The only other regular 'tiny content' thing I can think of is ZeroClipboard (which puts an invisible flash movie over a button so you can click 'copy') as Javascript clipboard actions still aren't broadly supported [2].
ZeroClipboard is used by Github and lots of other sites for the little buttons next to repo URLs, etc.
My favorite workaround to this is Trello, where the "keydown" event on CTRL selects some hidden text, so then if the user then hits C (still holding CTRL), the desired text is copied to the clipboard.
Some file uploaders have a tiny flash backup today - and some of the ones from just a few years ago where little more than a button image with a flash backend.
Because JavaScript doesn't give you the option of programmatically messing with the user's clipboard. The best you can do is present a selected string in a textbox for the user to press Ctrl+C
The irony is that while they recommend converting ads to html5 (or auto convert them with swiffy), the performance goes to shit as well, arguably even worse than flash would have been, at least on mobile.
I'm not surprised. As someone who has worked with it (and even written pieces of a simple Flash renderer), SWF was designed to be an extremely compact format and is far simpler to parse and render than the HTML + CSS + SVG + JS replacement that's being promoted.
In that respect, all the complaints about Flash and mobile battery life should be attributable to the mere presence of Flash content. The reason why disabling Flash improves battery life is because the content doesn't get rendered. If the same content were present and rendered with HTML5 it would require more computing power, because the overhead of parsing (several!) text-based formats and using a complex rendering model originally designed for static documents compared to a binary format and rendering model designed for interactive animations, simply cannot be eliminated. I suppose new standards for documents, vector images, and scripting could be designed (WebAssembly comes to mind), but at that point you'll just be reinventing Flash/SWF...
For that reason, disable JS and you will get improved battery life too:
The part about the file format is quite true but it's not the only thing to compare since there are so many features in either runtime and Flash has been used for so many different things. The most relevant example here was the way Adobe made only half-hearted attempts to optimize video playback, which is where I saw the battery life discussion really get started as more people noticed that playing H.264 video back in Flash took an entire CPU core and still dropped frames while playing the same file in <video> or the Windows/OS X media frameworks took less than 10% for perfect playback.
"For example, using Flash Player 10.2 with Stage Video hardware acceleration, we’ve tested a Mac Mini released two years ago and a low-powered GPU-enabled Windows netbook playing smooth full HD 1080p video using less than 8% of the CPU; more powerful computers use even less."
> the Flash Player plugin can render hardware accelerated video since v10.2 (released early 2011).
I'm aware of that but the quality of the actual implementations still varies widely. I've done the comparison periodically since that was released and their quoted figures have never reproduced on any Flash video player which is actually used on the web (YouTube, Vimeo, jwplayer and a few other open-source projects, the custom players used by various big media companies, etc.).
On OS X or Windows XP-8.1, on multiple devices, it's consistently been the same: Flash = fan on high, HTML5 = fans off. Flash's settings show hardware acceleration enabled but there's either a really restrictive hardware check quietly disabling it or absolutely nobody ever managed to ship a player using Stage Video, including the companies quoted in that press release.
Actually h.264 hardware acceleration was introduced in 10.1 mid 2010 and it had a public beta in the months before. It was Windows only with Adobe saying: "Mac OS X does not expose access to the required API" [1]. Apple opened up the hardware API while 10.1 was on the finish line [2] and so the Mac only got support in the next 10.2 release.
So another interpretation is: Apple was well aware that smooth video playback was coming to other platforms and Jobs piece (and opening up the acceleration API) was an reaction to that.
Swiffy has been getting massive improvements recently, so expect perf wins in this area.
That said, two of the biggest web browsers have not natively supported flash ads for years. So I'm puzzled that ads are still being produced in 2015 for a dying runtime.
Just out of curiosity - could there be issues other than just performance here? For ex., could it be that Flash based ads can identify user/device contributing to privacy issues?
