![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
starseerdrgnI just want to start with this one little quote from an Ars Technica article about a 0day exploit regarding Adobe Flash:
While the number of in-the-wild attacks exploiting Flash zerodays has dropped significantly over the past year or two, the risk posed by the Adobe media player remains unacceptably high relative to the benefit it provides most users.
Now… With this mentioned, let me say that this war against Flash has been one of a bit of misinformation, especially toward NPAPI (Netscape Plugin API) and the like.
Yes, it's insecure. It can be secured, but instead, people gave up on it to focus on embedding everything into the browser itself using native HTML5 and Javascript.
This.Is.Worse.Than.Plug-ins!
I want you to stop and think for a moment: if a 0day exploit is found in something using NPAPI you can easily disable the plug-in, or make it so that you have to actively start it before it'll load the code. With embedded HTML5/JavaScript, you have absolutely no way to stop it natively, outside of disabling JavaScript. NoScript is vital at that point.
Those auto-play videos that annoy the shit out of you? Those modals that block out everything on the site? The bitcoin miners sometimes stealing power from your system? Those are all baked into the browser itself. The only way to fix that exploit it to update the browser.
Just.like.Flash.
But as they said in the quote: "relative to the benefit it provides most users".
What benefit does Flash provide that HTML5 doesn't? Well, true cross-platform support that's standardized across browsers and OSes, for starters. HTML5 Multimedia is iffy at best, with some browsers supporting some standards, and others supporting other standards.
WAAPI (Web Animations API) was supposed to be the answer to Flash animations, but support for it is so scattered by the web browser vendors that it's more of a pain in the ass to make for anything but what you personally use. Seriously, it's like SVG support, which is also so pitiful it's not funny.
HTML multimedia streams can potentially be laden with JavaScript, including bitcoin miners and the like, and tend to be very iffy across the various browsers. Flash isn't all that great, but at least the streaming is fairly consistent. Honestly, using media players for that purpose on the desktop was much more consistent, and didn't completely drag down low-end systems.
Flash is also very useful for things like online gaming. HTML5 does have this capability with JavaScript, but it's a shitshow on low-end systems, to the point that HTML5 gaming is a bit of a joke. You're honestly better off using Java, but that's for another rant.
In the end, Flash does have a lot of benefits, but the bias shown by "news sites" and "industry experts" buries any mention of these benefits in order to try and bury Flash as a relic of the past.
It's sad. It's really sad to see just how far the industry will go to be "legacy free" when big names like Google and Apple are behind the message. It's a massive lie through the omission of facts, and I wish the tech industry wasn't so horrible as to go this route.
