Skip to main content

The Future of Flash by Steve Cunningham

Enough time has passed since the release of Apple's iPad that the little tablet beasties are showing up in classrooms, resulting in a bit of rock star treatment, at least for the moment, for those few and fortunate students who happen to have one. It also brings to mind Apple's ban on Adobe's ubiquitous Flash animation software in both the company's iPhone and iPad products, a ban allegedly decreed by Steve Jobs himself. Steve has recently been quoted in the press describing Flash in less than enthusiastic terms, accompanied by a few choice vulgarities. Suffice it to say he believes Flash is a slipshod product that is responsible for most Mac crashes, contains sloppy code, and represents a security risk in that it is vulnerable to hacker attacks. In any case, it simply will not do to have Flash running on his newest devices.

Given the popularity of the iPhone among students, and the potential popularity of the iPad for use as a mobile browser and perhaps a textbook reader, what are the implications of Jobs' ban on Flash, including Flash video? How will it affect our ability as educators to engage students on the go with video content served from within a web browser running on an Apple product, a Google Android, or a Blackberry. What Jobs has done in banning Flash can be seen as a shot across the bow of his competitors in the mobile media market, and there will be fallout. Students have and will continue to consume media on their smart phones. It's reasonable to expect that they will want to watch video presentations from class while they're away from their apartments and dorm rooms, and they'll want to see them on their smart phones, which have become not only the preferred method of communication, but also of media consumption.

Jobs's answer to viewing rich media on an Apple mobile device is HTML5 and the H.264 codec, and he believes that this combination makes Flash unnecessary. The upcoming release of HTML5 represents a significant revision and expansion of the current HTML 4.01 language, and promises features that include an entirely new palette of code tags for media manipulation and presentation on websites. When combined with a new compression codec, Jobs believes HTML5 will deliver a media experience as good or better than does Flash, or so the proponents say. Unfortunately, HTML5 is still in its specification phase, and web developers don't see it coming into popular use for at least another year. Further, Apple is definitely not alone in the mobile market, and will have to contend with other players who favor other codecs. At the moment there is no leader and no consensus as to which codec will deliver the goods.

Apple believes the MPEG-4/H.264, the codecs used in the iTunes Store, is the ideal one to pair with HTML5. Unfortunately the H.264 codec is not open source, and the consortium who developed and owns it has stated that they will impose a license and royalties for use beginning in 2014. On the other hand, Google would like to make an end run around Apple by launching an open source/open license format codec, which should deliver nearly all the benefits of H.264. The folks at Mozilla, developers of the Firefox browser, have thrown in their lot with the open source Ogg Vorbis codec. Microsoft is sure to have its favorite choice as well, but the end result is that there is still much tension and confusion over which codec is best to pair with HTML5Additionally, there is no reason to assume that Adobe Flash will disappear quietly. The product has a near-monopoly in browsers; Adobe claims that their Flash Player is on 99 percent of Internet-enabled PCs worldwide. The market penetration of Flash video is equally impressive, whereby Flash video currently has somewhere on the order of a 75 percent market share on the Web, and has been a mainstay on sites including YouTube.

Unfortunately for Adobe, the security issues with Flash and especially Shockwave Flash are very real. The fundamental difficulty with Flash is that as a media wrapper, it will play or display nearly anything. Movies in .MOV or .AVI or .MPEG-2 format can be played, as can PDF documents and still pictures in .JPG, .TIFF, .PNG, and many other formats. Beginning in 2005, hackers discovered that .SWF files made a great vehicle for exploits known as cross-side scripting attacks, in which Flash files were used to transport malicious code into otherwise secure websites, where it could be further dropped on visitors to the sites. Over the years the exploits have mutated and Adobe has responded, but the attacks have continued. Just recently an exploit was discovered in which visiting a website caused a malicious PDF file to be displayed in a Shockwave Flash player running on a user's browser, and in the process a Trojan horse was dropped into the user's computer. That specific vulnerability has been patched, but the cat and mouse game continues. The fundamental problem is that Flash was never designed for security or any type of authentication. Rather, it was designed to play as many media formats as possible. Adobe has admitted that there is no good way for them to integrate content authentication into the product.

Spurred by Apple and watched by its competitors, the nascent movement to replace Flash video with a combination of HTML5 and a codec continues. Those of us who prepare and distribute media to students via the web would do well to watch the movement unfold. As Bette Davis once remarked, "It's going to be a bumpy ride."

Steve Cunningham is a Senior Lecturer of Music Industry at USC Thornton School of Music.