Adobe's Flash Player 10.2 to Offer Up to Ten-Fold Improvement in CPU Efficiency

[AppleFan1984]

FlashBlock and BetterPrivacy (both anti-Flash-focused extensions) get over 40,000 downloads a week each from Firefox users. An amazing number considering most people have no idea about the negatives of Flash. Or even what Flash is.

And that doesn't count the people who use Adblock to block flash content.

I don't think it's isolated to Mac discussion forums.

True, but what that tells us is that a good many people want more control over their browsing experience, not necessarily that they hate Adobe or think they're "lazy".

Algorithmically moving a lot of pixels around will simply take more horsepower than not. That people are taking an interest in exercising the options at their disposal to better govern both their CPU/battery use and security is a good thing.

But it also raises a question for the future:

While the transition to HTML5 will continue to be a long slow process for a while, it's as inevitable as HTML6 and beyond. Things move forward, and plugins of all kinds will increasingly become passe.

But will we have the same ability to control our CPU/battery use and security when plugins eventually go away?

Bounds checking still seems a lost art with many programmers, so buffer overrun exposures continue to be a major source of exploits. It's not like plugins are inherently evil; all software of any significant size will always have bugs and risk exposures.

Moving from a bytecode-driven plugin to a raw-XML-to-bytecode interpreter is no panacea for performance, and as millions of new lines of code become introduced into the browser code bases we can expect new types of security risks as well.

This doesn't mean browser programmers are "lazy" (though I've heard suggestions from some that inadequate bounds checking should become the basis for criminal negligence suits <g>), it just means software is a complex thing to do.

 

[BaldiMac]

True, but what that tells us is that a good many people want more control over their browsing experience, not necessarily that they hate Adobe or think they're "lazy".

I never made any comment of the sort.

While the transition to HTML5 will continue to be a long slow process for a while, it's as inevitable as HTML6 and beyond. Things move forward, and plugins of all kinds will increasingly become passe.

But will we have the same ability to control our CPU/battery use and security when plugins eventually go away?

We should have more control, because we are not relying on one company (Adobe) to provide us with the control. Right now, we can disable flash, or not (for the most part) on a global or site by site basis. With HTML5, we would have the ability to block animations, but not videos. Or make sure videos or animations don't play until we click them even if we allow them to load with the rest of the page. We could even choose a browser that changes the controls on the video player.

Biggest issue will be lack of DRM across browsers for sites like Hulu. That's an area will Flash will remain the best solution for now.

 

[Jimmy James]

How can it be so much quicker when it was "fine" to begin with?

 

[AppleFan1984]

You're missing my point. My browser has a setting to disable cookies. Flash ignores that setting.

Cookies != Flash.

Cookies are a browser feature, and plugins are separate programs that run inside of a browser.

Yes, I'm aware that not-very-computer-savvy senators are asking for an explanation from Adobe on this, but given the general lameness from Congress on nearly all technology issues I'd be surprised if anything comes of it beyond, "Oh, okay, thanks for the explanation."

It has it's own settings that were hidden from the user until Flash 10.1.

I can't say for sure when I started using that panel, but I could have sworn I first saw it years ago, long before 10.1. But in the interest of civility I'll take your word on it.

To get to the global settings, you had to go to a website if you happened to find out that it even existed. It was not available from the context menu (where other Flash Player settings were located.)

http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html

Macromedia? Seriously?! How would a user trust that!

Well, as the original manufacture I would imagine many would. Why should one expect that the company that made the plugin would not be able to assist you with its settings?

Similarly, Flash ignores Private Browsing mode, local storage settings, and cache settings set in the preference panel of the browser.

And Flash cookies and storage are accessible across all the browsers on your system that access the plugin.

Again, those are browser features and not plugin features.

I agree that the whole plugin paradigm is living in its last days. But it's not like Adobe created the spec, and it's not like they're the only ones who make a plugin that isn't tailored for the custom optional features of every browser it runs in.

The whole thing seems to basic I'm surprised these threads go on so long:

If you like Flash, use it. If you don't, don't.

