adobe is murdering flash, so what now?

[Brian151]

it sounds like at this point, there's no longer any point to send-out the letter. adobe has made it clear they intend not only to drop support but silence the plugin completely on jan 12th, without any concern for the negative impacts on developers or end-users of flash. just a merciless wholesale slaughter of content. but they tout it as "well, since we're ending support, it's to keep you safe".

flashpoint won't be able to save everything, either. most of the online (as in multiplayer, or server-bound) games probably will die, save for a few that either are ...porting.... or getting their own launchers.

so, what is the plan carrying forward?

[yosun]

Why not just write a custom browser?

[jeffythedragonslayer]

Custom browser might be overkill, we might be able to get away with flash-friendly forks of other browsers.

…

On Mon, Jan 4, 2021, 5:15 PM yosun ***@***.***> wrote: Why not just write a custom browser? — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#138 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ADFDUGQUUBEWX4TIPTM2ZKTSYI4YDANCNFSM4VTVNXAA> .

[Brian151]

honestly, if i had the time, skills, or patience, i'd be doing custom browser or fork...
and not just for flash player support
modern browsers, even pale moon that i use, do some things that are invasive/annoying in the name of "security".
i'd disable/weaken a decent chunk of that as well as test my own ideas, i'm not 5 years old and would like to be treated like a 'responsible adult' when using the computer... >.<

anyways, flash-friendly isn't the only hurdle... we need to crack or re-build the player from scratch, now... or well, run fairly old versions...

[jeffythedragonslayer]

Ultimately, if you want to play the long game, I think automated theorem proving is going to set people's minds at ease about cybersecurity. Maybe goal statements like "if the compiler correctly implements the C standard, this function does not invoke undefined behavior." There is ongoing work to enumerate all the UB in C++ (there is a lot,) but I hear those proving tools are very difficult to use. I recall reading somewhere (mid 2000s) someone write that the point of flash is to make a sandbox so that sketchy games can't scribble over your hard disk. Shame how things are going if that was a design goal of flash. If we can't easily harden the code, only having binaries, I wonder if sticking it in another container is a good compromise in the meantime.

…

On Mon, Jan 4, 2021, 10:12 PM Brian ***@***.***> wrote: honestly, if i had the time, skills, or patience, i'd be doing custom browser or fork... and not just for flash player support modern browsers, even pale moon that i use, do some things that are invasive/annoying in the name of "security". i'd disable/weaken a decent chunk of that as well as test my own ideas, i'm not 5 years old and would like to be treated like a 'responsible adult' when using the computer... >.< anyways, flash-friendly isn't the only hurdle... we need to crack or re-build the player from scratch, now... or well, run fairly old versions... — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#138 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ADFDUGSJMCA6Z3F3RFVAJH3SYJ7R3ANCNFSM4VTVNXAA> .

[yosun]

Yes, that's what I mean - there are many open source browsers out there that I believe support Flash (still)? On Mon, Jan 4, 2021 at 2:43 PM Jeff Linahan <notifications@github.com> wrote:

…

Custom browser might be overkill, we might be able to get away with flash-friendly forks of other browsers. On Mon, Jan 4, 2021, 5:15 PM yosun ***@***.***> wrote: > Why not just write a custom browser? > > — > You are receiving this because you are subscribed to this thread. > Reply to this email directly, view it on GitHub > < #138 (comment) >, > or unsubscribe > < https://github.com/notifications/unsubscribe-auth/ADFDUGQUUBEWX4TIPTM2ZKTSYI4YDANCNFSM4VTVNXAA > > . > — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#138 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAG57PU6TBUP2J75XAMGSATSYJACXANCNFSM4VTVNXAA> .

-- Yosun Chang, Founder and CTO DrawmaticAR is the SIGGRAPH Real-Time Live Winner 2020! Phone: (415) 779 6786 WWW: AReality3D.com Twitter: @yosun

[Brian151]

jeff (github doesn't seem to function properly in PM anymore, sadly):
cyber-security i think will always be a cat-mouse game, at least for the foreseeable future. even supposedly "secure" practices have been found to be anything but flawless. in fact, MANY are horribly flawed and just fall flat on their face within at most, a few years' time...

C++ is reaching a point where it needs to go. and not to be replaced with something like JS... we need to re-think everything about our languages, and once and for all resolve these stupid disagreements about endian-ness and the format of a string. (among others) still got plenty of legacy code/data to support, but solving these inconsistencies would be great for both future-proofing data and securing it.

resolving unidentified behavior tbh really sounds like a pipe dream and on-par with the infamous halting problem. scripted languages honestly probably handle this better since they can raise exceptions no matter how you miss-use them. native code operates at the machine level, so no matter how a compiler generates it, it'd be very easy to break it. unless ofc you add a million more abstractions, maybe... even then, i just don't buy this. also, C std isn't the only problem here. you resolve the issues, there, but then what about the project/company-specific code not part of the standard? we need to fix our bad coding habits...

sandboxing honestly isn't really an awful idea... besides security, lots of valid reasons to use it. properly designed virtual machines definitely have a security edge, though...

yosun:
i honestly don't know how many there are. pale moon is the only that immediately comes to mind. it is intentionally designed to allow not only flash, but plugins in general to work. even unity3D in 32-bit builds (though my observations are unity itself is just broken...)

i honestly don't explore alternative browsers. there are like a million different things to keep track of, and it's tiring to even TRY... so much time/energy for me would be wasted trying to do in-depth research on this. i have enough issues like that trying to DEVELOP, and things keep changing. for example, i now can't submit games to kongregate.

i do know a lot of browsers now are ports of chrome/chromimum and firefox... neither of those two are flash-friendly... (chrome in fact is known for deleting the .SOL files that game save data (and advert tracking cookies) are written to) not saying they don't exist, i just don't know which ones do.

either way, problem is now flash player is itself programmed to self-destruct or auto-shutdown. or so adobe says... there's also some involvement by microsoft, possibly just with pre-installed player on edge/IE? fact is, though, OS can just flat-out ban/delete/disable anything it wants. the plan for many was always to just run flash-friendly browsers and/or keep using the player... but the player is specifically slated to die... >.<