The title "HTML5 by Default – Draft Proposal" isn't very descriptive, unfortunately, even though it's the original title. Something along the lines of "Moving from Flash to HTML5 by default in Google Chrome" might be more helpful. I'm not sure.
To me, it's not descriptive in the sense that the plan calls for whitelisting Flash on n sites by default. Which means that HTML5 isn't really the default.
Flash is used a great deal for advertisements which most people aren't going to care is missing from a page but it will still trigger the pop over thing.
I find the prompting at the top of the page to be nuisance and people are likely to turn it off so they don't get prompted all the time. Advertisers and malicious sites will find a way to make it appear and then offer helpful instructions for getting rid of it.
I would say for sites, that just push flash without detection, change from the missing puzzle piece icon to a non-obtrusive "run this flash content" play button. You could even add a checkbox to "always play content for this site". That way there's no annoying flash pop over and you only run flash when the user demands it on a case by case basis. This will have the added effect of encouraging content producers to migrate because heavily flash laden pages will just look ridiculous.
For sites, that try to detect Flash, display their "you need flash" messages and respond accordingly to clicks to install. The potential risk here is that people will become accustom to these prompts and a site might try to exploit that to get people to download something nasty.
I'm all for this proposal. It's relatively unintrusive while keeping control mostly in the hands of the user.
Not sure where the official RFC/comment thread for this is, but pending finding that, it would be nice to half a mechanism similar to AdBlock's where a user can whitelist flash based on ___domain, subdomain, or directory[0].
I'm also against the idea of "trusting" the top ten most used domains. It justifies further telemetry by Google (I know, it's Chrome anyway), but more importantly, it puts those "trusted" sites in a position where they can take advantage of their positions to inject malicious or unwanted content into their Flash elements.
I like that Google are moving to this model. It's already how some people (like me) have their browsers configured anyway. Flash is a pain, performance and battery life-wise, and it's all too often used for video ads and such. Making Flash on the web click-to-play for everyone means we're a step closer to confining Flash to the garbage can of history.
"Flash is a pain, performance and battery life-wise, and it's all too often used for video ads and such"
Unfortunately you could easily replace Flash for JavaScript these days.
I wonder how long before the default is to brows with JavaScript turned off... or is it too integral to basic web pages now?
I think we will look back at the days when Flash was prevalent wish we could easily group all the advertising and cpu intensive scripts into a optional plugin.
> I wonder how long before the default is to brows with JavaScript turned off... or is it too integral to basic web pages now?
As Flash once was. Maybe a grass-roots revolt is needed. Something akin to Apple refusing to allow Flash on iOS.
Imagine if js was throttled - or automatically disabled if a page was detected as being too resource-intensive? That would realign the incentives of user and content-producer and web-developers would find it considerably easier to argue for spending time on performance tuning.
I believe Google's using pagespeed as a factor in ranking is a small step in this direction. I hope someone goes all in.
> Imagine if js was throttled - or automatically disabled if a page was detected as being too resource-intensive?
Google tried doing something in that direction, by not running functions registered with setTimeout in certain cases (a pattern that's supposedly often used by ads on a site, impacting load time), thereby breaking a whole lot of legitimate cases along the way.
You absolutely cannot easily reproduce a proper Flash experience in JavaScript, or Canvas.
This is a problem we've been working on for years building animated experiences for kids, and the js "equivalent" is heavy on assets and extremely limits what the artist and developer can produce in the same amount of time.
If a site chooses to have a flash experience, why inhibit that? Google is bullying an already narrowed market.
There are experience that Flash simply handles better, and HTML5 cannot emulate. Animated experiences are at the top of that list.
The correct user experience would be seamless for both the user and the content producer. This UX is essentially warning the user that they are entering unwanted territory, and using fear to narrow the flash market.
Adobe has dumped Flash on mobile. A sure sign that Flash will be dropped on the desktop, too, as developers aren't going to want to have to maintain two workflows.
To support Flash means you are supporting a proprietary software tool and the company behind it, selling development tools.
The tools and implementations might not be up to par with Flash but that's today. The sun will come out tomorrow, bet your bottom dollar that tomorrow .....
I think it was the other way around, Adobe didn't dump Flash on mobile. Also until the "sun comes out tomorrow" why can't a part of the market (smaller/bigger) enjoy the better experience that Flash offers and HTML5 cannot? (animations, games, livestreaming and so on)
Adobe ends mobile Flash development, will focus on HTML5
Adobe will no longer update its Flash plugin for mobile browsers, though it will continue to issue security updates and bug fixes. The company issued a statement to developers conceding that "HTML5 is now universally supported on major mobile devices, in some cases exclusively," adding "that makes HTML5 the best solution for creating and deploying content in the browser across mobile platforms."
I'd argue that the Flash security argument is just a regurgitation of headlines people are reading. Every prolific web technology has a large number of CVE's.
Yes, they do. The problem is that Flash adds a layer of risk and the associated costs of risk management onto the web stack.
Adobe does not bear the cost of maintaining flash integrations, and doesn't bear the cost of the liability for shipping these vulnerabilities. If a user gets hosed because of Flash in Internet Explorer, Firefox, or Chrome, they blame their browser.
This externalization of the costs of securing the product, coupled with externalizing the cost of maintaining browser integrations means that it is harder to build a secure browser.
