The more complex software is, the more potential security flaws and memory leaks...

vesinisa · on Nov 29, 2016

> Same arguments can be made for Flash: Plugin's developer can fix it without waiting for browser. Disable the plugin and use the same browser.

Not exactly comparable. Flash, at its height, had pretty much the "multimedia in browser" market cornered with draconian vendor lock-in effects. They didn't need to hurry that much with fixing issues, because what are you gonna do if you are not satisfied with the Adobe Flash plugin? Run your favourite Flash game with Microsoft Silverlight? Use the open-source plug-in that could only run some Flash 1.0 animations?

At least with browsers you can easily switch vendors (the whole point of standardization and techs like WASM), or even fork your own.

Even if I don't like Apple or Steve Jobs that much, I must say they did one great thing killing off Flash by not allowing it on the original iPhone.

bobajeff · on Nov 29, 2016

That's all well and good but what would you have us do? Move all web app development over to the Flash Player and disable JavaScript (and JS APIs) in browsers? We have to reduce the attack surface somehow.

Oh, and guess what? We now have no browser competition because all the relevant parts are in the Flash Player and good luck motivating Adobe to fix issues with it now that it's basically a requirement to run a browser. Oh, and now they could charge everyone to access it if they want.

phaser · on Nov 29, 2016

The difference is that Flash, being proprietary, Adobe is the only party allowed to fix a memory leak. HTML5, a standard, can have many proposals, discussions and implementations on how to fix issues.

BatFastard · on Nov 29, 2016

Seriously? Have you ever seen something fixed faster by a committee then by a vendor who has a large financial incentive to protect?

I want to live in your world!

corysama · on Nov 29, 2016

No difference conceptually. Huge difference in practice when looking at the track records of the two approaches.