
Firefox makes click-to-activate Flash the default - cft
https://support.mozilla.org/en-US/kb/add-ons-cause-issues-are-on-blocklist
======
marksc
Mark from Mozilla here.

To be clear, by "blocked" Flash we really mean enforced click-to-activate.
User choice is always a #1 priority at Mozilla.

We regularly block vulnerable plugins. What made this block different was that
we did it before Adobe made an update available. Now that Adobe has released
an update, it is no longer true that every version of Flash Player is blocked
in Firefox.

However, we're glad to see the conversation this has sparked. Personally I
align with Alex Stamos regarding Flash, in the thinking that a formal EOL
would be great.

I'd also like to use this space to make a shameless plug for Shumway, a
project set on building a faithful an efficient renderer for the SWF file
format without native code assistance. Ending Flash doesn't need to mean an
end for Flash media.
[http://www.areweflashyet.com/shumway/](http://www.areweflashyet.com/shumway/)

Edit: typo

~~~
koonsolo
Hi Mark,

Technology should be replaced by better technology. To give you some
background: I've written games for all kinds of platforms: PocketPC, Windows
Mobile, (Desktop) Windows, Linux, OS X, Flash (AS3), HipTop, J2ME devices and
some smaller proprietary devices.

Some of those platforms offer write once, run everywhere. On other platforms
every device has it's own quirks and you have to test on every device and
implement workarounds.

You might not like Flash, but it is great at running on every platform/browser
with the same code base. If you test it on one platform, it runs on all
others. (Adobe is also very good at keeping it backwards compatible)

Now, I ask you, what's the alternative for Flash? Does HTML5 offer write once,
runs the same on every platform/browser(version!)? No it doesn't, and it never
will. Even simple HTML pages are full of browser checking hacks.

Now, if you can offer a programming platform where the games I develop on, run
exactly the same on every browser, on every platform, I have no problem
killing Flash. But let's be honest here, only plugins can guarantee such a
thing.

As to Alex Stamos, the top games on Facebook are all Flash. You know why?
Because developers don't have to worry whether or not those games will run
inside the users browser. Because once Flash is installed, they will run
without issues. HTML5? No such guarantee.

So before you declare EOL, please have a proper alternative, where I don't
have to pull my hair and cry all night because browser X on platform Y version
Z seems to break the end boss of level 5 in my game because its implementation
slightly differs from all the rest.

~~~
brighteyes
While I do understand where you are coming from - it can be more convenient to
target a single implementation - the fact is that Flash has not been what you
describe, for a while now. Flash officially announced it would no longer
support Linux, and Flash is not usable in most mobile browsers either, for
example.

Even plugins can't really get you what you want here. Yes, HTML5 has
limitations, as you described, but plugins aren't the solution. HTML5 is
closer, and moving in the right direction at least.

~~~
koonsolo
Mobile doesn't need browser plugins, because it has apps. AS3 compiles to
Android and iOS, just as it should. So I agree with Adobe that mobile doesn't
need to support Flash. BTW, the same AS3 codebase for Flash runs as mobile
apps. Do the HTML5 games support all versions of all browsers on the most
popular mobile devices? Not on mine at least :(.

One codebase, runs everywhere, Flash in the browser, apps on mobile devices.
Personally never had an issue with it.

Although I must agree with you that it's sad Adobe dropped Linux support.

~~~
BatFastard
koonsolo is right on with all his points. Flash is better then HTML5 all
around.

Though personally I can understand why Adobe dropped support for linux, the
market is just too small. Even though this community probably has a higher
percentage of linux user then just about anywhere.

~~~
codewithcheese
Yeah and this community is made up by mostly developers. To turn your back on
developers is shooting yourself in your own foot. However, that is not what
adobe are doing. They have signalled their intention to sunset flash
themselves for a long time.

------
velcro
Bugs are always bad (and security bugs even more so) - but I've always felt
that Flash gets a disproportional amount of hate/hype in the media. To some
degree it should be normal that the more widespread a technology is - the more
it gets targeted for security exploits.

If you run the popular browsers/plugins against the National Vulnerability
Database, you'd get the following results (as of January 2014):

    
    
      - Internet Explorer 366 total vulnerability issues (314 high severity)
    
      - Google Chrome 235 total vulnerability issues (154 high severity)
    
      - Adobe Flash 207 total vulnerability issues (169 high  severity)
    
      - Mozilla Firefox 190 total vulnerability issues (86 high severity)
    
      - Oracle Java 161 total vulnerability issues (69 high severity)
    

[source] [https://nvd.nist.gov/](https://nvd.nist.gov/)

