[belorn]

The keyword is lockdown.

I am all for giving hate to flash. It is commonly found vulnerable. It produce slow websites which eats memory and cpu. It has poor history in non-windows systems.

But in all, I have serious doubt this call was made for any reason beyond pushing users to their app-store. games? online experience? chat? By forbidding flash, companies are bit more forced to turn to apps with their products. Sure, things can still use javascript, html5 and web-sockets, but I would not trust web-sockets to be left alone if they seriously would start to threaten the app world.

Maybe I am just cynical, but follow the money argument looks to support it.

[brudgers]

"Lockdown" is not the correct term.

1. Flash isn't prohibited on Windows RT devices. This is distinctly different from Apple's approach with iOS, and Google has removed Flash from Android. [1]

2. Existing Flash websites will run on Windows RT devices. Windows RT will ship with the desktop version of IE10. [2]

Microsoft has made explicit what we all know. There are some websites that use Flash appropriately and in a way which benefits the person browsing, and there are websites whose use of Flash makes the web suck.

Having browsed the web for two years with Flash disabled by default, I'd add that here are a lot of sites which just use Flash for the sake of using Flash. When I don't see it, I still get the content I was seeking.

[1] http://www.readwriteweb.com/mobile/2012/08/adobe-flash-on-an...

[2] http://en.wikipedia.org/wiki/Windows_on_ARM#Limitations

[Karunamon]

What bugs me is the fact that we are forced (not a default list, not an opt out list, forced with no alternative if you want to use IE) to defer to Microsoft's judgement on what is a "flash appropriate" site and what is not. Did Newgrounds make their list? Shockwave? Pogo?

Quite frankly, I don't trust them with that power. This is the company that just got off of "monopoly probation".

I'm starting to really tire of this trend where developers lock away even power user settings (like the ability to decide what fucking plugins run in your browser) in the name of "security".

[marshray]

Read the guidelines http://msdn.microsoft.com/en-us/library/ie/jj193557%28v=vs.8...

> We place sites with Flash content on the CV list if doing so delivers the best user experience in Internet Explorer 10 with those sites. For example, how responsive is the content to touch? Does it work well with the onscreen keyboard, or affect battery life? Do visual prompts comply with the Windows Store app user experience guidelines? Sites that rely on capabilities (for example, rollover events and peer-to-peer (P2P) functionality) that are not supported within Windows UX guidelines for Windows Store apps, and don't degrade gracefully in their absence, are better off running in Internet Explorer 10 for the desktop with Flash.

It sounds to me like they're just saying they don't want plugins screwing up their shiny new UI. If you want to run your arbitrary plugins, just do it with the classic desktop version of the browser.

[Karunamon]

>It sounds to me like they're just saying they don't want plugins screwing up their shiny new UI.

The end user's shiny new UI. That's why this leaves a bad taste in my mouth. Why not just make Flash click to enable? That'll stop ads and most other shenanigans while still making things that users want to access (and haven't been blessed by MS for whatever reason) still able to access them.

[marshray]

> Why not just make Flash click to enable?

"Developers with sites that need plug-ins can use an HTTP header or META tag to signal Internet Explorer 10 to prompt the user to switch to Internet Explorer for the desktop."

[belorn]

I would indeed be surprised if they had written "Any commercial competing products to anything in our app-store will also be rejected". It would just surprise me more that removing a large portion of the competition did not add into the decision.

[bskap]

It's got nothing to do with competition. Silverlight is also not allowed in the Modern IE10.

[brudgers]

"forced with no alternative if you want to use IE"

Again, Windows RT is expected to ship with the desktop version of IE 10. This means that for most practical use cases, any Flash website can be browsed by any version of Windows 8 - except phone which currently doesn't support Flash at all.

Microsoft didn't come up with the walled garden. They didn't lead the industry in the rush to vilify Flash. And they certainly aren't at the forefront of collecting and selling user data to advertisers and marketers.

[antidoh]

Heck, don't even consider monopoly. More practically, how could they ever keep up? Whitelisting the internet for other people is impossible to keep up with.

[TheGateKeeper]

If you want to talk about problems, let's talk about plugins themselves. They're horrible and should never have been created. Hell, even they were a response to horrible websites which browsers had to deal with. Anything short of proper browser development would of course necessitate having plugins for your browser.

