I am all for giving hate to flash. It is commonly found vulnerable. It produce slow websites which eats memory and cpu. It has poor history in non-windows systems.
But in all, I have serious doubt this call was made for any reason beyond pushing users to their app-store. games? online experience? chat? By forbidding flash, companies are bit more forced to turn to apps with their products. Sure, things can still use javascript, html5 and web-sockets, but I would not trust web-sockets to be left alone if they seriously would start to threaten the app world.
Maybe I am just cynical, but follow the money argument looks to support it.
1. Flash isn't prohibited on Windows RT devices. This is distinctly different from Apple's approach with iOS, and Google has removed Flash from Android. [1]
2. Existing Flash websites will run on Windows RT devices. Windows RT will ship with the desktop version of IE10. [2]
Microsoft has made explicit what we all know. There are some websites that use Flash appropriately and in a way which benefits the person browsing, and there are websites whose use of Flash makes the web suck.
Having browsed the web for two years with Flash disabled by default, I'd add that here are a lot of sites which just use Flash for the sake of using Flash. When I don't see it, I still get the content I was seeking.
What bugs me is the fact that we are forced (not a default list, not an opt out list, forced with no alternative if you want to use IE) to defer to Microsoft's judgement on what is a "flash appropriate" site and what is not. Did Newgrounds make their list? Shockwave? Pogo?
Quite frankly, I don't trust them with that power. This is the company that just got off of "monopoly probation".
I'm starting to really tire of this trend where developers lock away even power user settings (like the ability to decide what fucking plugins run in your browser) in the name of "security".
> We place sites with Flash content on the CV list if doing so delivers the best user experience in Internet Explorer 10 with those sites. For example, how responsive is the content to touch? Does it work well with the onscreen keyboard, or affect battery life? Do visual prompts comply with the Windows Store app user experience guidelines? Sites that rely on capabilities (for example, rollover events and peer-to-peer (P2P) functionality) that are not supported within Windows UX guidelines for Windows Store apps, and don't degrade gracefully in their absence, are better off running in Internet Explorer 10 for the desktop with Flash.
It sounds to me like they're just saying they don't want plugins screwing up their shiny new UI. If you want to run your arbitrary plugins, just do it with the classic desktop version of the browser.
>It sounds to me like they're just saying they don't want plugins screwing up their shiny new UI.
The end user's shiny new UI. That's why this leaves a bad taste in my mouth. Why not just make Flash click to enable? That'll stop ads and most other shenanigans while still making things that users want to access (and haven't been blessed by MS for whatever reason) still able to access them.
"Developers with sites that need plug-ins can use an HTTP header or META tag to signal Internet Explorer 10 to prompt the user to switch to Internet Explorer for the desktop."
I would indeed be surprised if they had written "Any commercial competing products to anything in our app-store will also be rejected". It would just surprise me more that removing a large portion of the competition did not add into the decision.
"forced with no alternative if you want to use IE"
Again, Windows RT is expected to ship with the desktop version of IE 10. This means that for most practical use cases, any Flash website can be browsed by any version of Windows 8 - except phone which currently doesn't support Flash at all.
Microsoft didn't come up with the walled garden. They didn't lead the industry in the rush to vilify Flash. And they certainly aren't at the forefront of collecting and selling user data to advertisers and marketers.
Heck, don't even consider monopoly. More practically, how could they ever keep up? Whitelisting the internet for other people is impossible to keep up with.
If you want to talk about problems, let's talk about plugins themselves. They're horrible and should never have been created. Hell, even they were a response to horrible websites which browsers had to deal with. Anything short of proper browser development would of course necessitate having plugins for your browser.
>I'm starting to really tire of this trend where developers lock away even power user settings (like the ability to decide what fucking plugins run in your browser) in the name of "security".
That train has already left the station, with iOS and Apple unable to keep iDevices in stock.
I also run with flash disabled, which helps me not see flash ads (I don't mind non-flash ads). And there's very little actual content that I miss.
Another benefit, that practice immediately reveals the odd flash-only site, showing me a big empty box. I usually bail immediately on those, because there's usually no good reason to do that, so I assume there's a bad reason.
That said, I would rather be the one deciding whether to watch flash or not.