~~~
proactivesvcs
I have a lot of experience of end users and they are forever telling me that
they get so many different "Update this", "Update that" windows that they can
no longer distinguish real from fake. Some of them have been tricked by fake
web site pop-ups as a result, others ignore legitimate update messages. I do
not blame them.

Internet Explorer and Google Chrome get updated in a way that most end users
find to be simple to understand, particularly with Chrome. Firefox is also
quite good in this regard. All of them are reliable - it is rare, IME, to come
across a Windows Update, Firefox or Chrome instance which is silently failing
to update. Or not even bothering to prompt to update.

Flash, however often I install it, just doesn't seem to auto-update reliably.
Quite often it only does so after a user log on/reboot, which doesn't happen
much in the days of standby. Even on brand new, fresh Windows installs (so we
know the OS/Flash isn't broken), I test Flash from time to time and it just
doesn't prompt to update at all on some occasions. This is what makes Adobe's
poor track record exponentially worse - that their software update mechanism
is crap at best.

I was gobsmacked when Microsoft declared they were going to start updating
Flash via Windows Update. Gobsmacked and so very relieved. It felt like they'd
walked into Adobe's office, grabbed their fire extinguishers and told them
"You are so useless that when there's a fire, WE will come and put it out,
since you don't seem able to. We are sick of our offices getting burned down
because of your idle incompetence."

I won't even address Oracle's Java. Bundling malware with their updater is
tantamount to crime.

~~~
jfuhrman
Flash bundles things like Chrome, Mcafee etc.

That's the real reason they don't want a auto-update. Google pays them a lot
for bundling Chrome(I think it's around $1 per install). They keep breaking
the auto-update on purpose so that they can make a ton of money by bundling
other software. Same with Java updates.

~~~
digi_owl
And that's downright weird, given that Chrome use a different plugin API and
thus get Flash bundled.

Even Windows has Flash via the updater.

Just about the only browser that use the old API is Firefox.

~~~
snuxoll
Shock, the only browser that still uses NPAPI is the descendant of the one
that invented it!

Really, at this point I think Mozilla is more interested in just getting rid
of plugins than trying to implement an alternative to NPAPI - why put all the
effort in to support something like PPAPI when plugins should be dead within
the decade anyway?

~~~
pcwalton
It's not a secret. The replacement for NPAPI is the Web APIs. The port of
Flash to the new NPAPI--the Web APIs--is called Shumway.

------
TheWoodsy
This is priceless
[http://i.imgur.com/3uNsIF2.png](http://i.imgur.com/3uNsIF2.png)

~~~
CmonDev
The final act of HTML5 delusion - it becomes "ready" because we say it's
"ready". It's just someone forgot to ask Flash (game) developers' opinion. Not
that it matters, right?

~~~
dannypgh
You really think the opinion of game developers should matter in a discussion
about how to make browsers reasonably secure for people to use without getting
their hosts compromised? Because I don't.

Anger towards browser developers or HTML5 is misplaced; you should be angry
with Adobe for the fact that Flash is buggy, insecure, and closed-source.

~~~
anon1385
>You really think the opinion of game developers should matter in a discussion
about how to make browsers reasonably secure for people to use without getting
their hosts compromised? Because I don't.

I agree, which is why I wish browser vendors would block WebGL by default.

I'm not holding my breath though, because the reality is that market demand
from people like game developers (or at least, perceived demand) is what is
driving the addition of so many complex new APIs to the web.

~~~
justizin
WebGL is about more than games, for sure, why would you want to block
acceleration?