 

[AppleFan1984]

I never made any comment of the sort.

True, I was quoting Steve Jobs on that.

We should have more control, because we are not relying on one company (Adobe) to provide us with the control. Right now, we can disable flash, or not (for the most part) on a global or site by site basis. With HTML5, we would have the ability to block animations, but not videos. Or make sure videos or animations don't play until we click them even if we allow them to load with the rest of the page. We could even choose a browser that changes the controls on the video player.

Where are these options in Safari?

Biggest issue will be lack of DRM across browsers for sites like Hulu. That's an area will Flash will remain the best solution for now.

True dat. But since the new video tag is just a placeholder it seems a good invitation for those making the actual playback engine to step in to handle DRM.

 

[BaldiMac]

Cookies != Flash.

Cookies are a browser feature, and plugins are separate programs that run inside of a browser.

Yes, I'm aware that not-very-computer-savvy senators are asking for an explanation from Adobe on this, but given the general lameness from Congress on nearly all technology issues I'd be surprised if anything comes of it beyond, "Oh, okay, thanks for the explanation."

Why is there a distinction? Flash LSO are commonly called Flash cookies or supercookies. Would it not be more reasonable and user-friendly to treat them the same as other cookies? Especially since it is obvious as to the users intention when they block cookies and DOM storage.

This argument isn't just principle. It's a conscious business decision by Macromedia/Adobe to supersede the users wishes. It's why Flash is so popular with advertisers.

I can't say for sure when I started using that panel, but I could have sworn I first saw it years ago, long before 10.1. But in the interest of civility I'll take your word on it.

The panel has existed (since Macromedia, obviously). It just wasn't user accessible through the plugin context menu in the same way object specific settings were. 10.1 added "global settings" to the context menu. Before you had to do a web search to find out the global settings panel even existed.

Well, as the original manufacture I would imagine many would. Why should one expect that the company that made the plugin would not be able to assist you with its settings?

Macromedia does not exist anymore. Adobe bought them five years ago. It's not reasonable to assume that people still associate the Flash plugin with Macromedia and not Adobe. (And a fine example of "lazy" on the part of Adobe Flash Player developers.)

Again, those are browser features and not plugin features.

I agree that the whole plugin paradigm is living in its last days. But it's not like Adobe created the spec, and it's not like they're the only ones who make a plugin that isn't tailored for the custom optional features of every browser it runs in.

The whole thing seems to basic I'm surprised these threads go on so long:

If you like Flash, use it. If you don't, don't.

Again, why the distinction? Wouldn't it be more user-friendly for a plugin to respect those browser settings. Especially when the plugin's own settings are intentionally hidden from the user.

True, I was quoting Steve Jobs on that.

He has a whole lot more information on Adobe than most in this forum. And very high standards. It's a matter of opinion whether those standards are reasonable or not. But its disingenuous to quote him out of context.

Where are these options in Safari?

You were asking about the future, not the present. And in the future, if the browser you choose does not do what you want, you can switch browsers. You don't have that option with Flash.

True dat. But since the new video tag is just a placeholder it seems a good invitation for those making the actual playback engine to step in to handle DRM.

But there is no way to make a cross-browser DRM. DRM relies on a hidden key. If the key is shared with anyone that wants to make a browser, it isn't hidden.

 

[AppleFan1984]

Why is there a distinction? Flash LSO are commonly called Flash cookies or supercookies. Would it not be more reasonable and user-friendly to treat them the same as other cookies? Especially since it is obvious as to the users intention when they block cookies and DOM storage.

I think it's a more subtle, philosophical point, not so cut and dried.

Should all forms of local storage be governed by one setting?

If so, why does Apple's Safari provide separate settings for cookies and other forms of local storage? If not, why should Apple get a free pass on that.

Forgive me if I misinterpret, but it would appear that you prefer to single out Adobe data specifically here, rather than looking for general usability guidelines which might improve things for the user.

