Adobe Flash Player played a pivotal role in the adoption of video, gaming and animation on the Web. Today, sites typically use technologies like HTML5, giving you improved security, reduced power consumption and faster page load times. Going forward, Chrome will de-emphasize Flash in favor of HTML5. Here’s what that means for you.
Today, more than 90% of Flash on the web loads behind the scenes to support things like page analytics. This kind of Flash slows you down, and starting this September, Chrome 53 will begin to block it. HTML5 is much lighter and faster, and publishers are switching over to speed up page loading and save you more battery life. You’ll see an improvement in responsiveness and efficiency for many sites.
Finally.
Oh that’s rich. You heard it here folks, google to block page analytics working behind the scenes – it slows you down.
They didn’t need an excuse to remove flash, but since this is the reason they provided, then how about they finish the job and discourage the practice of using 3rd party tracking code altogether, including their own. Not only will it improve performance, save bandwidth & battery, but also because 3rd party code execution is a terrible security practice.
Edited 2016-08-11 00:53 UTC
Lately I have had a lot more trouble with javascript snippets trying to watch all I am doing and preventing a proper load of basic elements of html pages than anything else.
As you said, we really should ask Google to tackle it too.
Yep, it’s just going to move to being Javascript more than Flash. That movement’s been underway for a while anyway. Malware writers have already caught on too, using Javascript exploits in browsers for the most part. One monster dies, and a new one grows up. In about 15 more years, if we don’t press the “big red button” by then of course, it’ll be Javascript that is dying and something else growing up. I think the problem is the analytics and advertising industry, not the technology used by said industry. It’s the fact that this industry is allowed to exist at all.
Google & the article are talking about Flash based analytics, and you’ve just dropped the “Flash” portion and then lumped in Javascript analytics along with it. Is there anything else you want to add to that strawman while you’re building it?
By the way why are analytics evil? Analytics don’t get into the page by accident; they get there because the site maintainer wants the data, and they want the data because it is useful. People talk about analytics as though Google are hacking into web servers to inject their own code into every page and then keeping the data for themselves.
Vanders,
That’s why I have no problem with first-party analytics whatsoever, it can be implemented without additional client resources (ram/battery/cpu/bandwidth) and while adhering to the principal of lease privilege.
https://en.wikipedia.org/wiki/Principle_of_least_privilege
The same obviously can’t be said of programs like google analytics, which openly encourage web developers to violate that principal. There are more efficient & more accurate & less invasive ways to generate analytics for legitimate use, it’s just not in google’s interests to promote them.
Edited 2016-08-11 14:27 UTC
“Flash is bad” and “Some analytics use Flash” does not automatically mean that “All analytics are bad”.
Only analytics that use Flash are bad, and only because they use Flash.
Edited 2016-08-11 14:48 UTC
Vanders,
This is…very weak.
How? Analytics are not bad in and of themselves. Google’s statement about analytics are clearly in the context of people using Flash for analytics, and not analytics in general.
And I’m not disagreeing with you about the intended context, but that doesn’t make it any less hypocritical of google. Say the US gov. came out criticizing China for a program to intercept hardware and install backdoors for spying. I might agree with every single argument the US makes against China, but that doesn’t mean the US isn’t being hypocritical and it doesn’t make sense to automatically invalidate an argument just because the context is no longer China.
You’ve got to admit, given the blatant overlap with what google does, it was probably ill advised to cite the negatives of background user analytics as the key reasons for disabling flash. They could simply say that “proprietary plugins have no place on the modern web” (and elaborate on that). Then everyone including myself would have been totally content. Maybe we can all pretend that’s what happened, agreed?
Edited 2016-08-11 22:11 UTC
But that didn’t go over so well with the HTML5 video tag. And as experience over this past 8 year election cycle has shown, people it seems are willing to accept a lot of hypocrisy as long as their own toys remain untouched.
kwan_e,
Damn it, what are you doing here?! The olive branch isn’t supposed to catch on fire. Haha
Perhaps this is about making Chrome incompatible with googles competitors.
http://daringfireball.net/linked/2016/08/09/chrome-flash
“great minds think…..” nope, that’s not it.
“this explains every….” nope, makes no sense either.
“even a broken clock is correct…” aaargh, I just can’t make sense of Thom and John having the exact same thought.
Has anyone ever seen Thom and John together in the same room at the same time? (and were Superman and Clark Kent there?)
Finally, I found it.
“Insert random comment”…that is what happened!
Actually chrome was part of the problem of extending the lifespan of flash by bundling it in the browser. With other browsers it was as easy as not installing flash and the problem has been solved for years.
Bundling Flash with Chrome, and meddling with it’s rendering pipeline, and creating yet another plugin API for the small Flash team to support, was absolutely not helpful to the developers of Flash. The opposite really. Bundling it, and the compromises that came with that, was probably in part the reason Adobe ultimately gave up on Flash, which is the real reason it has seen such rapid decline.
The simpler easier good (HTML5) vs evil (Flash) narrative will probably win out over what really happened with Flash – a great technology in it’s time (it was popular during IE6’s dominance, remember that? how quickly they forget), abandoned by its steward at the peek, because after failing to find enthusiastic partners to help them support it (except poor RIM) they ultimately didn’t want to be in the platform business anymore.
Google advocates the death of Flash, even while quite a few YouTube videos still won’t play in HTML5 and insist on using Flash or the YouTube app. Rather pathetic, honestly.
They have to start somewhere.