You can go into add-ons and make it click-to-activate like flash, however.

------
kozukumi
God will Flash just die already. Firefox is my primary browser and I run it
without Flash. On the very odd occasion I need it I have IE in protected mode
which has Flash built in. If a site does use Flash I will seek an alternative
though as I hate it that much.

On a side note Firefox without Flash is so much smoother. IMHO it is the
fastest and most stable browser when it doesn't have Flash bogging it down.

~~~
programmernews3
The problem is the long tail of sites or site features that don't work without
flash and users who rely on those sites or site features.

I've heard Facebook video and last.fm streaming don't work without Flash for
eg.

~~~
zvrba
Tidal and Deezer are others which require flash. Both have desktop apps,
however.. Tidal's desktop app is awful and laggy to the extent I prefer using
the web interface; Deezer's Windows app lacks some features compared to the
web player.

~~~
cpeterso
These music streaming sites use Flash because they want DRM.

~~~
zvrba
Is there alternative to Flash which also gives you DRM?

~~~
cpeterso
For browsers that support EME, they can use the "Clear Key" key system that is
part of the EME standard. It's not as secure as other DRM (because the
decryption key is briefly exposed on the client), but it does not require any
third-party license server like Google Widevine, Microsoft PlayReady, or Adobe
Primetime. For a streaming music service, it is probably an adequate deterrent
for ripping streams.

[http://www.html5rocks.com/en/tutorials/eme/basics/#clear-
key](http://www.html5rocks.com/en/tutorials/eme/basics/#clear-key)

------
nkurz
I find "Click to Play" makes for a better browsing experience, and think this
is a fine move for Firefox.

Interestingly, Google Chrome recently moved in the opposite direction, and
removed support for having Flash off by default and activating with a single
click. Instead, they consider Flash to be "important plug-in content". While
they allow you to have it off by default, rather than "click to play", they
now require that you right click then pull down to "run this plugin" each time
you want to activate:
[https://productforums.google.com/forum/#!topic/chrome/xPcpRB...](https://productforums.google.com/forum/#!topic/chrome/xPcpRBzyPcc%5B126-150%5D)

I presume this is because they want to discourage people from having Flash off
by default, since this would mean they would miss too many Flash ads. I took
this as an opportunity to try out some different browsers, and found that
Opera met my needs slightly better than Firefox. If you are looking for an
alternative to Firefox or Chrome, or just want to see what's out there, you
might want to check it out too: [http://www.opera.com/](http://www.opera.com/)

ps. As an example of the new Google interface strategy, to show all the
responses on the Google Chrome Help Forum link above rather than being forced
to click on each one, you can press the 'o' key some random number of times
until they appear: [https://productforums.google.com/forum/#!topic/gec-
answers-f...](https://productforums.google.com/forum/#!topic/gec-answers-
frequently-asked-questions/nwfdaR9x85E)

~~~
gmurphy
Chrome moved to context click + menu because left click is clickjackable, so
doesn't help very much with the security issues.

~~~
nkurz
I've seen this argument, but don't believe that removing the option for click-
to-play improves security. I'd could believe this theory if the default was
simulataneously changed to have Flash default to off, but as it is, the result
is that more users will choose to keep the default where Flash always on.
Surely automatic activation is even less secure than a potentially hijackable
click-to-play?

~~~
gmurphy
I don't believe the small mechanical difference in click activation actually
makes a huge difference to uptake numbers, since the big leap is making the
choice to have plugins not run by default, with the activation path making no
noticeable difference since by then you've already filtered out most people,
who just don't care about plugin activation. This feature is driven by the
Chrome security/privacy teams, who would have reverted it by now if they saw a
regression in usage.

------
mrweasel
I uninstalled Flash a few days ago, because I didn't want to deal with the
updates anymore. Since Flash was unbundled from Mac OS X it has become a pain
to update. I simply don't understand why I need to go to the Adobe site to get
the updates.

