Meanwhile, back at Adobe Labs

Prezi exposes Flash's rotten core
Prezi exposes Flash’s rotten core

A colleague recently showed off a slide presentation created using, a Flash-based slideshow program. (The home page of this site is atrocious, which is not a good sign, but I think the idea is actually better than you might guess from the home page.) The basic idea of Prezi is really simple and neat — instead of slides you simply build a giant poster and each slide is simply a subview of this giant poster. The thing that struck me about this is that:

  1. It’s very clever and simple,
  2. I don’t think it will be useful for most presenters who have enough trouble putting together interesting slides as things are, and
  3. It doesn’t work very well (basically, the second slideshow I tried out was a speaker’s package for TED presenters (not that I am or ever will be one) and the frame rate dropped to something like 2fps while performing a simple transition in a small rectangle on my screen — on my late model Dell desktop).

And the reason it doesn’t work very well is Flash.

To be fair, the slideshow that first annoyed me was heavy with bitmaps, so I tried out some really simple slideshows and discovered that it is fully capable of choking on a pretty much empty page (my guess is Flash is really bad at culling — which is a technical term meaning “figuring out what isn’t visible and not wasting time on it”) and surprisingly bad at rendering text (quite a few “prezis” seem to have text so badly misrendered as to be illegible).

The problem with Flash isn’t that it’s not optimized for Macs.

The problem with Flash is that it’s just not very good.

Would all this work better in HTML5? Not without a lot of clever programming. And producing something like Prezi in HTML5 would be a lot more work than doing so in Flash. The problem is that Flash is a “mature” product — it’s been through four scripting languages, multiple virtual machines, and over 10 versions of the IDE (I can’t remember what version FutureSplash Animator was at when it was acquired by Macromedia). Normally, maturity means that a product will have all this deep functionality, but Flash’s utility basically boils down to “it makes it easy to create custom video players”.

If you want a really tragic example, go to Adobe’s online store (yeah, it’s one of those sites that requires you to tell it where you are rather than automatically guessing and letting you override it if it guesses wrong). For some reason, Adobe has chosen to implement its store entirely in Flash instead of, say, HTML. As a result, it looks a lot like a web page but everything works much worse. For example, on Macs mouse-scrolling isn’t supported. On Windows it’s supported but it’s jerky and annoying (versus smooth-as-silk for most web pages of similar complexity in any browser on the same hardware). But hey, it’s only been 15 years and 10 (.1) versions — we’ll get to it.

Basically, if you’re using Flash to display thumbnails, captions, and a few UI widgets it works OK.

Thanks to bad press from Steve Jobs, Adobe suddenly got the performance religion with Flash Player 10.1, which it’s now touting all over the place, but the sad thing is that Flash still doesn’t do anything smart when simply drawing stuff on the screen — and that’s its core functionality — it also implements a whole library of UI widgets that don’t work properly, and it has an IDE which has an absolutely infuriating UI* and still screws up common tasks like importing graphics (from both Illustrator and Photoshop).

That said, Photoshop CS5 looks like being totally awesome.

* e.g. some panels won’t dock as tabs to other panels but need to be on their own, the code view of an external ActionScript file doesn’t go in Action panel where internal code goes so if you want your code in nice large panels you need to constantly futz with the UI, the online help is now on Adobe’s website which by default does not search through Flash’s ActionScript documentation and also, by default, shows links to random outside websites rather than Adobe’s official documentation (you’re pretty much better off using Google to find docs or online help for Adobe products these days).

99% Penetration

Adobe has for many years touted very high penetration figures for Flash, and I’m sure that, broadly speaking, they’re not too far from the truth. Almost everyone using a PC has some version of Flash or other installed. Now while the 99% figure is kind of stupid for obvious reasons, let’s stick with PCs and Flash to be as “fair” as possible to Adobe. While it’s interesting to look at their methodology, it’s positively enlightening to look at their sample survey.

Adobe hires a consulting company to determine the penetration of Flash at has gotten 99% for Flash 7 (+/- 3%!). It does this by sending out emails and then measuring the Flash usage of respondents. How does it pick who gets an email? Exactly what kind of person responds to such an email? (The sort of person who has Flash installed, apparently.)

