Last January 12 seemed to be a normal day in the Chinese city of Dalian, located in the northeast of the Asian country. However, around 8:15 am, the train station computers began to fail. The operators that dispatch the railways were having bugs in their navigators, and the train schedules were not loading. The problem started with one computer, but it quickly spread to others and in just 30 minutes control of the schedules was completely lost.

Hours later, the same operators lost the ability to view and print the station's train information. This situation lasted until dawn the following day, when after almost 20 hours it was possible to bring the systems back online and operations were slowly restarted. In the retelling of the story, the team found that the flaw had been exclusively software related. 

A known suspect 

The software that failed has been eradicated for years and is called Adobe Flash. The crisis in Dalian was due to the remote deactivation of Flash by Adobe, its developer company. Flash's was a death foretold, since Adobe had warned that it would stop support for this tool on December 31, 2020. For its part, this same month of May 2021, Microsoft announced that in July it will publish a mandatory update for Windows which will remove Flash from the system.

These latest advances in eradicating Flash are the latest in a chain that began more than a decade ago. In April 2010, Steve Jobs (then CEO of Apple) made public his opinion on Flash and what it represented for the web. Within the points mentioned, Jobs stressed that Flash is proprietary software, that it is an inefficient platform and that it also does not translate well to a tactile world, such as that of computers. smartphones and tablets.

“You could say that Apple was the beginning of the end for Flash when the iPhone was released, because Flash didn't work on it. Adobe and others said they would bring Flash to the iPhone, but Apple was quiet at first ", says Scott Schiller, web developer and creator of the website isflashdeadyet.com. "In April 2010, Steve Jobs wrote 'Thoughts on Flash' in relation to the iPhone, etc., and made his position official." 

The glorious web design of the mid-2000s, with many pages requiring Flash to function. Picture: Wayback Machine

Since then, companies like Google, Microsoft and Mozilla have joined the opinion that Jobs shared about Flash. Schiller states: “Flash has been in decline for years. YouTube exclusively used Flash until 2010, when it started to introduce HTML5-based video playback. " Although YouTube was initially one of the most visited sites that used Flash, in 2015 the platform was completely and exclusively changed to HTML5, which offered all the multimedia advantages, but which is also an open standard and much more optimized.

Even in 2010, the world was moving much more towards battery-powered devices - such as smartphones and lightweight laptops. In this context, the optimization of the programs not only helps the programs to be more agile, but also to conserve battery since they are less demanding. This point is precisely touched by Jobs in his statement, explaining that web development standards must be able to balance multimedia performance, but without consuming battery excessively. 

What makes (or made) Flash so attractive?

Cases like that of the Dalian train station in China are not isolated. For more than 2 decades Flash became one of the most present elements on the entire web, whether in the public or in private networks. In its beginnings, When HTML was not yet intended for multimedia environments, Flash was presented as an easy and reliable way to bring elements such as audio or video to websites. 

“Web browsers could display images like JPEGs and GIFs, but there was no standard way to play MP3s or videos without installing plugins or other software. This ended up changing with the new functions of HTML5 "says Schiller. It was precisely because of this capacity for multimedia interactivity that many web game, ad and video companies chose Flash in the first place.

In the same way, this also led some companies to choose Flash as a tool for developing internal programs. To this are not only added examples such as the train control in Dalian, but also entire medical platforms who use Flash as the basis of their development in critical components such as medical records or remote care.

Today, these types of critical systems are especially vulnerable due to flaws that exist within Flash. In its time, Flash was built to deliver functions that HTML simply could not perform, but its growing portfolio of functions also increased the complexity of the code considerably, and with it the risks of attacks. Although Adobe released several security patches, it never set out to build more secure code. 

Report of vulnerabilities in Flash. Picture: Comparitech

Jobs wrote in his musings that in 2009, the computer security firm Symantec singled out Flash for having one of the worst security records. These insecurities had been growing since 2005, and by 2014 the number of vulnerabilities was growing year over year to a ceiling of almost 600 reported.

The alternatives are many

Today Flash is a technically dead technology, but the figures show that there is still some time to go before it completely disappears from our systems. Just last year, 3,2% of the 1.000 most visited sites across the Internet are still using Flash in some way or another, intentionally or sometimes even unknowingly. 

“In my opinion, the companies that still use Flash are fried; their material has been breaking down for a long time, and is being forcibly removed this year. Time to redesign, upgrade, move to HTML5 or a native application Schiller says. The multimedia functions of Flash –audio, video, sound, animation, etc.– can already be carried out by browsers without the need for additional software ”.

Even with Adobe and Microsoft trying to completely eradicate Flash from systems, the truth is that there will still be applications in business environments that refuse to update. Doing a simple search on Google, there are guides that explain step by step how to continue using and installing Flash even if Adobe itself is not offering support. 

In many cases, a possible solution is to use browsers that are also terribly insecure, such as Internet Explorer. Just a few days ago, Microsoft announced that it will stop offering support for Internet Explorer, another application that is widely used in business environments and that refuses to die. Here it is worth mentioning that Microsoft is now investing much more resources in Microsoft Edge, its new standard browser.

Today, there is no reason not to migrate from Flash to better standards like HTML5, CSS, and JavaScript. The public web is slowly eliminating the last remaining vestiges of Flash, and it is time for companies to say goodbye to old and insecure platforms such as Flash and Internet Explorer as well, to make the leap towards a more secure and open web.  

Main Image: Adobe