Flash isn't super relevant anymore anyway, the main thing it's used for on my
computer is Flash tracking cookies, and I can do without those. I do wonder
how some of the tracking and retargeting companies will deal with the decline
of Flash though. We asked a partner to stop using Flash for tracking, their
response was that it's the best way to doing user tracking. Hopefully they'll
change their mind soon.

~~~
JackWebbHeller
The update process is horrendous. Redirect to Adobe's website, follow a 3-step
'wizard' \- where Step 2 is a placebo 10-second loading bar saying it is
"initialising" \- and Step 3 is an advertisement for installing other crap
from Adobe.

After all that you have to download a DMG, close all your applications and
reinstall from scratch. Why not just build in an auto-update in the background
and be done with it...

~~~
rockdoe
If you're on Windows and are not careful you risk ending up with McAffee as a
drive-by!

------
HugoDaniel
Unfortunately in this case avoiding the problem won't make it go away.

Many old sites will stop working (my first site was done in flash) as well as
many games that are still heavily played today by millions of people. Also
flash IDE provides a good introduction to programming for self-taught kids
these days: many of them still do their first code in flash after clicking on
"that strange icon next to photoshop".

Overall this is a good example of prolonged trusting a binary blob. IMO we
will always tend to do what is more comfortable and we should strive for
openness and transparency in the tools that most people rely for everyday.

The problem persists as long as there are people installing the plugin or
"enabling" it.

We need a real open-source alternative to flash player.

~~~
JonAtkinson
> We need a real open-source alternative to flash player.

We quietly built the alternative to Flash over the last 10 years. It's called
the web.

A standard document in the web browser can play audio, video, display vector
graphics, utilise OpenGL, supports direct drawing via Canvas, and it is deeply
scriptable with a mature, open programming language.

What else do you need?

~~~
probably_wrong
> What else do you need?

I need all of those things to look exactly the same in each and every browser,
instead of corrupted icons or broken navigation because the developer tested
it in Chrome for Windows but neglected, say, Iceweasel for Debian.

I have yet to find a non-flash game capable of doing that. And if the
alternative is "we should discard this closed binary that works in every
platform in favor of this free-but-browser-dependant stack", I find that odd.

~~~
shinratdr
> because the developer tested it in Chrome for Windows but neglected, say,
> Iceweasel for Debian.

Bad example, because Flash for Linux has been discontinued in all flavours
except PPAPI so it wouldn't work in Iceweasel.

------
stevenh
The Flash plugin update fixing the RCE bugs is scheduled to be released
tomorrow by Adobe, after which the block will be lifted.

------
cousin_it
When all browsers disable Flash, a ton of old artistic content will become
unaccessible. I'm thinking specifically about Homestuck animations and
minigames, but other people will have their own favorites. Is there a good
transition plan?

~~~
benguild
However, it will also make it more secure by making it less of a target for
hackers. If you have to enable it only for certain content … then great.
That’s how it should be at this point.

Look at what happened to Java applets.

~~~
yoklov
Java Applets are hard to run on many machines (apple machines are especially
bad in this respect), even for technically skilled users.

It would be very sad to see this become the state of all the old flash
games/animations.

------
xmj
I've been maintaining the FreeBSD port of the Flash 11 linux software for a
year or so.

The one thing I have learned during that time is:

How to write a good VuXML entry.

I agree with the general sentiment of removing Flash, and will do my part in
convincing others that FreeBSD (and, derived, PC-BSD and FreeNAS) should
probably consider setting an expiration date for Flash, then at that date
delete it.

------
shurcooL
I made it my new year's resolution in 2015 to have Flash disabled. For my use
case, it works great. Longer battery, less heat, and the internet still works.

I do turn it on (enable) every now and then for some sites, but very
few/infrequently and turn it off right after.

~~~
tajen
I have all plugins disabled by default on my Chrome. I assume it's mostly
Flash. It's very little disruption, actually:

* Plugins can be enabled using one click;

* The "Copy shortcut" widgets are disabled by default. Too bad, 2 clicks instead of one.

* Some videos are disabled on some news website. Too bad they won't be able to auto-play.

