"Personally, I kind of like Flash. It gives me a single kill switch for 90% of the useless blinking crap and popups on the internet. Flash is a really appropriate name for exactly what I don't want to see on a web page. I hope it remains the platform of choice for those who develop such things." - Marsh Ray
I'll keep using that quote till I die... On Sun, Dec 19, 2010 at 9:32 PM, Marsh Ray <[email protected]> wrote: > On 12/18/2010 05:30 PM, Victor Rigo wrote: > > Let's see, flash is: > > > > - Cross-platform > > - Cross-architecture > > - Has it's own programming language > > - Is embedded on websites > > - Access to javascript to popup, local caches, etc. > > Not on my machine? > > > It's not ineptness, it's what you get when you right software that can > > actually do stuff. > > Adobe comes from a time when you could write PC software without caring > about security. Yeah, it was a heck of a lot easier to write just about > anything back then because it was well and proper that anything could do > anything. > > Nowdays, the first questions after "hey our software could do this" must > be "but should it do that? What else could someone leverage that new > capability to do? How does it combine with every other feature in our > app or even on the whole platform? What if somebody does it repeatedly > in a tight loop? With pathological inputs?" and so on. These questions > take a long time to answer. > > So if a vendor is known for "letting app developers do more stuff" and > not also known for "letting users control what stuff gets done on their > own machines" then they are laggards, not leaders, in my view. > > > If Java applets were still the hip thing, you'd see the same thing about > > that. > > There's undoubtedly some truth to that. But at the same time, it doesn't > seem like a useful line of reasoning: > > * It's still not an argument for using Flash. > > * That Java plugins have had chronic security bugs doesn't mean that > Flash doesn't suck too. > > * You seem to imply that you don't think that Adobe is likely to secure > Flash any time soon. You're not saying "Adobe will secure Flash in the > next patch and then it will be great." But you listed all the great > stuff it does, so I have to think you would have said something like > that if you believed it. You may be making Flash look worse than it is. > > * It's basically an "appeal to futility" argument: no one could make a > development platform and browser plugin that is significantly more > secure (or does a better job of managing the security vs. "doing stuff" > trade off) so therefore we should accept the status quo. That's why it's > not useful: it gives no guidance on directions in which to improve. > > Personally, I kind of like Flash. It gives me a single kill switch for > 90% of the useless blinking crap and popups on the internet. Flash is a > really appropriate name for exactly what I don't want to see on a web > page. I hope it remains the platform of choice for those who develop > such things. > > - Marsh > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