With all due respect, I think we're down to picking fly poop from pepper on that, so you're welcome to have any last word you think would be helpful but I've nothing more on a point so small.

Macromedia does not exist anymore. Adobe bought them five years ago. It's not reasonable to assume that people still associate the Flash plugin with Macromedia and not Adobe. (And a fine example of "lazy" on the part of Adobe Flash Player developers.)

One man's "lazy" is another man's "backward compatibility".

A lot of people bookmark links, or have links embedded in their sites and Flash apps, and it's a drag when companies don't make an effort to preserve URLs going forward.

The Flash Settings page is clearly branded with Adobe logos all over it, so with the URL reflecting the original maker I see that as a plus rather than a minus. Maybe others feel differently, but honestly this isn't a point I've seen anyone else bothered by before.

He has a whole lot more information on Adobe than most in this forum. And very high standards. It's a matter of opinion whether those standards are reasonable or not. But its disingenuous to quote him out of context.

Man, you're really into this aren't you. Tell ya' what: feel free to copy the entire quote here if you feel it's actually more flattering to himself or to Adobe, and I'll gladly apologize in advance for my quoting him out of context.

That said, the word "lazy" is so commonly associated as being something Jobs said about Adobe that this search yields more than half a million headlines which provide no more context than my offhand remark:
http://www.google.com/search?q=jobs+adobe+lazy

You were asking about the future, not the present. And in the future, if the browser you choose does not do what you want, you can switch browsers. You don't have that option with Flash.

That's not the future I want to live in. We have to throw our favorite browser away and use something else just to be able to turn off JavaScript as easily as we can turn off Flash today?

Maybe I'm optimistic, but I see a simpler future in which people will have the same level of control over browser features as they currently have with plugins.

But there is no way to make a cross-browser DRM. DRM relies on a hidden key. If the key is shared with anyone that wants to make a browser, it isn't hidden.

You may have just convinced me that Flash has a future after all.

 

[FloatingBones]

Have you considered simply turning it off? Or uninstalling it?

Why? What from what I've said would possibly lead to that question?

The notion that Apple somehow forces you to use software you don't want isn't fair to their excellent OS design.

Again, you missed the point.

The question is why Adobe didn't natively provide a way to selectively run flash apps. Adobe has never -- and probably will never -- provide a way to only run the flash apps that I want to run. It took third-party developers to finally muzzle Flash.

Adobe cares far more about the developers than the user experience. You see it in the lack of fine-grained control of running Flash. You see it in the fact that Adobe doesn't give a rat's a.. about the abuse of Flash cookies. You see it in the different behavior of the UI in Flash windows than the rest of my Mac

 

[AppleFan1984]

Why? What from what I've said would possibly lead to that question?

When you wrote:
"The fundamental mindset of Flash is wrong. Nobody gets to run programs on my computer without my permission. One very good side-effect of all the Flash bruhaha is that more people realize that they can control when Flash runs on their machine."

Right, you can turn it off. You can do so entirely, or use an extension to do it selectively if you sometimes like to run Flash.

It's up to you. You're in the driver's seat. Steer as you like. Enjoy.

Sure, maybe Adobe's run by a satanic cult of space aliens looking to take over the planet so they can kill our kittens. Whatever.

It's just software, man. Use what you like, don't use what you don't like.

Have a better day.

 

[BaldiMac]

I think it's a more subtle, philosophical point, not so cut and dried.

Should all forms of local storage be governed by one setting?

If so, why does Apple's Safari provide separate settings for cookies and other forms of local storage? If not, why should Apple get a free pass on that.

Forgive me if I misinterpret, but it would appear that you prefer to single out Adobe data specifically here, rather than looking for general usability guidelines which might improve things for the user.

You are ignoring the part were Adobe has intentionally hidden their settings. If Flash Player added settings to the browsers preference panel to control LSOs, I wouldn't have a problem with this aspect of Flash.

It's about user expectations. If a user enters Private Browsing mode or the equivalent in other browsers, they do not expect a local record of the sites that they have accessed.