* I very rarely encounter websites (less than once in a month) where invisible plugins are required, so I need to restart the page with all plugins activated. I think Google's Not-a-robot Captcha has difficulties with that, if I remember well.

------
sown
I just noticed notice in the browser window. I didn't recall seeing it earlier
so when I saw this headline, I clicked on the link.

I chuckled when I saw this:
[http://i.imgur.com/CHqRSEZ.png](http://i.imgur.com/CHqRSEZ.png)

:)

~~~
proactivesvcs
Do you want to enable 'Adobe Flash' for the site adobe.com? [Never for this
site]

------
jsingleton
From the page:

"All versions of Adobe’s Flash Player plugin are currently deactivated by
default, until Adobe releases an updated version to address known critical
security issues."

This implies that it will be reactivated soon and this isn't a permanent
block. It looks like the same mechanism that blocks old and vulnerable
versions of plugins like Silverlight.

That said, I've not installed flash in years. I use Firefox as my main browser
with no plugins and IE/Chrome have it embedded (both auto-update with no
system restart required).

------
AndrewDucker
I have that setting already set - Flash is set to "Ask to Activate", which
means it only runs on sites that I actually want it to run on.

Which prevents a lot of autoplaying videos, and also pages sometimes taking a
long time to load on slow connections.

~~~
billpg
They've implemented "ask to activate" badly by making it cover the whole page
instead of per-element. They did it the right way in the past.

[https://bugzilla.mozilla.org/show_bug.cgi?id=886792#c41](https://bugzilla.mozilla.org/show_bug.cgi?id=886792#c41)

~~~
maxerickson
Is it possible to activate Vimeo when using flashblock yet?

Which is a reasonable question in this context:

[https://bugzilla.mozilla.org/show_bug.cgi?id=886792#c1](https://bugzilla.mozilla.org/show_bug.cgi?id=886792#c1)

------
jetskindo
Flash always have security issues and Adobe do their best to fix them.

On the consumer side of things, flash is not so bad. Sure search engines
couldn't read it but there is amazing content generated through it. The
content is,what matters and unfortunately the Web is littered with abusive
flash objects auto playing videos, audio, full screen ads and those won't
simply go away with flash.

At least with flash I can easily disable it. But those auto playing html5
videos and audios ads are just as annoying. Now I need plug ins to disable
native capability.

It's only a matter of time until all ads move to the medium and we find
ourselves complaining.

~~~
thomasrossi
It's not really a matter of ads, ads move the internet so they will always be
there. It's a matter of security, flash has always been a source of flaws to
be exploited. Like.. always, sometimes "trying their best" was really not
effective.

------
erickhill
I wonder how the ad networks/agencies will respond to this if it becomes the
norm across future competing browsers?

Flash ads (including video) can be horrid on CPUs, but they also often have
higher CPMs than static, "cheaper" ads. Firefox seems to be blocking flash
entirely. They’re also doing it in a way that the ad networks can’t tell,
unlike Chrome. In other words, if I disable Flash in Chrome, the ads normally
fall back to (cheaper) non-flash ads. On Firefox, I’m getting blank gray
boxes.

For sites that depend on advertising to survive, hopefully the ad networks
will update their inventory with alternative non-intrusive ads a.s.a.p. so
this type of (admittedly much needed) evolution doesn't suck too many content
providers down.

------
erichurkman
Good, just leave it there.

------
vamur
Good riddance. Hopefully, they not only deactivate it but remove Flash and
Java altogether. These two have been nothing but constant security and
performance issues. And without Flash, Firefox can finally work on GTK3.

------
zeeed
I hope this will be another push for content creators to abolish flash in the
long term.

~~~
Aardwolf
I hope this will not make more content creators choose that annoying unity3D
plugin thing that doesn't support linux for games.

~~~
ars
> that doesn't support linux for games.

There is support:
[http://pipelight.net/cms/installation.html](http://pipelight.net/cms/installation.html)

For me on debian it was install and it worked without even restarting the
browser.

~~~
throwaway2048
this is not support, its basicly running the plugin inside wine, with all the
attendant issues that invokes.

~~~
ars
I had no issues. It simply worked.

