
Ruffle – An Adobe Flash Player Written in Rust Compiled to WebAssembly - conroy
https://github.com/ruffle-rs/ruffle
======
mgamache
I really hope this works, but I fear it will die a shumway death. One of the
issues is there are two complete run-times inside of Flash. AVM1 (for AS1/2)
and AVM2 (for AS3). AS1/2 is much easier to program and probably emulate. AS3
was much more advanced and was actually a pretty good language. Adobe should
release the source, but probably doesn't due to all the security holes that
probably are waiting to be found. Of course, that is speculation.

[[https://github.com/mozilla/shumway](https://github.com/mozilla/shumway)]
[[https://en.wikipedia.org/wiki/ActionScript](https://en.wikipedia.org/wiki/ActionScript)]

~~~
fenomas
> Adobe should release the source, but probably doesn't due to all the
> security holes that probably are waiting to be found. Of course, that is
> speculation.

The AS3 spec, compiler and runtime/VM are all open source, have been since at
least 2008 IIRC. Details are in the wikipedia page you linked, third
paragraph.

Aside: discussions of Flash or its legacy have an unfortunate tendency to get
derailed by FUD, so it would perhaps be useful to avoid speculation like this
where possible.

~~~
mgamache
The AS3 VM is helpful, but only part of the player. The fact remains there is
no player source to use as a guide for porting to other languages. It’s
similar to the .net scenario. MS releases .net core open source, but didn’t
release the GUI parts (until recently).

~~~
fenomas
I don't think anyone at Adobe is against open-sourcing the whole player; the
problem would be _relicensing_ it. It's a massive, hugely complex project,
with lots of chunks that were licensed or written by other parties. And the
codebase was probably 10-12 years old before anyone even considered the idea
of opening anything...

I definitely agree it'd be hugely useful, and wish it would happen, but I kind
of doubt we'll ever see it.

~~~
mgamache
Right. I focused on the security, but it's a legacy code base with legal
entanglements. Also created in another era.

------
vr46
One point about this project and others like it is that we really ought to not
lose all the content created over more than a decade of Flash development.
From Orisinal to Yugop, that work shaped the Internet and web today and should
be preserved.

~~~
milchek
I spent several years working primarily with Flash. I started originally with
Director and Lingo, then moved to Flash and ActionScript. I built games,
microsites, campaigns, competitions, a whole bunch of annoying Facebook apps,
you name it. This was back in the day when I was whoring myself out to ad
agencies as a freelancer and mostly working on brand/campaign stuff.

Looking back on it, I have nothing I can show for it, really, besides some
screenshots here and there. Pretty much all of the sites and projects are
gone. It's a bit of a shame. This industry changes and moves forward at a
lightning pace.

Some of the other people from my uni went into motion graphics and they can at
least use examples of ads or animations from over a decade ago in their
showreels. We can't really do that as web developers because of the dynamic
nature of the medium.

~~~
giancarlostoro
You can always take screenshots and document things yourself. Portfolios are
usually pictures of your work and descriptions not a full blown browser
executable.

------
todd3834
This is pretty great! I remember building stuff with Flash back when it was
still owned by Macromedia. There is a solid level of nostalgia for me there. I
know one of the major concerns became security with enabling the Flash player.
I assume with WebAssembly as the compile target we don’t really have to worry
about it as much? Does anyone know if we are going to start seeing things like
memory leaks and buffer overflows with web assembly or is that not a thing? I
know Rust does a lot to resolve memory issues but I’m wondering about the
other languages that compile to web assembly.