If they disable cookies, they don't expect local objects to be set that allow them to be tracked across multiple websites.

One man's "lazy" is another man's "backward compatibility".

A lot of people bookmark links, or have links embedded in their sites and Flash apps, and it's a drag when companies don't make an effort to preserve URLs going forward.

Because redirects are unheard of on the web? Or maintain the old link for backwards compatibility and a current one at adobe.com. Or more completely, add the settings to the browsers preference panel where people expect to find them. Even a local preference panel accessible from the context menu would be preferable to the current situation.

The Flash Settings page is clearly branded with Adobe logos all over it, so with the URL reflecting the original maker I see that as a plus rather than a minus. Maybe others feel differently, but honestly this isn't a point I've seen anyone else bothered by before.

How is that better? That's the very description of how phishing attacks work!

Man, you're really into this aren't you. Tell ya' what: feel free to copy the entire quote here if you feel it's actually more flattering to himself or to Adobe, and I'll gladly apologize in advance for my quoting him out of context.

That said, the word "lazy" is so commonly associated as being something Jobs said about Adobe that this search yields more than half a million headlines which provide no more context than my offhand remark:
http://www.google.com/search?q=jobs+adobe+lazy

I was referring to the first time you used the word lazy where it appeared that you were attributing it to my argument. Again, it's a matter of opinion and context. Whatever. It's not important to this discussion at all.

That's not the future I want to live in. We have to throw our favorite browser away and use something else just to be able to turn off JavaScript as easily as we can turn off Flash today?

Maybe I'm optimistic, but I see a simpler future in which people will have the same level of control over browser features as they currently have with plugins.

Huh? You can turn off JavaScript with one checkbox today in most browsers. You can even turn off certain features of javascript in some browsers. Firefox lets you disable hiding the status bar or raising and lowering windows through javascript. These are examples of the more fine-grained control that you would have with HTML5 vs Flash.

I never suggested at any point that you would have to throw away your browser. You would simply have the option to change your browser if you found that a different browser gave you the features that you wanted.

You may have just convinced me that Flash has a future after all.

I never said it didn't.

 

[AppleFan1984]

If Flash Player added settings to the browsers preference panel to control LSOs, I wouldn't have a problem with this aspect of Flash.

Does Apple provide an API for a plugin to do this in Safari?

 

[BaldiMac]

Does Apple provide an API for a plugin to do this in Safari?

I don't know. Safari Cookies adds a preference pane. Many extensions have options under the tool menu of Firefox. ClicktoFlash adds preferences under the Safari menu.

Regardless, there are better solutions than hiding your preferences on a website. (Yes, this was improved with 10.1.)

 

[Dr McKay]

HTML5 - Roughly 40% CPU usage
Flash 10.2 (10.2.151.49) - Roughly 80% CPU usage

Tested on an iMac with a 4850 that doesn't have hardware acceleration in either HTML5 or Flash on the following video running in 1080p: http://www.youtube.com/watch?v=Ou6_MkIvKOo

Try harder, Adobe.

Full 1080p Tron Trailer running in Youtube in old version of flash.

Apples HTML 5 Trailer at whatever Res it runs in

 

[FloatingBones]

Cookies are a browser feature, and plugins are separate programs that run inside of a browser.

Yes, I'm aware that not-very-computer-savvy senators are asking for an explanation from Adobe on this, but given the general lameness from Congress on nearly all technology issues I'd be surprised if anything comes of it beyond, "Oh, okay, thanks for the explanation."

Actually, those far more informed about privacy and security issues are not happy with Flash cookies.

Well, here we are now, more than half of the Internet sites are using Flash cookies. The only reason they would be doing that is that they're no longer happy with the tracking they're getting from regular cookies. And what that means is, since still all browsers default to having cookies enabled, since that was part of the original specification for the web was that a server can give a browser client a cookie, which it will then return in order to identify itself. Well, users don't want to be tracked, so they're turning their browser cookies off. But websites are not accepting their choice not to be tracked. They're saying, well, we're going to track you anyway. Even though you've disabled your browser cookies, we're going to be even more sneaky because our website requires Flash, and everybody pretty much has Flash who's on the 'Net now. So where possible, we're going to give you an even stickier cookie through the Flash mechanism in order to hold onto you. Which, you know, doesn't seem right, but that's what's going on. More than half of the Internet's top sites.

