The "proprietary" tiny bit of the player, which is a fraction of the whole Flash ecosystem mostly open source, is precisely what made it a success and what made JS a failure. JS implementation is left to the browser, and you can be sure they will use that last word to screw each other, block each other, and make sure the browser never compete with their app store. We have seen it over and over, bugs marked by Apple "no to be fixed" by executive order to refrain Facebook from building its HTML5 game platform codename "spartan"; H264 yanked by Google to block Apple and MS. Safari on iOS 7 called by HTML5 expert "the buggiest mobile Safari ever".
Meanwhile Adobe keep adding features and move forward with no block, no endless discussions and no matter the constant complaining from the developers community never happy with what we got, the player and AIR are still half to full decade ahead of any <whatever>.JS technology with decent browser penetration. It is because of the proprietary piece of the Flash player that the same hypocrite browser vendors cannot mess with it, and Apple had to ban it entirely to avoid having the Flash Platform take over its AppStore with Flash 9, AS3, Flex and AIR. Good news is, that ban exposed Apple much more than merely messing with JS implementation, and I believe there is an antitrust class action lawsuit that can be pushed by the Flash developer community. If I successfully lead this to court, the discovery process might expose the whole nasty Silicon Valley browser war. As far as security is concerned, my guess is that it is all a question of popularity, when every page on the web will contain HTML5 ads with JS pushed to the limit as replacement for Flash, you will see JS security risk rise to the sky. It already started, most security reports warn of the HTML5 security risk. On Tue, Feb 17, 2015 at 3:49 PM, <f...@dfguy.us> wrote: > That's probably true but what I'm wondering though is does this actually help > right? So if Mozilla is then maintaining the code then it's dependent on them > to fix any security flaws in terms of their own release cycle for fixes. Plus > the ability of the implementation is again dependent on whatever capabilities > exist in the browser as the runtime like you mentioned. > > So what is occurring to me is that most likely media like that outlet just > don't like the idea of a "proprietary" runtime that's supported and > maintained by a company in general, so it's sort of cool to promote an > implementation by another company that's not deemed to be as proprietary like > Mozilla. It's sort of an ideological argument I think that's really at the > root of all this stuff. I think there have been a bunch of swf players out > there for years right? But if this could allow all of that content to be > played on iPads or etc then I'm sure it would help out. > > No one seems to care about all the other proprietary runtimes out there, or > Apple's closed environment, or Android or anything else being closed in > varying forms, or that whole Mozilla DRM plugin or etc. > > David > > > > -----Original Message----- > From: Tom Chiverton <t...@extravision.com> > To: dev@flex.apache.org > Sent: Tue, 17 Feb 2015 9:23 AM > Subject: Re: "The Player", a case for an independent Flash Player > > I think The Register's angle is the Adobe implementation of the Flash > runtime is bad and full of security issues. > > In theory Shumay runs in the JavaScript sandbox, so inherits all the > protections and 'many eyes' of previous work on securing it. > When was the last time there was a off-by-one arbitrary code execution > issue in a major JavaScript implementation ? > > Tom