> I have serious doubt this call was made for any reason beyond pushing users to their app-store
Never thought I'd be saying this, but it looks to me like they want to push everyone away from Flash towards web standards like HTML5.
> I would not trust web-sockets to be left alone if they seriously would start to threaten the app world
Windows 8 hasn't even been released yet, so 'app store' apps hardly hold an entrenched position worth protecting. MS needs open standards and a thriving crossplatorm ecosystem more than anyone.
While not released yet, the concept of walled garden and app-stores holds a very existent entrenched position in the commercial mind. I too believe MS need open standards and a thriving crossplatform ecosystem, but I hear more "lets emulate Apple" than I hear "lets emulate linux".
I am cynical. I believe MS want to copy what ever method is currently earning any other software company most money in the shortest term. App-stores keep being portrayed as the one great place where money is earned on software. Like many, I am also tired beyond reason of the word "app". I still see ads in the street that talk about "get our app!" as it would be completely different to say "Buy our software". Sooner or later, that bubble will burst, but until it does, I will doubt the motives of any move that cut of competitor in favor of an app-store which one single entity control.
The Flash whitelist is only for the formerly-called-Metro immersive browser that will primarily be used on touch-based tablets. It does not affect desktop IE10.
Many Flash apps were designed for big screens and mouse interaction where pointer precision is great. Now you're throwing them onto a screen that's smaller and using a fat finger to emulate a pointer when the Flash app's target areas weren't designed for that.
Now certainly, some Flash apps will work. Other apps will not because they just weren't built with this environment in mind. If the user ends up running one of the apps that fail, they will have a bad experience. It happens all the time with the iPad where Flash doesn't work at all.
To improve the experience, you could make a whitelist of apps that work, or a blacklist of apps that fail. Which implementation you might choose would depend on whether you expect more good or bad apps, the complexity of managing the list, the impact of failure on the user, etc.
How is having an empty rectangle a better experience than a maybe broken flash app ?
Using your argument they should also whitelist websites because some of them have bad interfaces or inappropriate content. For example some drop-down menus only open on hover and so won't work with touch interfaces.
Microsoft could have taken the approach of running Flash in it's own Win8 app container, but apparently wanted to put as little effort into it as possible.
Well, we have come to a point where no one actually cares about IE. Everyone wishes this browser wouldn't exist and most of the people use it as a tool to download Chrome and Firefox.
Having said that Microsoft's new policy is either aimed at discouraging Flash altogether OR this is just a test. They want to test users are willing accept this kind of feature where MS white-listed websites are given more power than the normal websites. Expect more to happen on this front.
Developers, myself included, may not care about IE as a browser, but the vast majority of the people using my web applications most certainly do as they are using IE. So I care about IE in that I have to field a lot of support requests for it and ensure that the JavaScript I wrote doesn't bomb out on a dangling comma. Those IE users also pay my employer a lot of money to use those web applications to get their jobs done. So yes, people, as in civilian non-developers, do care about IE, quite a bit in fact.
>most of the people use it as a tool to download Chrome and Firefox.
Not true. A lot of people still use it as in use. I was alarmingly surprised to find the number of users using IE as their main browser in my office, other than mandatory use to access company portal. And oh, my company's entire mail/issue-tracking suite works on this piece of art.
You'll need a big monitor, as this was a quick hack and doesn't function very well on small screens, but you can see the number of people using IE across all of the sites our JS is loaded on in real-time.
My initial reaction was oh noo how dare they take something away from me, I then realised I have chrome.
I then got thinking, as a default for a browser that will end up in corporate desktops and home users that this is actualy a realy nice move. I'm sure there will be some registry hack to negate this, but for the common user who lacks the ability to do that are perhaps best left with there internet L plates attached.
In summary, big fat +1 from me on this as anybody who is able to bypass this hurdle will be alot less likely to fall foul of this safty net. Less infected PC's, less spam, less crap in general.
Lets not also forget the big benefit this betowes upon us, less calls from friends who's PC's/Internet seems to be running a little slower and after 15 minutes on the phone you realise it will be easier to see them.
No, Silverlight doesn't run on IE10 Metro. I just tested that it doesn't run on an arbitrary site, and I don't think it's possible to even whitelist it.
Silverlight can enforce protected streams to the output devices. I couldn't play netflix streaming movies on my old monitor since it didn't support HDCP.