Flash provides much more identifiable fingerprinting information (e.g. detailed information about your system fonts) and looser "Flash cookie" (Local Shared Objects) restrictions than JavaScript.
Did you read their conclusions? Javascript is most certainly a method for fingerprinting, regardless of Flash presence.
"Browser developers should also consider what they can do to reduce fngerprintability, particularly at the JavaScript API level."
"We identified only three groups of browser with comparatively good resistance to fngerprinting: those that block JavaScript, those that use TorButton, and certain types of smartphone."
Not having Flash doesn't mean you're immune to fingerprinting. That said, it would be nice if Adobe prevented system font lists via Flash.
That is true. Not having Flash does not mean you're immune to fingerprinting, but having Flash does mean more (a lot more) unique fingerprinting data is available to trackers.
I wonder if browsers' plugin sandboxes could block Flash from calling the OS API to enumerate system fonts.
The other ad networks likely won't be using Flash anymore either, which makes blocking ads more difficult - and that is a good thing to ad networks in general. Thus I won't say it's Google against others, and while it may seem so in the short term, in the long term Google and other ad networks benefit from it (while the users suffer...?)
TBH if a Flash crash or any other user space application crash causes a system crash it's an issue with the OS.
Steve Jobs at the time said that every time MacOS crashes it's more often than not Flash's fault, which wasn't really true and would only speak "wonders" of how well MacOS isolates user space applications...
On the security issues it's some what true because the nature of Flash, applications like these are almost impossible to sandbox properly unless you have an operating system that sandboxes everything by default.
Flash it self these days is pretty much code execution as a service it can do pretty much everything you want some browsers sandbox it better than others but it's still intended to pull code from the ether and run it and when you have a setup like that you will never be able to limit it effectively.
Flash can be phased out only because it's mostly used to play various forms of media, but any other use of it cannot be converted to HTML5.
If Javascript (as it's parsed and executed in browsers) will ever get to the point of being as flexible and powerfull as Flash is today you'll see browser based RCE vulnerabilities skyrocket also, JS is safe to use only because the browsers restrict it, Flash and AIR are intended to support everything from an animated ad to a full desktop application.
Just look at Node.JS (and many NoSQL DB's that used JS) in it's early years almost every (non-DOM based) cross-site scripting vulnerability in a Node.JS application could result in remote code execution on the server, even today you can still easily cause it if you don't handle the code properly one stupid eval in your node code which was there for lazy debugging can lead to your box getting owned in minutes.
They're not system crash but application crash, both are reported on MacOS X. So no, Flash didn't crash the OS, only apps like Safari, Firefox or Chrome. Isn't it enough ?
>They're not system crash but application crash, both are reported on MacOS X. So no, Flash didn't crash the OS, only apps like Safari, Firefox or Chrome. Isn't it enough ?
That wasn't what Apple (Steve Jobs) claimed... [1]"Whenever a Mac crashes more often than not it’s because of Flash. No one will be using Flash, the world is moving to HTML5."
Also Flash doesn't crash Chrome, doesn't crash FF for ages either. No clue about Safari the quote was debunked by everyone, even Apple backtracked on it to a more "we meant Safari in certain cases" type of statement. we can all move along.
I doubt it's worth picking over all that stuff Jobs said about Flash - it was FUD top to bottom. I mean, in his famous letter he flamed Flash for being closed even as iOS locked people into a single browser, flamed it for being nonstandard while Apple pushed out Safari-only web pages [1] and weird quicktime extensions, etc. He even called out Adobe for being late to adopt Cocoa even though core Apple apps hadn't migrated yet.
So, the language about crashes may have had more or less basis in reality, but it's not as if Jobs was concerned with nuance and details.
It also chews up resources like nobody's business. Note that Android has also scrapped Flash. I'm pretty sure that Steve Jobs can't be blamed for that. :-)
So, in general, swiffy appears to be a relatively heavyweight solution that
is not (yet?) optimized for mobile devices. Morever, there are 4 (yes 4!)
giant swiffy ads on the landing page of androidpolice.com, each of which
consumes more than half the viewport, all of which are dynamic.