Yes, and the proper place to start is to eat their own dog food. They can preach about the death of Flash once they have actually gotten rid of it on their end. Otherwise it’s just more hypocrisy, not that hypocrisy is anything new for Google.
I really hope we can get rid of Java as a browser plugin as well. Java on the server is fine, JavaScript … well we are stuck with that, but Java-Clients should disappear.
(Apple Quicktime has luckily killed itself by now and Adobe Reader is also more and more replaced with smaller/lighter/more secure alternatives)
https://heimdalsecurity.com/blog/slow_software_vulnerability_patchin…
avgalen,
Java was far more niche than flash and if I remember correctly hasn’t been bundled since windows 98. The only people who have a “java client problem” are those who manually install it because they have specialized devices that require it, like firewalls, vpns, remote access devices, facilities management software, etc – ie those in IT. I really wish everything could be standard HTML5 too, but there are two major obstacles:
1. They mostly predated HTML5, which only became viable and well supported fairly recently. The installed base of hardware is not likely to get updated and if you tell these people they can’t have java clients, they will migrate to browsers like IE because they have no choice.
2. HTML5 still lacks features that java can offer like vpn, remote disk mounting, and even ordinary UDP/TCP sockets. These are extremely useful features for those who need them and they are impossible with (today’s) HTML5 without another way to get the missing functionality.
The socket limitation has eliminated HTML5 as a viable option in some of my own projects. Instead of supporting standard sockets, they built a new kind of websocket that’s more complex and incompatible with every standard protocol in existence. I wish HTML5’s developers would just support plain sockets and prompt the user whether to allow it, like they do with the camera and microphone interfaces. I just hate that it’s not possible for HTML5 to connect to existing protocols. Expecting everyone to switch to websockets is not reasonable at all. What’s done is done, but ultimately, unless they fix it, it gives legitimate reasons for choosing java over HTML5.
Edited 2016-08-12 14:09 UTC
Please replace everything you are saying here about Java with ActiveX or Silverlight and you will see that Java-on-the-web needs to die as well.
Hardly anything is more common than Flash, but Java is certainly not niche even now. Intel, Dell and NVidia are currently using it for their “online driver detection tooling” so it is included with lots of OEM pc’s by default and installed “just in case somebody might need it” by basically every IT Department I have ever spoken with.
Just like HTML5 doesn’t do everything that Flash can, we, as developers, just shouldn’t bother users with requiring Flash/Java when it has proven to be so insecure. “Is that why we can’t have nice things? Yes, Yes it is”
(I am not saying that anything that isn’t perfect shouldn’t be used, but the 4 techniques I have mentioned are basically all the active attackvectors online. Well, and social engineering but I have no idea how to defend against that)
avgalen,
To be honest, it really bugs me that there are things that standards compliant HTML5 web apps can not directly support without creating new protocols around web sockets. Things like Bittorrent/standard SIP based VOIP/rsync/ssh/snmp/etc…not to mention countless custom application protocols in use everywhere.
HTML5 is powerful enough to run quake in the browser, which is fantastic. But it can’t connect to a quakeworld server without a plugin or external application to provide that functionality, which is pathetic. If this got resolved I would be far more eager to endorse HTML5.
(As a developer I’m not that much of a fan of javascript either, but for better or worse it’s what we have and it’s not responsible for these obstacles).
There are two things that separate Java from Flash.
1. Java is usually blocked by default, and raises red flags for most folks. At the very least, this helps them to think about what they are doing.
2. Unlike flash, many desktop applications (well, more of them) actually use it. It has a life outside the browser.
On top of that, when I worked in an IT department for first the DOI and later a university, we did install Java, because lots of programs need it. Same thing with the 2010, 2013, and 2015 Visual C++ redistributable. It’s not ‘just in case’, it’s ‘many things actually use this’.
The problem with pre-installing Java is mostly for consumers. IT departments can, if they’re competent, deploy Java and the necessary updates. The home users though, see the Java update notifications and one of two things happen:
1. They ignore it, resulting in an outdated and thus insecure installation of Java and, as a result, an insecure system.
2. They click update and, because they weren’t watching what they were doing, get slammed with ask.com or whatever the hell Oracle is bundling these days, resulting in an insecure system.
So basically, if you’re a home user and don’t know exactly what to do, you get screwed by Java either way.
As someone pained by the loss of Flash (as a content developer, it was WAY easier and faster to produce complete functional – and SLICK – experiences with Flash than HTML5) I can say that there comes a point at which the older way to do things falls far enough behind, that it stops making sense to cling to some old implementation, and starts to make sense to use something new. Even WordPress did this recently by changing over to a node/MEAN stack on their main commercial product (Calypso). If your infrastructure is old enough to not support web sockets, it’s probably in this category. The modern tools are generally so much better (leading to vastly superior workflows and productivity), that it’s worth spending the time to learn the new stuff. That’s what I found at least on the client side (which admittedly does have a faster tech churn cycle of 5 years, compared with a general 10-15 years for server tech).
Agreed about Java, for sure. It’s more of a pain than Flash is, however it’s not quite as common these days. Mobile devices will kill Java and Flash both in the end anyway.
Adobe Reader is a bit different. Much as I hate that thing, it’s still the only software that can display a lot of these wacky PDFs I end up having to deal with–the ones with forms and other structures. It’s a pain, for sure.
Despite its death, ponder if the only platform where flash is supported is a Windows one, whether desktop or mobile.