------
orf
I uninstalled Flash about a year ago and haven't looked back since. Funnily
enough only Facebook used to give me issues.

~~~
rplnt
I have Chrome with flash installed (not that it gave me any choice), but other
than that I haven't had flash for maybe two years. If I need to play Flash, I
just open Chrome for that. Facebook is one of the last common offenders with
its flash videos on desktop version. I can't comprehend why...

------
kailuowang
AFAIK, the only way for javascript on a website to copy something into your
clipboard is through Flash. It might be a good thing to prevent such
functionality, but I wonder if Firefox took this into consideration.

~~~
longwave
That is simply not true, there are some limitations though these are being
removed in newer browsers:
[http://caniuse.com/#feat=clipboard](http://caniuse.com/#feat=clipboard)

------
reidrac
I find amusing that visiting that same page triggers the 'Firefox has
prevented the outdated plugin "Adobe Flash" from running on
support.mozilla.org.' warning.

------
Bahamut
Looks like Chrome now deactivates Flash by default now too - it says "Adobe
Flash Player was blocked because it is out of date" & I get directed to this
link
[https://support.google.com/chrome/answer/6258784](https://support.google.com/chrome/answer/6258784)

Edit: Ah, looks like I needed to update Chrome with the fix.

------
acd
Flash is also shipped by default and enabled in Google Chrome.

Here is how to deactivate it

You need to go to chrome plugins and disable it chrome://plugins/

~~~
SXX
Keep in mind that flash plugin that bundled with Chrome using PPAPI and
running inside sandbox. So some exploits don't affect that version all due to
different architecture and to escalate privileges some Chrome sandbox exploit
would be needed as well.

------
milankragujevic
If only Firefox actually supported my AMD APU, then I wouldn't have to use
Flash for YouTube and such. I actually force YouTube to play using the Flash
player, as with HTML5 the video freezes and is very choppy. My mother is using
Linux Mint, and for her the reverse is true, Flash is horrible and HTML5 is
smooth and fast.

edit: I use Windows 8.1.

------
nathanvanfleet
Sounds nice, but sometimes I'm on a page in Safari (with Click To Flash
active) and I can't get a page to load at all after "clicking to flash" once.
I think there must be some additional flash file that I don't get the chance
to click or some moment that passed so it can't load.

------
edpichler
Anyone knows if it is technically possible to have the old "copy to clipboard"
function without Flash?

~~~
someguy1233
There's a native cross-browser API that's slowly becoming more compatible from
Javascript.

[http://caniuse.com/#feat=clipboard](http://caniuse.com/#feat=clipboard)

------
codewithcheese
I've been trying to solve this on Ubuntu 14.10. There does not seem to be an
update path. I've installed the deb on
[https://get.adobe.com/flashplayer/](https://get.adobe.com/flashplayer/) which
does not resolve it.

~~~
dchest
"All versions of Adobe’s Flash Player plugin are currently deactivated by
default, until Adobe releases an updated version to address known critical
security issues."

There's no updated version yet.

------
elchief
If you want to make your Chrome Flash click-to-play:

Enter chrome://plugins/ in your address bar, find "Adobe Flash Player",
uncheck "Always allowed to run".

You'll then have to right-click flash content to play it.

------
DenisM
So, my multi-file upload flash button stop working today? Bummer...

Any suggestions for a simple milt-file upload JS library? Something that works
on new browsers, and falls back to flash on old browsers.

------
shocks
I uninstalled/disabled flash on all my systems a few months ago, and have
noticed barely any impact on my browsing. The only site I can think of that
doesn't work is BBC News.

------
0x0
Adobe promising an update "during the week of July 12th"... That was last
week. Or are they for some reason counting last week's Sunday as part of this
week?!

~~~
amyjess
Last week's Sunday was July 5.

The week of July 12 is this week.

~~~
0x0
Not where I'm from :)

------
rockdoe
Seems like only a temporary block. Mozilla isn't brave enough to put it out of
its misery like it belongs. Still some big sites using it though, like Twitch.

