I really hope this works, but I fear it will die a shumway death. One of the issues is there are two complete run-times inside of Flash. AVM1 (for AS1/2) and AVM2 (for AS3). AS1/2 is much easier to program and probably emulate. AS3 was much more advanced and was actually a pretty good language. Adobe should release the source, but probably doesn't due to all the security holes that probably are waiting to be found. Of course, that is speculation.
> Adobe should release the source, but probably doesn't due to all the security holes that probably are waiting to be found. Of course, that is speculation.
The AS3 spec, compiler and runtime/VM are all open source, have been since at least 2008 IIRC. Details are in the wikipedia page you linked, third paragraph.
Aside: discussions of Flash or its legacy have an unfortunate tendency to get derailed by FUD, so it would perhaps be useful to avoid speculation like this where possible.
The AS3 VM is helpful, but only part of the player. The fact remains there is no player source to use as a guide for porting to other languages. It’s similar to the .net scenario. MS releases .net core open source, but didn’t release the GUI parts (until recently).
I don't think anyone at Adobe is against open-sourcing the whole player; the problem would be relicensing it. It's a massive, hugely complex project, with lots of chunks that were licensed or written by other parties. And the codebase was probably 10-12 years old before anyone even considered the idea of opening anything...
I definitely agree it'd be hugely useful, and wish it would happen, but I kind of doubt we'll ever see it.
They didnt release the GUI cause .NET Core is a rewrite. .NET Framework is only compatible through a common library between .NET Standard. Outside of that as far as I am aware they are similar but different runtimes.
Flash Player contains a host of third party, commercially licensed software inside of it. Its source will never be released and it has nothing to do with security.
> I really hope this works, but I fear it will die a shumway death.
Yes, it may find a niche subset of Flash content it can do well, but there have been many attempts at Flash replacements, and all of them have failed, including serious ones with corporate backing like Shumway. Another cool one is Lightspark [1]
The only real chance at 100% preservation of Flash content is for Adobe to open source all of it - the VMs, the runtime including the graphics, etc. - and to compile that.
One point about this project and others like it is that we really ought to not lose all the content created over more than a decade of Flash development. From Orisinal to Yugop, that work shaped the Internet and web today and should be preserved.
I spent several years working primarily with Flash. I started originally with Director and Lingo, then moved to Flash and ActionScript. I built games, microsites, campaigns, competitions, a whole bunch of annoying Facebook apps, you name it. This was back in the day when I was whoring myself out to ad agencies as a freelancer and mostly working on brand/campaign stuff.
Looking back on it, I have nothing I can show for it, really, besides some screenshots here and there. Pretty much all of the sites and projects are gone. It's a bit of a shame. This industry changes and moves forward at a lightning pace.
Some of the other people from my uni went into motion graphics and they can at least use examples of ads or animations from over a decade ago in their showreels. We can't really do that as web developers because of the dynamic nature of the medium.
You can always take screenshots and document things yourself. Portfolios are usually pictures of your work and descriptions not a full blown browser executable.
Before everything went south, I recorded screen movies of some of my games in action, and grabbed some other visuals. Of course they're at postage stamp resolution by modern standards, but it's something. As far as looking back on my body of work as an old man goes, at least I have a lot of other things to look back on, but a whole chunk is probably lost to the ether.
This is pretty great! I remember building stuff with Flash back when it was still owned by Macromedia. There is a solid level of nostalgia for me there. I know one of the major concerns became security with enabling the Flash player. I assume with WebAssembly as the compile target we don’t really have to worry about it as much? Does anyone know if we are going to start seeing things like memory leaks and buffer overflows with web assembly or is that not a thing? I know Rust does a lot to resolve memory issues but I’m wondering about the other languages that compile to web assembly.
One of the big problems with things like Flash and Java on the web was that they were separate codebases from the browser, but (often) ran inside the browser's memory space, which was kind of a worst-of-both-worlds situation: multiple VMs each with their own individual vulnerabilities, but compromising any one would give you access to all of them.
WebAssembly is different because it's built around the high-performance JavaScript VMs that have been developed over the past decade or so. When a browser-maker fixes a security hole in their VM, it's fixed for JavaScript and WebAssembly at the same time, because they're built on the same foundation.
So no, you don't have to worry about security as much with WebAssembly - not because of any magical security properties WebAssembly has, but because even though the WebAssembly API is new, the security environment has seen decades of hardening.