Firefox provides the "media.autoplay.enabled" setting, which can be disabled. It's a very difficult setting to implement correctly, but it works most of the time. The larger trouble is that many websites, including YouTube, expect autoplay to work and act slightly wonky when it doesn't.
I visited a site that was linked here recently and they not only had an autoplaying video, there was no way to pause it or stop it. The only option was to mute the video, while it still played.
As I discovered while looking for targets of opportunity, the term of art is apparently "online video provider", or OVP (not "VPN" as I'd first written, thinking "video provider network".
Make yourself a script file called 'RenHosts.bat'[1] and place it somewhere convenient, I personally have mine pinned to the start menu. This allows you to "easily" turn your modified HOSTS file on/off.
You'll need to right click and run the script as Administrator since it is accessing your System32 folder.
I have done something similar using HTTP switchboard, but let's face it, this is a terrible approach. It's a dreadful waste of our valuable time, and there aren't enough of us competent to do this that it impacts advertisers. Rather than fight a constant rearguard action, I've just started avoiding domains that I know are likely to be full of cruft.
Among the reasons I'm posting hosts is to show how concentrated OVPs are. A small number of entries wipes out nearly all instances. Plus it puts pressure on providers.
If you can configure the DNS servers directly or via DHCP in the network settings of the device, then you can take control of how domains get resolved at that level.
In fact I've (unintentionally) bypassed site-blocking on some public networks, just because I configure my devices to use public DNS servers instead of whatever the DHCP provides.
Right. I felt very comfortable drawing a line between ad-blockers and just not providing viewers for goofy formats when I did not ask for the content. I already miss the days when flash-ads where the norm and flashblock was not only a way to get a somewhat clean surfing experience, but also an incentive for advertisers to do less intrusive ads.
I use chrome with all plugins disabled unless I right-click to run them, and the only one that I regularly have to enable is the PDF viewer. I find it a much more enjoyable (and faster) browser experience and have no need for an ad blocker because flash ads are the only ones that really annoy me. I think it's a great idea to disable non-essential flash by default.
Isn't part of the point here that flash ads are mostly going to migrate to HTML5 and then having click-to-run on flash won't be blocking hardly any ads?
Disabling all plugins by default is a much better experience, especially for ads with sound. You can also opt-out the PDF viewer out of the click-to-play by visiting chrome://plugins/ and always allowing.
I've been disabling by default for a few weeks, though many sites still use it, for example:
- Facebook (videos)
- Twitter (bizarrely uses it for gifs in Firefox)
- YouTube
- BBC news
- The Independent and most of UK press
- Basically any site with embedded video
- even github prompts because of that copy+paste feature
I have no interest in Flash games or adverts, so it's annoying that these big sites all still use Flash.
There are millions of flash games that my kids would not appreciate losing access to; YouTube still uses flash by default I think; iPlayer (BBC program player) and news websites still mainly [or exclusively] use flash.
I use flash blocker specifically for youtube, so that it doesn't start playing when I queue up a tab. When I get to the tab I enable flash for that player. Gonna be annoying when that doesn't work. Not that I don't want flash to disappear.
For Firefox users, YouTube is supposed to prefer HTML5 video if an H.264 platform decoder is available and then fall back to Flash. YouTube should be serving HTML5 video to OS X, Windows Vista+ (except for some variants without codecs like Windows Server 2008), and Linux (if ffmpeg is available).
I think when this came up a few months ago someone checked and found it was a bug -- it may have been fixed by now but I haven't checked recently since I don't have flash in ff anymore.
Just have her use Chrome for that. I don't have Flash installed, and I just copy and paste a URL into Chrome if some website's video player requires Flash with no HTML5 fallback.