~~~
vultour
If Mozilla finally managed to implement the encoding Twitch uses for mobile
devices, I'd finally be able to uninstall that pile of shit. Sadly it's a
licensing issue.

~~~
rockdoe
Yes, Twitch is using HLS, which is patented. The rest of the industry is
moving to DASH-via-JS-and-MSE. Even Steam Broadcasts use MSE now.

------
darkhorn
I wish Facebook and YouTube won't use Flash at all.

~~~
psychometry
They don't; that's HTML5 video.

------
gendoikari
Overall, it's a good thing. Flash is a proprietary technology from the past.
Lets move on guys...

~~~
btzll
Let's move on to Silverlight!

~~~
giancarlostoro
If only that were the case, but they're abandoning Silverlight. It was
actually much more stable for me under Linux than Flash ever was sadly, but
they stopped developing Moonlight as well.

------
bopf
This is terrible for anyone who relies on Flash to get any kind of
interactivity going inside the FB timeline. It would have been better if FF
would just display a warning and then let the user decide if they want the
Flash content blocked or displayed. Obviously it would be even better yet if
FB would finally allow interactive HTML 5 content in its timeline.

------
nkassis
Anyone know if Google Finance has said anything about their charts moving away
from Flash?

~~~
cbhl
If you search for a stock symbol in Google Web Search (instead of Google
Finance) you'll get a SVG-and-JavaScript chart that has fewer features.

If you don't need the specific features in the Google Finance chart, that
might be a good alternative.

(Disclaimer: I work at Google but not on Google Finance. My own opinion, yada
yada.)

------
manishsharan
Is Shumway ready for production use as a drop in replacement for flash ?

~~~
digi_owl
Last time i tried it it could not even handle Youtube.

------
thomasrossi
it was about time!

------
silon7
They should have made it load slower than Java a long time ago.

------
xwintermutex
What about Java?

~~~
sidewinder128
Java plugin you mean right the one that runs on browsers?. Java itself is a
huge topic including JDK, compilers, runtimes, server side etc.

~~~
mahouse
Of course he means that, do you know the thread you are posting to?

~~~
sidewinder128
he could meant JDK, the server runtime many things in Java. and I know the
thread Im posting. you do not need to tell me. You do not need to mention it
like that.

------
CodeSheikh
Death to Flash.

------
Walkman
Steve Jobs won finally.

------
andyl
I like the change. Firefox seems faster. Better to opt-in to Flash as-needed.

------
w342
Linux still struggles with HTML5 and flash

~~~
viraptor
Flash - sure, since Adobe doesn't really care that much. But HTML5? That's in
browser's hands and support depends on your browser choice only.

Did you mean any specific codec for video playback, or something else?

~~~
JupiterMoon
EME is not present on Linux yet I think. I don't really mind this however it
does mean no Netflix without Google Chrome..

~~~
rockdoe
EME is there, but you don't have the CDM.

Outside HTML5 scope, though.

~~~
JupiterMoon
How to disable?

------
hendry
One option was to go down the Click-to-Play route which offers a HORRIBLE UX.
Especially on Youtube which still uses Flash by default.

Disabling Flash however, Youtube actually seamlessly falls back to HTML video.
Well done. But I can't help but think, outside the Youtube world (BBC for
e.g.). LOTS is going to break. I wouldn't take this tact with my parents or
clients.

~~~
magicalist
> _Especially on Youtube which still uses Flash by default_

No since January[1]. Maybe you have an old cookie set or something?

[1] [http://youtube-eng.blogspot.com/2015/01/youtube-now-
defaults...](http://youtube-eng.blogspot.com/2015/01/youtube-now-defaults-to-
html5_27.html)

~~~
JupiterMoon
If you disable Flash completely then Youtube works fine with HTML5 video.
However, when Flash is set as click to play then Youtube still prompts to
enable Flash. Annoying.

~~~
hendry
You're right. :)

~~~
sp332
You can use this page to see if your browser will use HTML5 by default, and
set a cookie to try HTML5 instead of Flash if it's not the default.
[https://www.youtube.com/html5](https://www.youtube.com/html5)