WASM can't magically make memory-unsafe languages memory-safe. You can still have memory leaks and buffer overflows, but (assuming a correct WASM implementation) a buffer overflow can not result in memory access outside the WASM instance's memory space - unless you provide it with the facilities to do so.
This is really cool. Just imagining all the work involved and the developers seem very knowledgeable and optimistic about it. I think it'd be cool glean some insight from them about runtimes and standards.
I wish them the best of luck on their path to full compatibility with Adobe flash.
I'm sort of at a loss to this.. flash was disliked because of three things, for the most part:
• Capability of ActionScript (which can harbor malware) along with potential vulnerabilities in the interpreter itself.
• Memory and CPU usage
• Proprietary
Does this rust variant even address all of these? Are we hoping to shim flash support into wasm-supported browsers? What good would this bring, specifically in regards to native flash's shortcomings?
Not trashing the project, cause it's actually really cool, just curious why.
Additionally, Flash was an amazing medium for animation in the era before high speed internet. Because much of it is vector based, file sizes are very small and videos from 2003 scale perfectly onto a 4K monitor. Can't say that about any other internet videos from the pre-youtube era.
It was also hugely loved among amateur artists and animators, which led to the creation of most of the vast array of creative works I enjoyed as a kid.
I don't think I've ever quite gotten over my resentment at the tech community for killing Flash in the name of "security".
I don’t remember security being the reason flash was killed, but rather mobile being the culprit. Flash on first gen smartphone was just impossible to run, it was slow, not meant for touch, basically a horrible user experience that also drained batteries.
So, most ads skipped to JS or gif animation, and most game developers rushed to develop for the app stores (where money could supposedly be made much more easily than on the web).
As someone who dealt professionally with security issues from about 2000 onwards, many involving Flash 0-days, I have about as much fond remembrance of Flash as I do for polio or smallpox. I regard it as an infectious scourge that humanity has finally largely eradicated, and we're healthier for it.
As someone who used browsers in 2000 I have the same fond remembrance of JavaScript. Yet for some reason it still spreads like aids instead of following flash on its way out.
Long-time AS programmer here. It was on its way out either way. The runtime just wasn't up to scratch and accessibility implementation was often ignored. I made my last piece of Flash work in 2011, knowing this would be the last time I worked on AS. Flex was a bust, the frameworks were all over the place, and ultimately the developers of libraries and frameworks were moving on anyway to other interesting things like iOS development. Key people just lost interest too.
Yes, but those same artists now use open source 3D animation, and probably contribute to various indie game projects. Flash didn’t go away entirely because of security, there was no innovation, and the most anyone could aspire to was making adventure games or flash stick figure games/movies back then.
I personally miss the existence of thousands of Planetarion clones on the internet.
Those artists are still using AOT compiled Air runtime, or have migrated to either Animate CC or Unity, although a minority might have given a shot to OpenFL/PlayCanvas.
There is no miraculous contribution to open source 3D animation going on.
There’s no census of independent art, and what is available to me is on the recommendation sidebar of various video sites, so I disagree, but acknowledge we live in different echo chambers.
Let’s not forget Flex and Air. These two were way ahead of its time. There is still no technology out there that would match the simplicity of these two combined.
I don't understand why people keep repeating this. This is simply not true, Flash wasn't slow at all. It took HTML5+js+canvas years to catch up with Flash performance-wise.
Even after the introduction of GPU acceleration in browsers such as IE9 and Firefox 4, on typical machines of that period HTML5 was still far too slow for browser games, while Flash was usable even on Pentium III-era computers.
I remember working at a major online publisher in 2006 and having to spend an entire week going through bureaucratic layer after bureaucratic layer because one of our advertisers' SWF files had a simple horizontal scrolling animation that was pegging the CPUs of our gutsy dev boxes at 100%.
Obviously it was possible to code competent stuff with Flash; that kind of competence tended to be limited to few expert publishers.
Flash was performant in the sense that it allowed you to run decent graphical games at an acceptable framerate.
Flash was unperformant in the sense that it stole all of your computer resources to do it, and didn't play well with other elements on the page that needed those resources.
But GP is right that when canvas started getting pushed as an alternative to Flash, you just couldn't do as much with it. I remember seeing people online talk about how Flash could finally die, and then I'd load up the demo projects that they linked to, and they'd chug at 15 fps on my computer -- a computer that was more than capable of running a 30-60fps bullet hell flash game.