Chrome beta, Windows 8.1. But I tried it again now and it seems to be working without Flash. No idea what was wrong then a month ago. Ah well ¯\_(ツ)_/¯
I've been developing WebGL content for the past 18 months and, so far, it hasn't crashed from any WebGL issues. And that's with my code which is pretty awful most of the time.
My home computer has been fine, but my work computer has a bunch of browser-crashing problems. I've raised bug reports, but unfortunately that means coordinating a bug report between between the website, the browser, the graphics drivers, and the graphics card manufacturer.
Unfortunately the abstraction layers aren't yet good enough that something stable on nvidia will be stable on ati :)
That's just means that it works with your video card(s), but it can still crash with other/older cards.
For example on the ShaderToy website ( https://www.shadertoy.com/browse ) I can always easily find examples that crashes WebGL in Chrome (and it's just slower or hangs in Firefox). Right on that first page there are shaders that makes WebGL crash on two different computers (one with an older NVIDIA card and one with just integrated so not the fastest ones). But it crashes only the WebGL part not the whole browser, so that's not so bad. Also it could be because Chrome sees WebGL code is running slow (due to slower cards and the complex shaders) and decides it's better to kill it, just like when there is an infinite loop in Flash or JavaScript the browsers shows a dialog to stop the code.
I've had WebGL crashes quite often on YouTube.
Allot of the WebGL demos are also either forcing a WebGL crash from time to time or just hang browsers due to performance.
You can say allot about Flash but atm it's performance and stability are better than WebGL in it's current state.
The problem with WebGL is that it pretty much inherited the mess of OpenGL every driver version on every GPU can implement different feature set of it (similar to the extension mess of OpenGL in Nvidia and ATI minidrivers at the time) which results in Browsers having to maintain blacklist/whitelists[1] for a very large array of hardware and software combinations (Chrome currently isn't maintaining a driver version based list other than a cut off date for certain drivers which also causes problems if you are running old hardware and the best drivers for it are considered out of date by Google).
WebGL it self is also not implemented in the same manner across different browsers Chrome and FF for example have quite a different blacklist/whitelist for WebGL, I don't know if this because of different in browser implementation or because of they are simply encountering different issues and adjusting accordingly.
The worse thing I've encountered so far is WebGL on switchable graphics (e.g. Nvidia Optimus) enabled laptops, some features might switch the GPU arbitrarily even mid execution which causes the whole thing to implode..
Whats worse is that WebGL can actually crash your graphics driver and if it's bad enough than Windows can't recover the kernel mode driver it's a complete kernel panic.
This doesn't happen often but if you want to do it you can do it sadly too easily, Chrome/FF chase known DOS cases with WebCL quite well but they really don't catch all of them and if that feature isn't blacklisted for your setup well you can crash a machine with a single pixel draw ;)
And the introduction of WebCL would probably lead to some of the nastiest RCE vulnerabilities you can imagine soon enough you are allowing people to execute general purpose code directly on the metal and interact with Kernel mode components.
There are already GPU rootkits out there soon enough they'll find an infection vector trough WebGL or WebCL and it will be a very unpleasant period.
I didn't say they use OpenGL, the WebGL implementation on Windows is trickey since there is no OpenGL mini driver so native support is implemented a bit differently it's only matters who does the translation (GPU driver, vs Browser).
Also are you sure they still use ANGLE by default? Both Chrome and FF had the ability to enable native support years ago using –use-gl=desktop for Chrome or webgl.prefer-native-gl for FF, 2-3 years ago that was the only way of getting any reasonable performance out of them..
But even with ANGLE, WebGL feature implementation is still not consistent across hardware and drivers (Graphic drivers treat DX like one would treat a 5 year old, they'll hear it and do what they want ;)) from even a single vendor yet alone across the 3 desktop and 3-4 mobile GPU vendors.
Only the 3rd properly applies to Chrome and Flash. Chrome didn't embrace an API they could extend; they shipped a plugin providing an ~ABI of a foreign/closed API then still had to make atomic decisions like this one.
I got plugins disabled by default in Chrome for ages now (right click run plugin when needed).
