Hacker News new | past | comments | ask | show | jobs | submit login

If flash was just unstable, unbelievable demanding on system resources and a user experience mess that would've been fine. What you are missing is that flash is not much more than a cross platform security hole and an open door to a large percentage of all general purpose devices in existence (only surpassed by PDF, but luckily there are non-adobe readers for PDF).

Any alternative to showing videos on the web will obliterate the need for flash for pretty much all users, and it's hard to imagine any alternative actually being worse for that (but deciding on format sure seems tricky).




The security liability Flash presents is an important and under-appreciated issue today. I guess it wasn't on the radar so much when Nielsen wrote this article.

I didn't know until today that this spring's RSA hack used Flash:

http://news.ycombinator.com/item?id=2927996


The guys that did the RSA hack would have found another attack vector even if Flash wasn't installed. Maybe they would have gone for a Java applet based attack, or perhaps in the future they'll target WebGL. The more complex your browser's capabilities are, the more surface area you have exposed to attack. Even if you reduce that surface area considerably, for example, by switching over to text only browsing for all of your employees, a motivated attacker would probably just find some way to cause a buffer overflow in the browser's text parser... Where there is a will, there is a way.


The guys that did the RSA hack would have found another attack vector even if Flash wasn't installed ... The more complex your browser's capabilities are, the more surface area you have exposed to attack.

Perhaps, but interestingly enough the attack wasn't against a web browser, but against Excel running a Flash applet. Maybe that path was chosen because it's less carefully examined by security policy and security software; I don't know.

In any case, it's certainly true that this pathway wouldn't have been available if not for the unnecessary use of Flash in places where it doesn't belong, i.e., Excel. Which ties into the theme here rather nicely; Flash used unnecessarily is worse than Flash eschewed entirely.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: