Adobe Flash and JavaScript

Have we learned from history?

July 6, 2021

As an Arch Linux user I am forced to be very particular about the programs I use on my computer because everything on my system is something that I put there, but people like me are of course a minority when it comes to worldwide computer users. For most people there is really only one program on their computer that matters, the browser. This is how Chromebooks are able to exist, Google Chrome is really the only program on a Chromebook and the other programs are just slightly modified web applications that work almost exactly the same as the version that runs in the browser. While from the perspective of an educated user this is terrible, from Google's business perspective this may be one of the smartest things they've ever done, sell cheap computers only capable of running your most popular program that already has thousands of developers working on it.

Now of course Chromebooks aren't the only type of computer and Google Chrome certainly isn't the only browser every program that can run within Google Chrome can run on any relevant browser. Word processors run in the browser, so does Zoom, and even VS Code can run within a web browser, of course doing this is almost never better than running these same programs outside your browser, but you can do it if you want to. You can almost think of your browser as an operating system built on top of your existing operating system (although that's not quite the case).

This is all thanks to something called ECMAScript, or as it is really known JavaScript. All usable browsers come equipped with JavaScript support and it is quite difficult these days to find websites that don't use it, I've even used it once (you can read about that here). If you want to use the modern internet you cannot avoid JavaScript.

But of course this wasn't always the case, and JavaScript programs weren't the only ones to have ever been supported within web browsers. Adobe Flash programs used to be quite common and if I remember correctly Adobe Flash support only ended as recently as the beginning of this year. Now I'm not going to use this time to reminisce about the old internet because I don't believe I'm terribly qualified for that, instead I intend to look back at history so we can be wary of the future.

Why Adobe Flash Failed

Flash is probably best remembered for the games that it allowed people to play, there were lots of sites hosting them and while most were garbage and all of them were a waste of time but there were a few that were fun, plus when you consider the fact that the target demographic for these things was children under the age of ten you realize that quality was never a big concern anyways, many of these kids were completely satisfied as long as they could attribute their button pressing to something "productive" and vaguely interesting.

I don't think there ever was a perfect Flash program not only because they never really needed to be perfect but also because Flash was far from a perfect technology. April 2010 could probably be marked as the beginning of the end of Adobe Flash, in this month Steve Jobs wrote an open letter to Adobe addressing the fact that iPods, iPhones, and iPads did not support Flash. In this letter Jobs spent some time correcting some of Adobe's false claims, pointing out Flash's obvious lack of touch support, and of course there was, what is probably Flash's most well known flaw, its security and performance issues, which combined with the fact that the typical Flash user was a child with no sense of computer security meant that Flash was a terrible idea. Within his letter Jobs reported that Adobe Flash was the number one cause of a crash on a Mac computer. Steve Jobs successfully made the case as to why Adobe Flash was not fit for today's internet, and Adobe Flash has been fully replaced with HTML5 and JavaScript.

JavaScript's Fate

Now whenever we look at history, especially recent history, we have to pick out any patterns in it and see where they might be repeated so that we can either put the pattern into use or take steps to avoid that pattern, in the case of Adobe Flash we'd want to avoid that pattern. Can JavaScript suffer the same fate that Adobe Flash did? Well JavaScript performs much better than Flash ever did and it is touch compatible so it is free of those issues, but what about its security? Is it possible for JavaScript to degrade to a point where its security is as bad as Adobe Flash's was?

Well being a computer science major I found myself in a web development class where we were assigned to ask questions in online discussion boards (which is no substitute for in-person classes). So on the week where we were first learning about JavaScript I asked that question. Discussion boards are of course supposed to encourage discussion (they never do) and I figured that this question had potential to spark some sort of a discussion, but instead the teacher answered it with an authoritative no and lazily talked about how JavaScript is incorporated into the web's standards proving that he really didn't spend any time entertaining the possibility.

This response shocked me a bit, not because I was offended that I didn't start some meaningful discussion (because everyone whose used a discussion board knows that never happens), but because nobody else even seemed concerned about that possibility. Now this one incident is not the end of the world since my former teacher has no influence over the development of JavaScript or web standards and it is unlikely that any of my classmates (if you could even call them that if you never went to class) ever will either. But is it just one incident? There are not very many students like me who would ask a question like that, and there are even fewer professors that would (frankly waste time) entertaining that question, and the odds of the perfect student being paired with the perfect teacher are way to low for the average computer science student to be able to hear a conversation where the future of JavaScript (or any other technology for that matter) is discussed critically. Then when we take into account Bob Martin's speculation that half of the software engineering industry always has less than five years of experience, we see that there is much to fear in the future of software.

The funny thing with JavaScript is that there is already a group of people who don't trust it, and even among the people who aren't that crazy it is becoming more and more normal to run programs that disable certain pieces of JavaScript, in fact I'd argue that you'd be pretty dumb not to use an ad blocker. Strictly as a technology JavaScript's security isn't compromised in the same way that Adobe Flash's was but the use of a technology is just as important as the quality of a technology is and in the case of JavaScript developers don't have the discipline to refuse to use it in insecure and bloated ways.

Of course we shouldn't completely abandon JavaScript, there are plenty of things that are essential to the modern internet that are impossible without it, but we should make sure that we are avoiding it on sites where it has no place.