But, now, look at the survey: it’s pretty easy to write code that sits in a web page and silently determines whether or not Flash is installed and if so which version. You could fairly easily produce a web page that simply (a) loaded an invisible Flash file, (b) checked to see if the Flash file loaded, (c) then have the Flash file (if it’s running) interrogate the Flash runtime to determine the exact version of Flash installed, and finally (d) report your findings to your server — all without so much as requiring the user to look at the screen. “Thank you for participating in the survey” would be all you needed. Heck, you could piggyback a questionnaire for one of your other clients on the back of your survey and make more money. Even if you went on to ask “can you see the fish” questions, you could use the automated results as a reality check.

But that’s if you’re actually trying to get a correct result, as opposed to get repeat business from a customer in whose interest it is that you report the highest possible penetration values to.

Imagine you’re the kind of person who clicks on links in emails from marketing companies. Do you have ClickToFlash installed? Probably not. (Does someone, like me, with Flash 10.x installed but blocked by ClickToFlash count as a yes?) A web page with three long paragraphs of text the last of which implores the user NOT to click “Get the Plug-in” and a “Plug-in Not Loaded” dialog appears. We’ve established that you’re the kind of person who clicks links in emails from marketing companies, so what happens next? Do you read three paragraphs of text, NOT click “Get the Plug-in” (and screw you if you’re not running IE under Windows 95 and the dialog you got bears no resemblance to their example), and then complete the idiotic “do you see a fish” questionnaire? Or do you click the default button, then do the survey?

And this is how you can confidently claim to have 99% penetration.

Aside: I was posting on Twitter* this morning and noticed that MacRumors had informally surveyed its followers and discovered that most are using ClickToFlash. I’m finding that the people I tell about ClickToFlash react to it the same way people reacted to Firefox when I was championing it five years ago: they love it and start recommending it to everyone they know… who uses a Mac, anyway.

* I’ve decided Twitter is handy for dumping one-liners that don’t deserve a full rant — I don’t care if no-one else ever reads them (and it’s pretty clear that no-one does).

If you want to try out this ClickToFlash thing:

If you want ClickToFlash (it requires Webkit/Safari) then you can get it here. I thoroughly recommend it even if you like using Flash as it cuts down the CPU hit from windows you’re not looking at and blocks most ads (for now). I love Hulu and Netflix (which are both Flash-heavy) but haven’t even bothered to whitelist them on most of my machines because I’d rather not have Flash wasting cycles on windows I’m not looking at.

If you’re not using Safari then your options are Flashblock for Firefox and, by the sounds of things, a ClickToFlash port for Chrome (it’s not trivial as ClickToFlash relies on Objective-C APIs).

Java’s Broken Sandbox

Apple has just — finally — patched a bunch of well-known Java-related security issues with OS X. The Mac world can breath a sigh of relief that a potential threat to people who haven’t turned off Java in their web browsers has been averted… until the next “pwn to own” competition.

The biggest security issues on the Mac all seem to be Java-related. (Once you figure out how to get OS X to “execute arbitrary code” through some other security issue, the next biggest issue is Apple’s failure to effectively implement Address Space Layout Randomization, but Java’s the main way people seem to get to that point.)

The obvious way to handle this problem would be (a) for Apple to turn off Java by default, and/or (b) have the OS ask users who have Java switched on to confirm the launch of Java applets the way it asks users to confirm the launching of newly downloaded desktop applications. (This is pretty much how Microsoft has ended up dealing with the gaping security hole that ActiveX represents.)

Even if it weren’t for Java’s abysmal security record, it would be nice to know if you’re about to load a Java applet so you could just avoid that website on principle.

And for our next trick, let’s treat Flash the same way. Indeed, it would be interesting if browsers offered users the option of ignoring Flash but loading flv streams directly into a native player that bypassed Flash. (HTML5’s video tag is a step in that direction — the key would be to have browsers recognize FLV as a streaming video format and do an end-run around video players.) Aside from a few cute games and FLV players, exactly what do we need Flash for anyway?