Before that on FF i had an add on that disabled autorun for flash also (very similar to how chrome does it with plugins gotta right click to load it).
But if Google does it only for none Google adnetworks that's going to be a huge lawsuit.
The article doesn't really clarify why would it work on Google own networks because they convert to HTML5 or because they will white list their own stuff.
TBH we could've gotten rid of Flash years ago, Google was actually a big supporter for Flash, it was very important for them at some point in time, Google Chat, Gmail Extensions, Google Wave, and most importantly getting high bit rate video on YouTube off the ground (DXVA, OpenGL support was critical for YouTube and every other streaming site out-there), and heck Google promoted Flash on Android until JB as their big gotcha over Apple..
But if Google does it only for none Google adnetworks that's going to be a huge lawsuit. The article doesn't really clarify why would it work on Google own networks because they convert to HTML5 or because they will white list their own stuff.
It's because their ad network converts stuff, at least that's the only way I can read these sentences:
Google said advertisers who are worried about having their ads switched off should consider converting their Flash artwork to HTML5. According to the cyber-goliath, "most Flash ads uploaded to [Google] AdWords are automatically converted to HTML5."
So, in other words, if you're not on Google's ad network, you're locked out of Chrome – unless you also switch to HTML5 artwork.
Is the conversion tool actually open source? The Swiffy Wikipedia page says "There is a server-side component (source currently not public) that converts SWF to an intermediate representation serialized as JSON.".
I've read it, but I've also read the "most" part in it so it wasn't clear what will they do with Flash adds that cannot be converted.
The opening subtitle can be also interpreted both ways, in fact most people would say that "If your ads aren't on web giant's network, they better be HTML5 – or they're dead to Chrome." means that Google will block Flash from every source but Google.
Well it's the chicken and the egg, you don't like Flash you block it, Google blocks it you have to deal with HTML5 now, it's the same thing as with Adblock...
People don't like ads they use adblockers, site revenues go down advertisers find new and even more invasive ways to display ads.
Wont be surprise if in a year or 2 how content will work is that all (actual) content on the site will be encrypted and encoded into and then decoded using JS and the only way to get the decryption key is to load and play trough the ad to the end. Heck with how cheap symmetric encryption is becoming on modern CPU's not to mention GPU's it won't cost that much to implement. The CDN runs the content, the CDN runs the ad's one doesn't fully load without the other...
If i was bored enough or evil enough i would write this myself but any evil exec's listening you are free to take this idea :)
Yeah, but it's just an arms race at this point. If I can decrypt the content by performing X, I can make by browser either simulate X or report to your servers that I did X.
That occurred to me, too. It certainly hurts any competing ad networks who don't have a Flash-to-HTML5 converter ready.
On the other hand, I think Chrome is the only major browser that ships with the ability to play Flash, so one could argue that it is just altering the benefit that Google has been providing to all Flash providers for years.
I hope that Google takes the next, bigger step and kills its YouTube Flash player. The HTML5 one is superior in almost every way and so many browsers now support HTML5[1]. It would be a really meaningful statement. This is just a bit 'meh'.
Not it isn't. The flash player is actually superior in almost every way. And like you, I won't provide any data to back that opinion up. I'll just use the word "almost" to give me some room in case someone jumps in with actual data.
What irritates me is that flash is required for google music. I really like google music over all the other radio services, plus I have some music in my lib, but I've resorted to just looking up albums on youtube. If it's an absolute must have for some technical reason, a desktop client would be nice as an alternative.
Thanks for this. I'm not sure why they wouldn't use a fallback mechanism instead of making this an explicit setting?
Edit: This is strange. I went to change the setting and it is greyed out and cannot be changed. This is in both chrome AND firefox. Both are up to date with most recent version, and my macbook was bought this year. Neither have adblockers enabled.
It is indeed strange, I have been using this option for some time. Works like a charm on 2015 mbps, as well as older ones.
