 ten years ago, and HTML5 is the duplicate if anything. And compared to the current feature set of Flash it’s very limited, and the things it can do it does worse. Just check some benchmarks comparing Flash and HTML5 performance yourself.
And while Adobe in theory is in control of Flash, in practice that is not true. The swf format is open and you are free to implement your own Flash Player if you are not happy with Adobes offering.
Also, while the work on Adobes Flash Player is not done by a standards organization with a few companies in control, like with HTML5, they work with a lot of partners and developers.
It’s vital for them to listen to their partners, and the Flash Player is in practice a cooperative effort involving many parties.
While I like the idea of open standards in theory, looking at the development of HTML it’s clear that it’s not an efficient way to control development. It’s too slow and open to sabotage from parties with their own agenda.
“And while Adobe in theory is in control of Flash, in practice that is not true…”, I know that and I know that you know that Apple is not in control of h.264, but you still have no problem to claim it. Since this is a propaganda website and not really about fact, I’m just doing the same
and “Flash is NOW MOSTLY a duplicate of the html5 stack…” (emphasis added), when you read the full sentence, it means almost the same as what you said, please stop trying to attribute me opinion that I don’t have. I’ve put it this way because full html5 was FIRST on the mobile market, full Flash second (there was a crippled Flash mobile at some point). Apple made a decision when there was a crippled Flash on the mobile and a bad Flash on the (Mac) desktop, I don’t think it was a bad decision at the time and it looks like they want to stick with it to the death, time will tell…
What you call lies in your anti-Apple rants is just marketing talk and at least I have the honnesty to admit that BOTH side are doing EXACTLY the same. There is no good or evil, just money talk. Apple is defending their decision with truth, half-truth, used-to-be-true and some devious arguments. Adobe is trying to protect their business and control hover web development with the same. “You need Flash to experience the full web” is still a lie for now, see your OWN link: The guy had to manually edit the html to get full performance from Flash!
I never said that only Apple are in control of h.264, but nice attempt at a strawman.
Neither HTML5 or Flash are technologies aimed only at mobile devices, and there is no such thing as full HTML5 on any device. The specification is expected to become a recommendation 2022, and so far you only see partial implementations that does not extend much further in functionality than Flash Lite. Currently HTML5 is only used for video. Apart from that there is only some demos, and no serious games, animations or applications. Regardless of you using the words “now mostly” it’s simply a false idea that Flash duplicates HTML5.
It’s not business as usual to constantly lie to and deceive your customers, with the exception of Apple. It seems like they have a unique position in that many of their customers are interested in technical arguments without actually having a clue about the technology, and will take in whatever they say as truth.
Adobes claim is in no way false. Without Flash there is a lot of content that is not accessible. To say say that “you need Flash to experience the full web” does not mean that you can visit any website on any device with optimal performance regardless of what device you use for browsing. Nor that Flash will magically get rid of all bugs on all websites.
It’s just silly to go on about the the performance of fox.com and claim that it in any way would mean that Flash does not enable you to experience the full web. Their site is broken, and it’s like complaining that Safari limits your Internet experience when you try to visit a server which has crashed. That fox can’t code their website properly has nothing to do with Flash or Adobe.
The html5 specification should be complete in 2012. And canvas and local storage is already in use, not just video, wich is actually not well supported because of h.264 vs Mozilla.
And somehow, Apple customer have a very high satisfaction rate and are growing in number, maybe that’s Apple genius, to target clueless people
. In Anycase, it works.
I think the problem I have with including Flash in the “full web” is that I don’t think a private company should control the definition of what the “full web” is. Despite all your effort, Flash is only a published specification, not a standard, see what happened between Microsoft and Adobe over PDF a couple of years ago when PDF was not a standard! Adobe did it before, they could do it again if that serve them.
The “full web” should be open.
You are talking about Candidate Recommendation. WHATWG themselves estimate it becoming a W3C recommendation 2022 or later.
The point is that claiming that HTML5 was first on the mobile marke is incorrect. HTML5 is not ready, and infact is not able to do much more than Flash Lite has been able to for years. Neither video playback, graphics rendering or local storage are features which missing from Flash Lite.
I don’t think a single standards organisation should have complete control over the web. Open standards are great for stuff that does not need to develop in a rapid pace. HTML and pdf are good examples of technologies that can work well to develop as open standards since presenting text and images does not mean you have to constantly consider what technological breakthroughs to include in the standard.
When it comes to rendering graphics and video or developing complex games and applications, it’s many times very beneficial to be able to utilize the latest technologies. If standards would have been applicable for those kind of applications we would have seen much more of that kind of functionality in HTML long before WHATWG formed. HTML5 is way behind in features and performance compared to technologies like Flash and Silverlight, and it’s developing a lot slower.
For example Adobe recently added multitouch in the Flash Player. WHATWG are still discussing about including it into the HTML5 draft. That pace is just not good enough for an application platform today.
In the end a web where only technologies from a single standards organisation are allowed is far from open, regardless of if the standard they define is open. Open means that also different approaches to development are accepted, and developers as well as users can freely choose the technologies that they find provides the most benefits. That a single organisation makes those choices does not make it more open.
When companies or organisations try to restrict the freedom of developers and users in the way Apple are trying to, that is the opposite of promoting an open web.
“I don’t think a single standards organisation should have complete control over the web.”
We’ve been there, I think: http://en.wikipedia.org/wiki/Blink_tag
“In the end a web where only technologies from a single standards organisation are allowed is far from open…” And how closed is a system controlled by only 1 single company?