I agree that the whole plugin paradigm is living in its last days. But it's not like Adobe created the spec, and it's not like they're the only ones who make a plugin that isn't tailored for the custom optional features of every browser it runs in.

Adobe can't have it both ways. If they think that Flash is essential to "a full web experience", then their flash cookies should honor the existing browser privacy rules. If Flash doesn't do that, they deserve to be blasted by the FTC and our security experts.

 

[Swift]

I actually believe Adobe will pull this off. I just downloaded Reader 10 (windows) and it's a HUGE improvement in efficiency and usability. It's almost as if Apple made it.

Gee, it almost makes you overlook the fact that, for a year now, Reader has been one of the primary vectors for malware on Windows!

 

[FloatingBones]

When you wrote:
"The fundamental mindset of Flash is wrong. Nobody gets to run programs on my computer without my permission. One very good side-effect of all the Flash bruhaha is that more people realize that they can control when Flash runs on their machine."

Right, you can turn it off. You can do so entirely, or use an extension to do it selectively if you sometimes like to run Flash.

The mindset is wrong: Adobe never provided a means to run Flash selectively.

It's up to you. You're in the driver's seat. Steer as you like. Enjoy.

That is only true for people who know about the third-party click-to-flash blockers. I've educated a lot of people; they've all been grateful.

Sure, maybe Adobe's run by a satanic cult of space aliens looking to take over the planet so they can kill our kittens. Whatever.

Sounds like a colossal straw man.

OTOH, it is pretty clear that Adobe's priority is on the developer and not on the user experience.

 

[UTclassof89]

... it is pretty clear that Adobe's priority is on the developer and not on the user experience.

The developer is responsible for the user experience, not Adobe.

The thing that's given Flash its bad rep. is bad developers.

If enough people create unintuitive, needlessly CPU-intensive HTML5 sites, HTML5 will get a bad rep.

 

[samab]

The developer is responsible for the user experience, not Adobe.

The thing that's given Flash its bad rep. is bad developers.

If enough people create unintuitive, needlessly CPU-intensive HTML5 sites, HTML5 will get a bad rep.

I agree 100%.

If a website designer is going to build an idiotic 1 minute to load H.264 flash video splash screen, he is going to build the same idiotic 1 minute to load webM HTML5 video splash screen.

 

[MacSignal]

Yeah, it has many advantages to a Flash blocker. John Gruber wrote a nice piece with instructions called Going Flash-Free on Mac OS X, and How to Cheat When You Need It take a look at that, it's really worth it. I use Nightly Builds of Webkit and it has crashed once on me since I uninstalled Flash!

Nice info! Thanks for the link.

Although I agree with those who say Flash is not going away soon, I also agree with those who suggest momentum is moving away from Flash now. I would still welcome improvements in Flash, but I will also continue to embrace the alternatives and use those whenever possible.

 

[FloatingBones]

The developer is responsible for the user experience, not Adobe.

The thing that's given Flash its bad rep. is bad developers.

That's interesting, because it is changing.

Apple has determined that it has some responsibility for the user experience of third-party iOS apps in the app store.

Adobe didn't have to leave the barn door wide open with its Flash cookies. Should we be Shocked! Shocked! that some developers are abusing these cookies?

Did you notice that Flash apps have to be re-built to achieve the CPU efficiency? That's another flag that Adobe doesn't give a hoot about the user experience. Will developers be motivated to update their Flash? How will the end-users know what apps have been updated and which haven't?

The real value of Flash is total portability. Why the heck couldn't Adobe have figured out how to shuffle the code in the Flash engine itself?

If enough people create unintuitive, needlessly CPU-intensive HTML5 sites, HTML5 will get a bad rep.