Flash needs to die, and with a very narrow subset of functionalities, it is no longer needed. Best to let it go so that we can have one less vulnerable client downloading and executing untrusted on our computers.
It looks like a way to enable 'click-to-play' by default without over-annoying users (normal 'click-to-play' sometimes shows the Flash experience even when an HTML5 experience is available). It's also good for security as it makes it more difficult to exploit Flash vulnerabilities (especially in ads). It may be the first step before sunsetting Flash completely as you suggest.
Flash is almost as big of a security problem as Java applets were, and it's only not as big now because most browsers have started putting Flash in a sandbox.
You straight up don't know what you are talking about. Every browser development team wants flash to die because of the security risks, performance, stability, and usability problems it induces.
The reason the flash market has been shrinking is because browser vendors, starting with Apple have been moving towards deprecating Flash for many years because of these reasons.
And yes, the web has deeply ingrained security problems, but so has every single platform for downloading and executing untrusted code. At least most of the major players are now actively engaged in standardizing and improving the security of the web as opposed to a single company with a fairly atrocious record on application security (Adobe).
In fact, the move to native HTML for dynamic advertising has made it more difficult to control browser CPU usage, since before you could cut it down a lot just by turning off flash. Now it's indistinguishable from legitimate page content.
> …will will intercept the request, cancel the navigation, and instead present an "Allow Flash Player…"
That's a bad idea.
If Flash Player is disabled by default, large sites like Pandora will learn in short order that they just need to attempt to use Flash, rather than pointing the user there. If they don't, then they will be replaced by websites that care more about their users.
> When a user encounters a site that needs Flash Player, a prompt will appear at the top of the page, giving the user
the option of allowing it for a site
How about keeping the experience exactly the same for both cases (allow downloading of the HTML5 video source in non-flash format, by using an internal transcoder).
Luckily, almost all of the H*R stuff has gotten ported to youtube content. It's a little sad to not find the random easter eggs anymore, but the stuff is still there for your eeeemail pleasure. (preeeow paper noise)
Absolutely, very little Flash content is being created. But I still think it's not good that we are losing access to waht's already there. It could be this generation's version of link rot (which is still a problem too).
I wonder what their "top 10" whitelisted sites are?
It would be odd (for example) if they whitelisted YouTube to keep that seamless while degrading other sites. (Youtube has had a decent html5 player for ages, but my point is it's a bit arbitrary to whitelist sites in this way.)
Wow, looking at that list, it really is a case of "let's break all the little guys". Why should all these big video sites get to keep Flash, while the rest of us have to jump through hoops?
It's not personal, and it's not about breaking the little guys. Disabling Flash to push the web towards standardized protocols and formats is going to painful for all the browsers, and like many other changes, the biggest blocker is that one of the major vendors has to go first. Expect to see the same move from all vendors that still support flash (except for those that don't believe that flash is the devil).
The Chrome team has to support the majority of their users or they risk alienating their user base, and there is a hard core browser war on out there :) They came up with a reasonable way to decide the "winners and losers", and aim to snip the long tail off. It also puts the supported sites on notice that they need to migrate functionality.
I don't see how it can't be about "breaking the little guys". Google/Chrome has decided a very small list of companies (including themselves, with youtube) get non-broken sites, while everyone else has to cope with their websites breaking. No option of an opt-out. Why not at least lead from the front and block flash on youtube? Because it would seriously hurt youtube of course.
Because Youtube, unlike the vast majority of websites, have a dedicated security team to monitor and prevent malicious content being delivered to their users, active support for flash alternatives, and flash deprecation is already achieved (since early to mid 2015, I forgot the actual date) as Youtube will only use Flash if a more modern alternative isn't supported by the browser.
In other words, you are arguing that new versions of Chrome should continue to support a legacy technology rather than expecting site owners to update their technologies.
Why do you expect Google to accept the externalization of your costs in maintaining current standards? Why should Google continue to subsidize your website by managing error and crash report services, and spending engineering cycles supporting Flash bugs, or Chrome issues induced by Flash when you can't be bothered to migrate from old tech?
I just feel your argument falls apart when Google have decided that everyone has to stop using flash except them. Certainly they are minimising Flash, but why don't they get rid of it 100%, before imposing it on the rest of us?
I don't expect Google to treat me specially, but I don't like Chrome having a special "If website is one of 10 special sites, get to use super-useful bonus browser feature without prompting". But I feel we are going around in circles.
You don't have to like it, but you do have to accept it, or accept that your users will have an inferior user experience, ultimately degrading to no user experience when flash is finally switched off.
It sounds harsh, but it's a reality. The history of IT is littered with the corpses (and zombies) of dead tech, and Flash is fast on it's way there.
When sharing google documents, use the publish feature. It allows more concurrent views and is faster for all (both the end user and Google, which can get very slow at serving highly accessed documents in the editor)
For playing video HTML5 is too slow for old intel core cpus. They should spend more time optimizing whatever video codec it uses instead of depreciating a good existing solution.
While I get why it's built like this, I hate, hate, hate, hate when a slideshow is set up where each slide is a new page. If you didn't open it in a new tab, it makes going back to where you were before a nightmare.
I'm not sure if you visited the page but it's a google slideshow, no advertizing revenue and I'm not sure how much "slide" impression stuff is actually tracked on google slideshow.