How is Adobe “controlling” anything?
Adobe can only offer their plugin, they can’t force anyone to do anything. If their plugin has become ubiquitous it is due to the quality of the product, which was good enough that thousands of different companies all decided that it was the best solution for them. This idea that they have control over anything is absolute nonsense.
Seriously Martin, I know that you seem to think you are impartial, or seeing the middle ground, but you’re still completely on the Apple KoolAid.
Adobe is not the one spewing out all kinda of ridiculous mis-information. Adobe is not the one trying to man-handle the entire industry… to really believe that the two companies are comparable, shows how really out to lunch you are.
For example, just think about what you’re trumpeting. You would like all browser capabilities be controlled by one large, slow moving, committee? With no input from smaller companies, or independent start-ups? No ability to respond to technology in anything less that 5 years? No ability for consumers to adopts technologies as they see fit, and allowing the marketplace to determine the cream of the crop?
Um, why do you want that again? Is this your idea you’ve always held… or did you start believing this sometime around the time Apple announced that HTML5 was the future?
Seriously man, think about it.
I started believing that around the time Microsoft was pushing for Active-X actually, they were even working on something called ‘Mactive-X’ for IE Mac, I still have a t-shirt somewhere
.
The “Web” is one application of the Internet, it is what happen over http and its main language is html and the related standards, it’s open and has quality open source implementations available. This still leaves a ‘few’ free ip port for innovation I think, why try to hijack the Web for your Flash/Active-X/Java Applet/SilverLight/etc?
With the current state of things, if Flash was to become the very dominant technology for WebApp, this would give Adobe an incredible control over everything. Want to create a new platform? You’ll have to beg Adobe to port their Flash player to it! Or you could write your own player from the (partially) published spec, the risk is that they published, but not open, Adobe could change their mind and screw you anytime.
By the same logic you are using, any software not developed with open standards is wrong. If your software is successful it gives you control, and it means that someone developing a new platform will beg you to port your software to their platform. Basically being successful is hijacking according to your definition, and the only way to stop that is pushing standards down peoples throats, regardless of if they want it or not.
Certainly I do see the point, and think open standards are great…in theory. Also I would like to live in a world without borders where everyone had as much food and money as they would need and everyone just got along. But let’s get back down to reality. If open standards would drive innovation at a sufficient rate we would not be having this discussion. I would be all over those standards and not have any interest in Flash. But for the web we have HTML, which is developing at an extremely slow pace, currently struggling to do what Flash did 10 years ago.
Your vision sounds like me like a communists wet dream, where competition is not allowed and there is one product that should satisfy all needs in a certain market.
In reality we have something called competition, which means that if you make a platform that is successful, and Adobe does not bother with making a player for your platform, then someone else will do it. As long as Adobe manages to get the reach they do over a multitude of platforms they can remain the dominant technology, and if they don’t, that position is up for grabs.
If WHATWG and W3C along with browser developers can get their act together and provide an application platform which can beat Flash when it comes to performance, features and reach, they will dominate, not Adobe. So far they failed to do that. It seems insane to suggest that they deserve to dominate even if they fail to provide a technology that is better, simply based on the fact that the development is controlled by a committee, basically consisting of three companies rather than one.
Also, you are mistaken about the status of both HTML5 and Flash. Adobe has lifted license restrictions on the swf format, and you are free to develop a player. You can not give something away without license and suddenly tell people that you changed your mind. Sure, they can make a new version for which they require a license, but that applies to HTML as well.
And in actuality there are licenses involved in HTML5. Not only for video and audio codecs, but the canvas as well. It should be covered by W3C’s royalty-free licensing terms when it becomes part of a W3C recommendation, which is estimated to happen 2022. But right now it’s Apple’s IP, and a lot could happen before 2022.
One can speculate about the likelihood of either Adobe using Flash or Apple using Canvas to serve their draconian plans to try to hijack the web, but I think neither is very likely. What is pretty much obvious is that Flash will help free us from proprietary video codecs. Google has made WebM open, but neither Apple or Microsoft plan to include the codec in their browsers, and instead they want to cling on to the proprietary h264 codec, for which they own IP rights.
Since HTML5 does not stipulate use of codecs, the standard is actually wide open to that kind of proprietary hijacking. Flash is as well, but they have announced that they will implement WebM support in the Flash player.
So in reality HTML5 can be seen to clearly enable hijacking of the web by browser developers, and while Adobe could try to do the same they are not doing it.
“Adobe has lifted license restrictions on the swf format, and you are free to develop a player. You can not give something away without license and suddenly tell people that you changed your mind.”
Yeah, just like for PDF? see what happen before PDF was ISO-32000:
http://techliberation.com/2006/06/02/adobe-vs-microsoft/
Apparently, they can change their mind!
“…Apple or Microsoft plan to include the codec in their browsers, and instead they want to cling on to the proprietary h264 codec, for which they own IP rights.”
They own IP rights to a superior technology and want to you it. I don’t think that’s bad for them or their customer.
http://x264dev.multimedia.cx/?p=377
That should have been: “They own IP rights to a superior technology and want to *use* it.”
But, technical merits aside, I agree with you about the video situation and licensing. Unfortunately, it’s not up to Apple nor Microsoft, h264 ip rights worth probably as much as a rounding error for those big companies and they don’t even try to exert any control on players or authoring tools. Smaller ip rights holders are to blame here.
H264 is not really a business for Apple or Microsoft. Flash is a business for Adobe. Follow the money.