Browser security: "The main thing is not to install Flash!"

I have to ask, if the writers at tuaw dislike flash so much, why is it used so often on this website. I enjoy reading this blog and generally like what they have to say but this position against flash is very strange. They use it all the time and then tell me how bad it is and why Steve Jobs is so right. It reminds me of someone telling you not to smoke while they have a cigarette in their mouth.

Come on TUAW. How can you play thousands of webgames without Flash, see animated interactive experiences? I'm not a Flash fan, but disabling is a stupid tip.

As a longtime Flash/Flex developer, it seems that most of the arguments against Flash seem totally misplaced:

Security - all web platforms, languages, plugins, players etc. have security implications. I am willing to bet that HTML5 has some major exploitable holes as well. It is up to the developer to create secure applications using best practices. The problem may be that Flash has a long history of attracting designers and artists almost as much as code warriors, and their creations are not as airtight. That's not a "problem" with Flash.

HTML5 - Even assuming HTML5 will have every animation, interface and RIA feature that Flash offers (which is delusional), it's all code. Creative types (i.e. the front end developers) like Flash because it offers an intuitive visual development environment. Code should be limited to backend programming, not for designing the user experience and good luck convincing development teams otherwise.
I will also add that HTML5 is almost guaranteed to suffer from the same crap that current HTML and CSS "standards" do - every browser implements their own approach making development a ridiculous exercise in non-stop compromise. Flash/Flex suffers very few of those problems.

System resources - I have yet to see a scientific, side by side comparison of all OS, browser and content delivery options to prove Flash is more of a hog than any other similar option, and that the problem truly IS Flash. All I've ever seen is anecdote and opinion. If someone can prove otherwise I would be interested to see the data.

Apple/Jobs - Let's be honest here - Jobs is simply trying to snuff out any platform that might harm app store sales. Whether you love or hate Flash, this much is indisputable - Flex RIAs delivered to the iPhone/iPad via browser could replace some 70-80% of the apps on the app store, without Apple getting a dime from it OR being able to tell people what kind of content is acceptable. Any app that does not take advantage of native iPhone SDK features would move away from Apple's restrictive, expensive process overnight if Flash was allowed on these devices. Why wouldn't they? Being in the App Store does nothing for sales unless you are lucky enough to be in the top 25 list, and you have to give Apple a cut. Your entire existence hinges on the whims of Apple.

I installed click to flash a few weeks ago and have noticed a great improvement in the performance of my MacBook. Great tip!

I watching a ballgame on MLB.TV right now, and my processor usage for Safari is >50%.

Aside from the security implications of Flash, it's also worth pointing out the privacy headaches, too. Flash 'cookies' are widely used to track you across sessions, don't expire like normal cookies, and aren't generally managed by the browsers. Firefox's BetterPrivacy extension is a good solution to the problem, along with NoScript to limit the number being set in the first place.

I quite frequently write flashplayer-deployed code on my Mac, and think most of the noise is coming from the technically illiterate who reflexively parrot whatever comes out of the black turtleneck. There are a lot of very cool RIA apps out there that are built on top of Flex for enterprise customers. HTML5 and Ajax simply can't replace the type of apps created using the Flex stack and available through the flash player. (particularly the interactive data visualizations on virtually every financial site). That said, reducing your exposure to the typical adware or random flash craplets on the tubes goes a long way to providing a safe browsing experience. Absolutely ditch flash for video, but there is still a lot of very cool innovation taking place using adobe technology as a component of a bigger picture.

@17 Did I say ANYTHING about wanting Apple to "fix" Flash?

And I'm just as certain that the security issues with Flash have nothing to do with Apple supporting it. Apple has said it's the CPU/overhead issues that keep it off the iphone and ipad.

...and it's probably a little easier to do optimization for an OS when the makers of that OS are willing to share their APIs.

from "Daring Fireball" (who's on Apple's side) and Adobe's complaint that they can't optimize for Apple without Apple providing a public API to make this happen.

"I’m aware of no reason to dispute this. Windows is more hospitable to a third-party runtime like Flash than Mac OS X. I think most would agree that Apple is an opinionated company (to say the least), and they make opinionated products. The runtimes Apple cares about are Cocoa and WebKit. The Apple way to play H.264 is through the QuickTime APIs (and really, as of Snow Leopard the new QuickTime X APIs)"

Hate to burst anybody's bubble, but Flash isn't going anywhere any time soon. You can do all the HTML5 embeds you want, all the redeveloping in Java/Silverlight/Whatever in the world, but it's not going to change one fundamental fact: advertising.

Ad networks and remnant providers aren't going to change the thousands of hours they have invested in developing ad-serving platforms for flash-based video, nor are they going to convert millions of .flv video ads to another format. We all like HTML5 because it removes so much bloat from the process. But there's no money in that - the money is literally in the bloated things ends users hate.

We can write all the highfalootin' articles we want about how horrible Flash is, but at the end of the day there's an enormous chunk of the Internet's revenue stream that's dependent on Flash. So if it bugs you that much, install a plugin to get rid of it, but get used to the workarounds, because they ain't going to end.

"When it comes to browser security, Charlie Miller says that it's all about Flash. "

WOW! It's so good to know that we don't have to worry about ANYTHING browser-security-wise as long as we don't use Flash...

Yes, I run FlashBlock/ClicktoFlash too, because yes, Flash is overused, but for some things it's still useful, and for all the Apple fanbois to just run around screaming "HTML5!" is just stupid.
Every site in the world (that uses Flash) is supposed to redesign everything RIGHT NOW because Jobs doesn't want anyone stepping out of the Apple sandbox?