No, they had to kill it because the iPad wouldn't run browser plugins. They then transitioned to a plugin free HTML5 mobile web to help all developers.
Microsoft is being like Apple; like Apple, they know Flash isn't a good answer for tablets and mobile and they're guiding people towards something that is. In fact, Microsoft is pushing developers towards HTML 5.
Note that desktop IE 10 supports Flash and other plug-ins just fine. I run Windows 8 preview on the computer in my ham shack and I find that do almost all my browsing with the desktop IE anyway. I just use the Metro IE to visit QRZ, which is a web application for looking up call signs and logging contacts.
Earlier, the plan was to have no plugin support at all in IE10 Metro. Microsoft is positioning the whitelist approach as a backwards compatibility shim for high-profile sites that won't or can't give up Flash.
And if this is controlled by group policy, then this allows them to increase security for end consumers whilst allowing business customers the ability to carry on supporting the internal use of Flash that they may (feel that they) require.
The whitelisting is on the IE10 thats embedded in the Windows 8 ui (those fancy tiles). The normal IE10 browser that you use to browse the web with has no such limitations. Nothing to see here...
Why is that? Flash seems pretty logical to me. If you were giving the choice to either design with a single language that compiles to bytecode and runs in a vm(jit), or an array of interpretive scripts that's heavily submitted to fragmentation, which would you choose? You'd probably go for the first, as would I.
Flash may be a bad implementation of good idea, but alternatives have not exactly wooed me either. To be quite honest; they all seem equally flawed to me. The fact that jQuery, Bootstrap, and others originated out of overcoming fragmentation pretty much proofs that point. Also different JavaScript engines give you different performances and have different bottlenecks. At least with flash you had the guarantee it would crash the same on all platforms.
I agree that the idea of a cross-browser, cross-OS bytecode platform is really nice. Every time I hear of "X-to-javascript" compilers I cringe a bit.
But with flash the fatal problem is, and always was, that the only viable implementation of the interpreter is a proprietary and buggy blob, not even available for all platforms. Apart from that being a plugin also made it clunky, too much like a "java applet" (it never integrated into a page as well as javascript does).
If it had been based on an open specification (like HTML5 is now) then it could have been successful. Different browsers could have competed for the fastest and most secure JIT, like they do with javascript now. The end result would probably have been great. Alas...
Even non-technical people I hear complaining almost daily about what a piece of crapware the Adobe Flash plugin is, after it crashed for the zillionth time. Everyone wants flash to die, as the last sites that still require it either move to HTML5 or are replaced.
>At least with flash you had the guarantee it would crash the same on all platforms.
Uhm no. The Mac-version usually was both slower and less stable than the Windows-version.
And the situation in JavaScript-land is getting better too. jQuery was developed years ago and while it still does paper over some implementation gotchas, it's main focus has shifted towards providing a nicer DOM-API. Since ES5, I started migrating away from jQuery for some more leisurely projects.
When we data security advocates discuss things like promiscuous trust among SSL certificate authorities and one-click scary page bypass features with browser vendors, inevitably the old adage comes up "no vendor is willing to lose market share by making its security policies more restrictive than the others".
Perhaps this is a test case trying to break out of the old status quo?
Disclaimer: I recently accepted a position at the big M itself.
Apple broke that status quo by not allowing flash on iDevices at all. They had the advantage of the Steve/Apple "the people like it because we say they should and they think we a cool" super-power though, which MS do not currently poses, and they had both the performance (much Flash code is badly written and would devour battery life) and UI (much flash code that is out there won't work well on a touch-screen interface) caveats which are easier for the user-on-the-street (at least those I've talked to) to get their head around than security & stability problems.
This is though the first test of kicking flash in the teeth in a less restricted environment than the iDevice ecosystem, so it is still a brave move to be the first to do so (time will tell whether it is a brave move in the Yes Minister use of the word "brave"!).
One key fact that will help is that there is a growing perception amongst people who don't even know what Flash is that Flash is an out-dated technology, mainly because of the iDevice thing (if your site/app won't run on my iPad because of this "flash" thing, your flash thing is wrong not my shiny shiny). This will help MS and other browser makers as it reduces the uphill struggle convincing people that losing the feature is not too much to pay for the potential security and stability benefits.
