Update: Firefox pulled support for Flash, but has re-enabled it by default following the release of security patches. For more, see below.
On Tuesday, Mozilla and Google stopped Adobe Flash dead in its tracks.
In a decision that threatens legions of restaurant websites that inexplicably still feature the Web plugin, the makers of the Firefox and Chrome browsers ended support for all versions of it. The move follows the recent discovery of zero-day security bugs in Flash.
The aging platform was already known for crashes and glitchy performance, but the security weakness appeared to be the last straw.
See also: YouTube Fired Flash, Clearing HTML5’s Last Obstacle For World Domination
For Mozilla, the quick decision to pull the plug may be a positive sign for the browser maker. The open-source organization has been scrambling to get its mojo back in recent months, as usage for the once-popular Firefox browser fell behind rival Chrome.
When I caught up with Chris Beard, Mozilla’s CEO, at an event recently, he acknowledged that Mozilla had “lost its way.” But he was excited about numerous initiatives the group has up its sleeve.
Now, in its apparent bid to claw its way back to relevancy for today’s Web, Firefox joined the first wave to shed one of the most frustratingly flawed and ungainly vestiges of the past.
The Anti-Flash Mob
Adobe Flash has no shortage of haters on the Web, and some have even built browser extensions to block the animation and video plugin.
One of the most infamous enemies of Adobe Flash was Steve Jobs. Five years ago, the late Apple CEO and co-founder posted his infamous “Thoughts On Flash” missive explaining why iPhones and iPads wouldn’t support the technology. He didn’t call the platform a “toxic hellstew of vulnerabilities,” as his successor later described another technology, but that was pretty much his conclusion:
Symantec recently highlighted Flash for having one of the worst security records in 2009. We also know first hand that Flash is the number one reason Macs crash. We have been working with Adobe to fix these problems, but they have persisted for several years now.
Different year, same problems. The most recent: Italy’s Hacking Team discovered Flash security bugs, which—considering the plugin’s widespread support—make an overwhelming proportion of today’s Web vulnerable to attacks. (Update: The holes have been patched. More here and below.)
Given that Flash is a resource-hungry, buggy and largely mobile-unfriendly technology (especially if you have an iPhone), it’s baffling how the Adobe platform has hung on this long.
Then again, that hold has been tenuous. Flash is essentially a leftover no one bothered to Hoover up yet. While it still has a grip on online games, Flash usage overall has slipped in favor of HTML5, which now runs on virtually every major browser and powers much of the online world’s videos.
Although HTML5 isn’t perfect, even Adobe sees the opposing specification as the way forward—so much so that it backed off from its own technology.
So did YouTube, the massive Google-owned peddler of cat videos, Web shows and amateur uploads. Earlier this year, it fired Flash as its default player for videos. That Chrome would now cut ties too should surprise no one.
Flash has some surprising adherents. One example is Slack, the popular team communication tool, which uses Flash as a fallback client-server mechanism for older browsers that don’t support WebSockets—chiefly older versions of Internet Explorer. But there are newer frameworks that allow Web-app developers to avoid even that scenario.
Among those jumping into the anti-Flash mob was Facebook Chief Security Officer Alex Stamos, who called for Adobe to kill it off. Considering the social giant’s emphasis on shared video lately, that looked like another major sign of Flash’s looming demise. (Of course, before Stamos continues his tirade, he may want to observe the ways in which his company still uses Flash.)
https://twitter.com/alexstamos/status/620306643360706561
@alexstamos Fwiw, one of the reasons I haven't binned flash is the facebook album image uploader. I'd love that to be HTML5. 🙂
— Tim Dobson (@tdobson) July 13, 2015
https://twitter.com/cpeterso/status/620734639439613952https://twitter.com/cpeterso/status/620734639439613952
Unlike Facebook, however, Mozilla and Google took concrete steps to snuff it out.
For Mozilla, Flash Just Ain’t Foxy
It might seem natural for Google, as one of the largest technology companies in the world, to respond swiftly to security problems. Mozilla might be another matter. The browser maker, owned by a nonprofit foundation, has had plenty of other things on its mind, after all—like working on its own comeback.
But Mozilla jumped on the matter, and its speedy response seemed to carry an unspoken message: When something’s so bad that Firefox dropped everything to boot it, maybe it really does need to die off posthaste.
No argument there. But the move also happens to line up with what Mozilla has been up to—which is to fight its way back to relevance.
Mozilla’s deal last year with Yahoo to replace Google ironically made Microsoft Bing the default search engine. Its Firefox operating system spread out from phones to TVs, but those results have been far too mixed and vague to qualify as successful (not to mention remotely profitable). The reaction to its “sponsored tiles” experiment was more decisive—but not in a good way. Users abhorred the idea, prompting Mozilla to end it.
See also: Firefox Kicks Google To The Curb To Make Room For Yahoo
The organization also found itself playing executive musical chairs, putting Chris Beard in the seat vacated by then-CEO Brendan Eich after his much-publicized departure last year.
Beard and his group want to put those days behind them. Instead of fixating on the past, they’re keeping their eyes focused ahead with new Firefox efforts, like its multi-process Electrolysis project and its WebVR initiative for streaming virtual reality experiences.
I gave it a whirl a couple of weeks ago on an Oculus Rift (DK2), and it was impressive. The stream came in via Firefox without stutters, and my interactions worked smoothly.
That experience seems all the more relevant as we contemplate the death of Flash. It wouldn’t enable experiences like WebVR. If anything, Flash would hold it back.
As Mozilla aims to reinvigorate Firefox and pursue passion projects like WebVR, it seems like there’s no place in that future for a dusty plugin that can barely handle boring 2D video. Add in major security flaws, and there’s not much left to redeem the old Adobe tech.
This strike against Flash won’t be the last, so video creators, Web developers and others—ahem, Facebook—should take note.
Lead photo by Pikawil; Steve Jobs photo by Dan Farber
Update 7/15/2015: Once again, Mozilla has moved like lightning to respond to recent events. This time, however, it’s to reverse its latest decision.
According to the Firefox Twitter account, the browser has restored Adobe Flash following updates that resolved its latest security holes. The plugin is now enabled by default again.
Update: The latest version of #Flash, released yesterday, resolved the recent security risks & is once again enabled by default in Firefox.
— Firefox 🔥 (@firefox) July 15, 2015
We still don’t believe Flash makes sense in the context of the organization’s focus lately. It’s just not positioned well for the future (or even the present, for that matter). However, it seems clear that Firefox’s newfound responsiveness remains in full force to support the tools people use—whether they’re frustrating or not.
In other words, for those in the Occupy Flash camp, now might be a good time to hit up Web developers, your local restaurants and anyone else responsible for keeping that old plugin alive.