[Karunamon]

>They're horrible and should never have been created.

Do you have a better way to add functionality to a closed source browser?

[TheGateKeeper]

That's the problem right there. Do you really need something more than an html/php/js/css web browser?!

[Karunamon]

You're absolutely right. Who needs rich, interactive media? It's not like Flash powers some of the top sites on the entire freaking internet.

Before you say "HTML5", not there yet, and didn't exist in the period back when Flash became popular.

Please stop being so dogmatic, this is software development, not religion.

[Liongadev]

Oh yes! Thats why flash has 99% penetration, because nearly everyone needs it.

[cooldeal]

>I'm starting to really tire of this trend where developers lock away even power user settings (like the ability to decide what fucking plugins run in your browser) in the name of "security".

That train has already left the station, with iOS and Apple unable to keep iDevices in stock.

[antidoh]

I also run with flash disabled, which helps me not see flash ads (I don't mind non-flash ads). And there's very little actual content that I miss.

Another benefit, that practice immediately reveals the odd flash-only site, showing me a big empty box. I usually bail immediately on those, because there's usually no good reason to do that, so I assume there's a bad reason.

That said, I would rather be the one deciding whether to watch flash or not.

[Aissen]

> Google has removed Flash from Android. [1]

Nope, Adobe did. Even your link says so.

[biafra]

Where does your linked article say that Google removed Flash from Android? It seems Adobe removed Flash from the Play store. How is that the same?

[marshray]

> I have serious doubt this call was made for any reason beyond pushing users to their app-store

Never thought I'd be saying this, but it looks to me like they want to push everyone away from Flash towards web standards like HTML5.

> I would not trust web-sockets to be left alone if they seriously would start to threaten the app world

Windows 8 hasn't even been released yet, so 'app store' apps hardly hold an entrenched position worth protecting. MS needs open standards and a thriving crossplatorm ecosystem more than anyone.

[belorn]

While not released yet, the concept of walled garden and app-stores holds a very existent entrenched position in the commercial mind. I too believe MS need open standards and a thriving crossplatform ecosystem, but I hear more "lets emulate Apple" than I hear "lets emulate linux".

I am cynical. I believe MS want to copy what ever method is currently earning any other software company most money in the shortest term. App-stores keep being portrayed as the one great place where money is earned on software. Like many, I am also tired beyond reason of the word "app". I still see ads in the street that talk about "get our app!" as it would be completely different to say "Buy our software". Sooner or later, that bubble will burst, but until it does, I will doubt the motives of any move that cut of competitor in favor of an app-store which one single entity control.

[dmethvin]

Sorry but I just can't follow the logic here.

The Flash whitelist is only for the formerly-called-Metro immersive browser that will primarily be used on touch-based tablets. It does not affect desktop IE10.

Many Flash apps were designed for big screens and mouse interaction where pointer precision is great. Now you're throwing them onto a screen that's smaller and using a fat finger to emulate a pointer when the Flash app's target areas weren't designed for that.

Now certainly, some Flash apps will work. Other apps will not because they just weren't built with this environment in mind. If the user ends up running one of the apps that fail, they will have a bad experience. It happens all the time with the iPad where Flash doesn't work at all.

To improve the experience, you could make a whitelist of apps that work, or a blacklist of apps that fail. Which implementation you might choose would depend on whether you expect more good or bad apps, the complexity of managing the list, the impact of failure on the user, etc.

Is this really so controversial?

[zimbatm]

How is having an empty rectangle a better experience than a maybe broken flash app ?

Using your argument they should also whitelist websites because some of them have bad interfaces or inappropriate content. For example some drop-down menus only open on hover and so won't work with touch interfaces.

[randomfool]

I much prefer Chrome's approach to locking down Flash- put it in a (much more) secure sandbox.

http://chrome.blogspot.com/2012/08/an-even-more-secure-flash...

Microsoft could have taken the approach of running Flash in it's own Win8 app container, but apparently wanted to put as little effort into it as possible.

[belorn]

Chrome efforts are without doubts to tackle the security concerns of flash, and in that I wish them all the best.