You have to remember that the game developer community's experience with Flash was, "you go to a page, full-screen my thing, and then play it." They weren't worried about how Flash interacted with the rest of the web, they just wanted good framerates and audio controls. The web developer community's experience with Flash was, "you go to my page, and suddenly everything slows down because Greg in marketing wanted to make a funny ball bounce around the side bar." They didn't care about whether canvas was hitting 60fps with hundreds of sprites, they just didn't want their webpages to freeze.
> I don't understand why people keep repeating this.
IMO, it's because flash was not great with resources, but good enough to try advanced/creative things. Sure, canvas wasn't even a common thing at the time, when flash supported many video/graphics use cases.
But that meant people thought a few effects on the website was worth including a flash animation which pegged your CPU at 100% for a while. Or auto played some FLV which killed performance for the entire website.
The performance was also very platform dependent. "Linux can support 128 cores, but can't play YouTube without stuttering." was a meme, but also the truth for many users for a long time. Then Adobe pretty much abandoned the plugin support on Linux.
So sure, the tech was great, and many people implemented it - maybe too many and too early.
The project's roadmap (https://github.com/ruffle-rs/ruffle/wiki/Roadmap) says: "The Flash Player has existed since 1996, and there are millions of pieces of Flash content around the web. This content represents an important piece of computing history and culture ... Ruffle's chief goal is to preserve this legacy content and keep it accessible for the future."
Putting it into WASM at least will deal with a lot of the potential issues that AS could have, simply because WASM doesn't have access to the outside world to attack anything.
As for RAM and CPU usage, there's not much that can likely be done. Better garbage collectors and other things like that might help but Flash itself was the cause of a lot of those problems.
If this was a full implementation it'd be something open source that could run flash files/movies, so it'd be a bit less proprietary. There still wouldn't be open source editors that could handle doing it all so it wouldn't be complete or even close as an ecosystem.
That said, all this could end up creating a good alternative for when all the browsers and adobe drop flash support in the next year (Firefox ESR is the only one I know of that's committed to supporting it until the end of 2020). A sane and safe migration path would be really useful for somewhere like newgrounds or archive.org to preserve internet history.
Unlike flash player, this runs in the browser sandbox. It's limited to what WASM and JS can access. It's also OSS, so definitely not proprietary. I can't answer the resource usage part.
I'm not comparing Flash to WASM—I don't care about it, I don't use it, I'm suspicious of why people really want it. But at least WASM has a specification and independent implementations.
Regardless, that's whataboutery. Flash Player was famously riddled with security bugs. The question is [Browser + Flash Player] vs [Browser] and the answer is obvious. Removing an entire surface area—a pure subset—is always a security win.
All the down-voting is hilarious. Clearly there are still some people feeling quite raw about the loss of this proprietary web extension. If you think I'm wrong, please tell me about it.
I'm 100% on board for projects like Ruffle to exist for reasons of archiving history.
My objection is only to people who in any way lament the death of Flash. Consider that nobody is scrambling to build a clone of the Netscape Navigator 4 parser and renderer. The fact that this project exists is testament to its importance for a brief period—but also to the awfulness of the canonical implementation.
People talking fondly about flash are thinking of the way that it massively lowered the bar to creating interactive content on the web, ushering in an explosion of indie games, animations, videos, etc., the like of which the internet had never seen and may never see again. The "awfulness of its implementation" (compared to what, one wonders?) is orthogonal to what people liked about it.
Absolutely, Flash inspired a form of artistic communication. But it wasn’t as egalitarian as you imply—and to the extent that it was egalitarian, I suspect that was on the back of rampant software piracy.
Meanwhile, plenty of treasure has been found in the smoldering ashes of a dumpster fire. Rick Astley inspired an entirely new genre of comedy. That doesn’t speak to the inherent merit of his music.
There are things that were easy to do with flash, and are still a nightmare with html, like group video lectures with chat. Adobe even provided their own media server. Replicating that with html is not at all easy to solve.
And no, making “an app for that” is no replacement
So what? Flash created all sorts of usability problems. Horribly inefficient video playback, keyboard focus stealing, not responding to mouse/trackpad input the way native widgets do.
I think you're remembering Flash with rose tinted glasses. It's a scripted environment—you can make it do anything given enough time. Almost nobody ever did.
Adobe's Flex framework (now open source at Apache) made it possible to build a responsive layout in a few minutes... not much time needed at all (that's where the name "Flex" comes from). Some of the people who built Flex went on to build AngularJS at Google. There's nothing rose tinted about it -- Flash/Flex were definitely an important and positive influence on modern web frameworks.
[https://github.com/mozilla/shumway] [https://en.wikipedia.org/wiki/ActionScript]