Browser plugins are a security risk. There “are arguments”:http://www.infoworld.com/d/security-central/are-all-browser-plug-ins-security-risk-449, of course, but I say, why take a risk that need not be taken? If business development has taught me one thing, it is that success is not about taking risks, it’s about mitigating them better than everyone else.
“This HTML5 demo”:http://www.craftymind.com/2010/04/20/blowing-up-html5-video-and-mapping-it-into-3d-space/ shows just how powerful HTML5 is. Click anywhere on the video while it is playing and prepare to have your mind blown. This kind of thing is difficult in Flash, and yet the author has achieved this effect using only his standard IDE that was never designed to support this type of special effect.
If I were Adobe, I’d be working very, very hard at a transitional toolkit that maps the Flash ActionScript DOM and scripting language to a JavaScript/HTML5 combo, all wrapped up in a slick, Flash-like IDE. Today we have Safari, Firefox, and Chrome browsers that support enough HTML5 to do cool stuff like this. By lagging behind, Microsoft only risks more defection from their browser platform, and Adobe could pull a major upset by rolling tools that incorporate open standards. It was tear down the wall between Flash developers and standards advocates, opening the door for a whole lot of innovation built on top of tools that Adobe controls.
Who said this was difficult to do in Flash? Code would be very similar, ActionScript is very close to JavaScript (google ECMAScript).
Minor difference is it would use about 50% less CPU in Flash.
JavaScript is as much a risk as Flash by the way.
Best regards, M
I wasn’t clear about that. By “incredibly difficult in Flash”, I meant “incredibly difficult period”. And by “incredibly difficult”, I mean I’ve worked with plenty of Flash developers who couldn’t accomplish it. For a good Flash developer, I’m sure it’s possible and even straight forward.
The CPU argument is less relevant every single day. JavaScript, on the whole, used to be a terribly slow language. More recent implementations of JavaScript interpreters like WebKit’s JavaScriptCore, Chrome’s V8, and Mozilla’s TraceMonkey illustrate just how much attention is being paid to JavaScript performance these days. HTML5 isn’t a reality today, but demos like the one linked to here show how it could come to be a valid replacement for proprietary standards like Flash.
JavaScript is no more a risk than Flash is. Furthermore, it’s the implementations that represents a risk, not the language. Biology teaches us that diversity is they key to survival. A world in which an attacker can be sure that 90% of the computers are running the same plug-in is a favorable environment for attacks. Open standards make it possible for multiple vendors to develop platforms on which software can run. It is unlikely that all vendors would commit the same mistakes, and if the browser wars have taught us anything, it is that there are still companies out there who will patch early and patch often when developing software.