Anyways, nice work!

~~~
thristian
One of the big problems with things like Flash and Java on the web was that
they were separate codebases from the browser, but (often) ran inside the
browser's memory space, which was kind of a worst-of-both-worlds situation:
multiple VMs each with their own individual vulnerabilities, but compromising
any one would give you access to all of them.

WebAssembly is different because it's built around the high-performance
JavaScript VMs that have been developed over the past decade or so. When a
browser-maker fixes a security hole in their VM, it's fixed for JavaScript and
WebAssembly at the same time, because they're built on the same foundation.

So no, you don't have to worry about security as much with WebAssembly - not
because of any magical security properties WebAssembly has, but because even
though the WebAssembly API is new, the security environment has seen decades
of hardening.

------
justinclift
Hopefully it can be made to work with Realm of the Mad God, a popular game
from years back:

[https://www.realmofthemadgod.com](https://www.realmofthemadgod.com) :)

~~~
Wowfunhappy
If you download the swf file (for me, the link was
[https://www.realmofthemadgod.com/AssembleeGameClient15656887...](https://www.realmofthemadgod.com/AssembleeGameClient1565688747.swf)),
this seems to run fine in the standalone "Flash Player Projector", a great
little utility buried in Adobe's website that that let's you load swf files
outside of a web browser.
[https://www.adobe.com/support/flashplayer/debug_downloads.ht...](https://www.adobe.com/support/flashplayer/debug_downloads.html)

I didn't bother creating an account, but the game opened fine and everything.

~~~
JetSpiegel
This on AUR:

[https://aur.archlinux.org/packages/realmofthemadgod/](https://aur.archlinux.org/packages/realmofthemadgod/)

------
tomjuggler
This is petty cool, is there anything similar for Java applets, remember
those?

~~~
yuri91
There is Cheerpj[0].

You can compile any JAR into js, and there is even a Chrome extension to
conveniently run Applets found in the wild[1].

[0]
[https://www.leaningtech.com/cheerpj/](https://www.leaningtech.com/cheerpj/)

[1] [https://chrome.google.com/webstore/detail/cheerpj-applet-
run...](https://chrome.google.com/webstore/detail/cheerpj-applet-
runner/bbmolahhldcbngedljfadjlognfaaein?hl=en)

------
snek
I really hope that the web archive can put this to good use, similar to how
they emulate MS-DOS games in browser.

------
bobajeff
This is really cool. Just imagining all the work involved and the developers
seem very knowledgeable and optimistic about it. I think it'd be cool glean
some insight from them about runtimes and standards.

I wish them the best of luck on their path to full compatibility with Adobe
flash.

------
enturn
I've read that OpenFL supports some features of swf assets.

------
pjmlp
It is finally happening! Nice to know about it.

------
tgtweak
I'm sort of at a loss to this.. flash was disliked because of three things,
for the most part:

• Capability of ActionScript (which can harbor malware) along with potential
vulnerabilities in the interpreter itself.

• Memory and CPU usage

• Proprietary

Does this rust variant even address all of these? Are we hoping to shim flash
support into wasm-supported browsers? What good would this bring, specifically
in regards to native flash's shortcomings?

Not trashing the project, cause it's actually really cool, just curious why.

~~~
pjmlp
Outside the HN bubble, in the designers and game development community, Flash
was loved.

* Powerful graphical tooling, where HTML/CSS are still catching up to

* Guarantee to actually have hardware acceleration, instead of CSS z-index tricks hoping for the best

* It was the first to support game engines on the Web, like Unreal

Unknown to many, Flash apps actually do exist on mobile, because Flash also
AOT compiles to native code.

~~~
MrEldritch
It was also hugely loved among amateur artists and animators, which led to the
creation of most of the vast array of creative works I enjoyed as a kid.

I don't think I've ever quite gotten over my resentment at the tech community
for killing Flash in the name of "security".

~~~
andai
Steve Jobs killing it the name of ecosystem lockdown, you mean? He killed the
greater part of my childhood along with it.

~~~
checktheorder
As someone who dealt professionally with security issues from about 2000
onwards, many involving Flash 0-days, I have about as much fond remembrance of
Flash as I do for polio or smallpox. I regard it as an infectious scourge that
humanity has finally largely eradicated, and we're healthier for it.

~~~
josefx
As someone who used browsers in 2000 I have the same fond remembrance of
JavaScript. Yet for some reason it still spreads like aids instead of
following flash on its way out.

~~~
checktheorder
Apples to oranges. Javascript is an open-standard language, not a closed black
box runtime like Flash.

~~~
pjmlp
Ah, so now it is ok to have possible exploits or pages that are just a big
canvas, 'cause open standards. /s