You are right. This could be a huge problem.

 

[Hal Itosis]

Cookies != Flash.

Look here brother, who you jivin' with that cosmik debris?

• adobe.com:
  
  Local shared objects (LSOs) are like browser cookies.​
• eff.org:
  
  But it turns out that the cookie situation is quite a bit trickier today, and sites that want to track users have new technical options that are hard for users to respond to. The traditional "cookie" is an HTTP cookie, invented by Lou Montulli and John Giannandrea at Netscape in 1994. But today many browsers implement a range of things with the same kind of cookie-like tracking behavior -- mechanisms that are far less familiar, harder to notice, and often harder to control.​
• epic.org:
  
  United Virtualities (UV), an online marketing firm, has introduced a tracking platform that takes advantage of the relative obscurity of Flash cookies. To justify this tracking mechanism, UV's Tenembaum said, "The user is not proficient enough in technology to know if the cookie is good or bad, or how it works."
  ​
• informationweek.com:
  
  "A lot of media players come with identifiers embedded in them to track content usage and digital rights management," Chris Hoofnagle, director of the Electronic Privacy Information Center's West Coast office, said. "With respect to Windows Media Player and now the Macromedia player, we're realizing that the media players themselves are creating privacy risks."​
• businessinsider.com:
  
  Covario CEO Russ Mann said in a company point-of-view issued to clients that "in the new Adobe media world, video developers and agencies will build Adobe Flash creative with Omniture tracking codes implanted from the beginning. This will enable them to track the views and virality of that creative across the web, and perhaps begin to micro-charge for every view, partial view or forward of their content."​

Flash (plugin/player) == cookie (purveyor/proliferator)

 

[munkery]

I wish this were 64-bit. I use the 64-bit version of Firefox 4 and my only Flash solution is to stick with Square Preview 3.

I believe Flash Player Square already has all the feature of Flash Player 10.2 beta. No?

For those that do not know, Flash Player Square is a 64 bit version of Flash Player.

 

[FloatingBones]

Look here brother, who you jivin' with that cosmik debris?
[...]
Flash (plugin/player) == cookie (purveyor/proliferator)

Bravo. Thanks for the well-researched, well-argued and nicely-displayed argument.

One other note: Steve Gibson has discussed toolkits where Flash cookies and code were used to reinstate browser cookies:

It turns out that a major provider of web analytics, a company called Quantcast, had been, for who knows how long, one of the services they were offering to their clients, Hulu being one that was mentioned, was to reinstate browser cookies that the user deliberately deleted by using the Flash cookies.

I believe that Quantcast has dropped this service to their clients; it was just too blatant an abuse of Flash cookies. But the code is clearly out there. Even if AppleFan1984 is in denial that Flash stores user data in cookies; they can clearly function to circumvent users' privacy directives with browser cookies.

If it walks like a duck and quacks like a duck ...

 

[moderately]

Actually, those far more informed about privacy and security issues are not happy with Flash cookies.





Adobe can't have it both ways. If they think that Flash is essential to "a full web experience", then their flash cookies should honor the existing browser privacy rules. If Flash doesn't do that, they deserve to be blasted by the FTC and our security experts.

It has been mentioned upthread but I will say it again Safari Cookies http://sweetpproductions.com/safaricookies/
will let you manage flash cookies and databases. Works sweetly.

 

[FloatingBones]

It has been mentioned upthread but I will say it again Safari Cookies http://sweetpproductions.com/safaricookies/
will let you manage flash cookies and databases. Works sweetly.

Thanks for the reference to the cookie manager.

My issue is that Flash is doing a bad job managing the privacy for all users. In an earlier thread, an Adobe representative sounded shocked that Flash cookies would be abused. Of course they will be abused -- businesses will use any hook and crook available to try to track users. If their path through browser cookies is blocked, some will use Flash cookies.

Adobe's focus is on their developers and not on the end-user experience.

I am worried about the large general issue with identity leaking, and Flash is a big part of the problem. Adobe has been unwilling or unable to address those problems.