There is maybe an issue with your specific model ? That might also explain why it is not a default yet.
> It is rather ironic half of their sites are going to break, unless they conveniently add an exception.
Those sites aren't going to break, even without adding any exceptions. There's no definition of "essential" that would exclude Flash content on Google Finance. As mentioned above, the exact heuristics they're using are:
"TLDR, essential content is either:
1) On the same domain as the page
2) Considered "Large" (at least 298 x 398, certain aspect ratio, minimum total area), with an exception for tiny content (likely transport plugins)."
And one would be wrong (at least in one's implication). There's enough sites on the Web still using Flash to deliver part of the core site that you don't need fevered conspiracy theories to explain why actual core site content wouldn't be clocked.
I tried html5 on youtube for a week while scaling is nice (the video size increases for window/resolution size), the quality is very poor the same video with same 480p in flash much clear. Though I don't like flash because it crashes many times it is the only way to watch clear 360p or 480p video. Also flash detects 480p as default for my 8 mb internet connection whereas HTML5 will choose 240p now and then. Also you tube menu (choose xxxP or annotation on/off) is inverted L for any thing with sub menus whereas flash is strait oneclick. The other the lightswitch plugin does not work properly with html5 . so I will flash stays as it is only way for me to watch good quality video.
The quality is because YouTube's HTML5 player defaults to Dynamic Adaptive Streaming over HTTP. If you manually change the quality setting to something other than Auto, you get better quality.
Taking Flash away is always a good new for privacy and security :)
Anyway, is not sufficient.
Why would google take a good but not sufficient approach?
IMO because of marketing issues: get some hackers and tech savvy people to evangelize that they are improving their privacy issues. I suppose google doesn't need flash/super cookies, "so lets take them out, we look good, and we still have the same entropy to get to know the user"
> "essential" Flash content (such as embedded video players) are allowed to automatically run, while non-essential Flash content, much of that being advertisements, will be automatically paused.
+1 for this. Another example would be live streaming. yy.com comes to my mind right now, it's fully flash and used by millions of users. gaming.youtube.com does Flash too on Firefox, not to mention all of the adult streaming sites.
Funny how everyone is asking for Flash to just disapear, if it had never been around we'd all be screaming for a plugin that makes all the above possible.
Well, WebRTC is indeed a way, but it's very far from a standard - Chrome and FF supporting it only - and has some issues. It's difficult to do multi-casting with it and eats up a ton of CPU resources. If it were scaleable and usable one of these multi-million dollar businesses would adopt it by now don't you think? I haven't seen anyone pick it up.
Yes, we need some additional standards to build upon it, but at least the decoders exist in Chrome, Firefox and Safari on all modern platforms.
If someone would add a small standard extension (like Microsoft originally suggested) to allow for one-way streams, we could do livestreaming over it, too.
Preferably even make it seamless – allow pointing a video element to a livestream source.
Can't we just decouple flash from the browser and sandbox it heavily to play these games? Most of these don't need interaction with the page that they are embedded on. Sure these sites have to shift their profile somewhat, they are already on a sinking ship though.
Perhaps it's because I don't play browser-based games (or any games, for that matter) but I disabled Flash months and months ago and I don't seem to recall ever "missing out" on anything or even having to temporarily re-enable it.
On Google's network, I presume, they can throw resources at screening for malevolent flash ads better. There's no chance of anti-trust issues there, it's an easy to argue case of consumer protection. Besides that, any court would recognize flash as a dying technology, and the context wouldn't be worth the waste of time. Anti-trust has a drastically higher bar than this.
https://chromium.googlesource.com/chromium/src.git/+/master/... (See constants)
and
https://chromium.googlesource.com/chromium/src.git/+/master/... (See ShouldThrottleContent)
TLDR, essential content is either:
1) On the same domain as the page
2) Considered "Large" (at least 298 x 398, certain aspect ratio, minimum total area), with an exception for tiny content (likely transport plugins).