Of course the other key factor will be what sites are on the white-list and how they address not being if they aren't (do they change tech, do they follow what-ever procedure is needed to get on the whitelist, or do they just tell their users "IE10 doesn't work here"?). I can name many video sites that MS won't want to be seen to support and won't want to make changes or pay for certification (or what-ever is needed) in order to get on the white list. A great many people use those sites regularly while pretending they don't know they exist - if those sites don't move to HTML5-video (with the problems that still exist there) or somehow get on the white-list those people might find some reason to switch to Chrome/Firefox/other (or stick with IE9) rather than upgrade to IE10.
The iphone/ipad web browsers already don't support flash, so dropping flash support isn't entirely a new thing. I for one am looking forward to its death on more platforms.
Hmm. Reading the linked MS document, it sounds more like they're desupporting plugins more for user experience consistency reasons than security or anything else.
I'm becoming confused as to who Microsoft are anymore. They continue to disappoint by chasing other people's customers while alienating their existing ones.
I've been here before with WindowsCE and WinMobile. :(
reading the lines, It seems this is only in the Metro version of IE. But still an hassle, where the desktop IE pops-up when non white-listed Flash content is on the page.
Submitting your site for consideration for Internet Explorer compatibility
As stated previously, developers who have sites that require Flash Player can mark the page with a META tag (or serve a header) indicating that the site requires a plug-in. This causes Internet Explorer 10 to prompt the end user to open the site in Internet Explorer 10 for the desktop. If a site is on the CV list as compatible with Internet Explorer 10, Internet Explorer 10 will always open it with Flash Player enabled and the user won't be prompted to open in Internet Explorer 10 for the desktop.
Interesting.
Flash is not just video and ads. Flex is a powerful and rich application stack on Flash platform. There are numerous sites out there using Flex.
There was recently a big furor over Notch's statement that he refuses to let Microsoft certify his games for Win8. Many people felt he was being childish and throwing a tantrum, while others think he's a visionary and working to prevent MS from walling off Windows like the 360.
Personally, I think it's a fight worth fighting, since they really could go that route if they got enough buy-in on it. And I don't doubt they would, if they thought it was in their best interests. That's what corporations do.
Luckily, Linux has recently gotten a lot of support from indie developers via Kickstarter (and the players' demands for a Linux version) and it's starting to look more viable as a platform for commercial games. We can hope.
The problem with Notch was that it was impossible to find out exactly what he was ranting about when he is fine with accelerating the demise of the PC by having his game run on the locked down iOS but not releasing it in the Windows 8 desktop store which is open.
Reading the MSDN page posted on a previous comment, it looks like they are deprecating activex interface for IE. Flash, Silverlight and any other plugin using activex to interface more directly with hardware will be affected.
Also an interesting information: there are two versions of IE. How and why should the user choose which one is more appropriate? Will the locked down version be default?
It's coupled to the "split personality" of the Windows 8 UI. If you start IE from desktop mode, you get "desktop IE", with desktop UI conventions, and web sites with flash will still work. If you select IE off the browser tile in the formerly-Metro "start screen", you get mobile-style UI conventions, and flash breaks unless you're on the whitelist.
Either they're expecting everyone who uses flash in a significant way to get whitelist approvals (and how many people do they have vetting those, anyway?), or they don't mind a period where, from the user's perspective, stuff randomly breaks for reasons that are not likely to be apparent. (Even if you tell them "well, it's how you started the browser fifteen minutes ago", they'll ask, "and why should that matter?" They have a point.)
doesn't the significance of this depend on the roles of the two browsers in windows 8? is that explained anywhere? how can you understand or comment usefully on this without knowing what the difference in uses for the two is?
I am all for giving hate to flash. It is commonly found vulnerable. It produce slow websites which eats memory and cpu. It has poor history in non-windows systems.
But in all, I have serious doubt this call was made for any reason beyond pushing users to their app-store. games? online experience? chat? By forbidding flash, companies are bit more forced to turn to apps with their products. Sure, things can still use javascript, html5 and web-sockets, but I would not trust web-sockets to be left alone if they seriously would start to threaten the app world.
Maybe I am just cynical, but follow the money argument looks to support it.