More Salvos from Apple and Adobe, to No One in Particular
I was out of the country when Steve Jobs posted his open letter on Flash to the Apple web site. Had I been around I would have dissected it. Today Adobe published its own open letter(s) about how great Flash is, why open markets are good, and even an ad campaign promoting choice. This passive-aggressive slap-fest is really just another reason for me to use my Apple vs. Adobe graphic that I spent nearly 10 minutes creating over a month ago.
To put my own preferences out there again, I have been critical of Flash for a long time (Jakob Nielsen roasted it 10 years ago now). The technology itself is mostly harmless, but developers have latched onto it for years to create confounding, inaccessible, and cryptic interfaces for web sites. To be fair, if they hadn’t used Flash, they might have still made the same terrible chum, but Flash just enabled their poor behavior. Apple has always been the plucky upstart that despite being just another corporate computer company had somehow tricked masses of designers and wanna-be-cool-but-different (as opposed to being just different, like *nix users) folks in to giving them free advertising via legions of window stickers and the like. Except now people are recognizing them as the corporate juggernaut they are (When did Apple become uncool? at Yahoo! News).
Let me compare and contrast some points from the two letters.
Open vs. Closed
While Adobe’s Flash products are widely available, this does not mean they are open, since they are controlled entirely by Adobe and available only from Adobe. By almost any definition, Flash is a closed system.
The core engine of the Flash Player (AVM+) is open source and was donated to the Mozilla foundation where it is actively maintained. The file formats supported by the Flash Player, SWF and FLV/F4V, as well as the RTMP and AMF protocols are freely available and openly published. Anyone can use the specifications without requiring permission from Adobe. Third parties can and do build audio, video, and data services that compete with those from Adobe. […] There are no restrictions on the development of SWF authoring tools, and anyone can build their own SWF or FLV/F4V player. […] Adobe Flex, the primary application framework for Flash, is also open source and is actively maintained and developed by Adobe and the community.
As an end-user, I need help understanding Apple’s point. How is what Adobe states any different from Apple’s own WebKit? Because they claim it started as open source, whereas Flash didn’t? The points in these letters don’t speak to the average user, that’s for sure.
I’m going to let Adobe off the hook on this one. As I have said before, HTML is NOT a final specification yet. Apple is clearly pleased as punch that Safari supports much of HTML5, and good for them. But they are really pushing the
Bear in mind that HTML5 has been handed off by the standards committee (W3C, of which Adobe is also a member) to the Web Hypertext Application Technology Working Group (WHATWG, of which Apple is a founding member). It turns out that Apple, Mozilla, and Opera were unhappy with the W3C progress on XHTML and HTML, and so broke off on their own. As a result, WHATWG is working on HTML5 alongside the W3C HTML working group, using the same human editor.
Apple’s revolutionary multi-touch interface doesn’t use a mouse, and there is no concept of a rollover. […] Even if iPhones, iPods and iPads ran Flash, it would not solve the problem that most Flash websites need to be rewritten to support touch-based devices.
Flash was actually originally created as a technology for tablets with touch interfaces. And today, Flash has full support for working on touch-based devices. […] For new Flash content developed specifically with touch in mind, Flash Player 10.1 provides a complete set of multitouch and gesture APIs.
Ok, Apple has a point, Flash does not support multi-touch. Multi-touch is relatively new, however, and Adobe promises it in their (much delayed?) Flash 10.1. I do take issue that Flash does not support touch devices. About 4 years ago we developed a Flash application to run on touch-screen displays for a kiosk, and it worked very well. The issue is again not with Flash specifically, it’s with developers who are terrible at designing interfaces.
Symantec recently highlighted Flash for having one of the worst security records in 2009.
The Symantec Global Internet Threat Report for 2009 found that Flash had the second fewest number of vulnerabilities of all Internet technologies listed (which included both web plug-ins and browsers).
Erm, so who do we believe? Neither links to a report, but they both cite Symantec. So I went to the Symantec site and grabbed the document Internet Security Threat Report: Volume XV: April 2010. I searched in the PDF for Adobe Flash and found this:
In 2009, Symantec documented 321 vulnerabilities affecting plug-ins for Web browsers (figure 9). ActiveX technologies were affected by 134 vulnerabilities, which was the highest among the plug-in technologies examined. Of the remaining technologies, Java SE had 84 vulnerabilities, Adobe Reader had 49 vulnerabilities, QuickTime had 27 vulnerabilities, and Adobe Flash Player was subject to 23 vulnerabilities. The remaining four vulnerabilities affected extensions for Firefox.
Apple QuickTime had 4 more vulnerabilities than Adobe Flash? Did I mention that when I hit the Apple site, my browser keeps trying to get me to install QuickTime? There’s also this quote:
The 321 total vulnerabilities in plug-in technologies for Web browsers for 2009 is less than the 424 in 2008. Of the total for 2008, 287 vulnerabilities affected ActiveX, which is significantly more than any other plug-in technology. Of the remaining plug-ins for which vulnerabilities were documented, there were 54 vulnerabilities identified in Java SE, 40 in QuickTime, 17 in Adobe Reader, 16 in Adobe Flash Player, and 5 vulnerabilities in Firefox extensions.
16 in Adobe Flash, 40 in Apple QuickTime. I really need some help finding Apple’s point. I also need help finding Adobe’s point. From what I see here, Flash is safer than QuickTime, even though (in further reading) it gets targeted more. If you want clear answers, you may need to read all 97 pages of the Symantec document, which was not linked from either Apple or Adobe.
Apple’s letter clearly belies frustration with may have been Adobe’s missed promised delivery dates. Apple also has a point that Flash doesn’t hand off the video decoding work to the processor, eating battery life. Adobe has stated this is coming in the 10.1 release. Apple points to YouTube running as an app on the iPhone, but is silent on the fact that videos embedded in a page are inaccessible but does concede, backhandedly, that
users aren’t missing much video. And then Apple goes on about how Flash is designed to be cross-platform, and as such doesn’t enable developers to write the best iPhone/iPad apps. And this is the crux of it all. Apple just wants the control and Adobe wants in.
Update (May 14): Read Adobe and Apple: Please Spare Us the Platitudes About “Open” over at Mashable for another take on all this.
Take a look at http://www.zdnet.com/blog/bott/how-secure-is-flash-heres-what-adobe-wont-tell-you/2152
I haven't skimmed the Symantec report, so I don't know if the QuickTime vulnerabilities have just as bad a history. For sure, Apple has a so-so reputation for resolving critical OS X bugs in a timely fashion.
Leave a Comment or Response