Tag: flash

Google’s well minging plans to kill Flash

flash_gordon_2From the end of next month Chrome will block that irritating Flash content that loads behind the scenes.

Google claims that this sort of flash rubbish accounts for more than 90 percent of the Flash on the web. In December, Chrome will make HTML5 the default experience for central content, such as games and videos, except on sites that only support Flash.

It is one of the nails in the coffin of Flash as the web slowly moves away from plugins in favor of HTML5. Since last year Chrome 45 began automatically pausing less-important Flash content (ads, animations, and anything that isn’t “central to the webpage”).

As Mozilla and Microsoft are expected to follow.  However it looks like Google is already planning to move ahead. In an email the search engine outfit said:

“The end goal for all these browser makers is to push as many sites as possible to HTML5, which is better for both performance (lowering memory and CPU usage while boosting battery life) and in terms of web standards (which makes life easier for developers). Given Flash’s various vulnerabilities, there are obvious security gains as well.”

Google plans to have Chrome serve HTML5 by default in Q4 2016. Now the timeframe has been narrowed to December.

Flash Memory Summit 2016 – Consolidation?

FMS2016_BannerAd_300x250The Flash Memory Summit 16 will be convening at the Santa Clara Convention Center over August 9 -11, 2016. Flash memory is now established as a key technology enabling new designs for many products in the consumer, computer and enterprise markets.

Storage Crossover

The industry is at a critical juncture where the total cost of ownership for flash based SSD’s achieved crossover with hard disk drive equivalents last September as the enterprise storage medium of choice.

The fact that the number of producers is limited has altered the landscape of consumption with some analysts indicating that serious shortages will exist for some time to come. An interesting, but mitigating fact is that most of the analysts are not technical – the ones that we’ve talked to that have a technical bent are not so sanguine about the availability mix. One item that stands in the road to profits is the need for this next generation storage device to not only retain data but do so interactively without losing bits. The unrecoverable bit boogie man is now staring the industry down. The ability to store immense amounts of “ready data” for execution now depends on the technologies ability to reliably retain data.

All Flash Array producers are now entering the “really big data storage array” market – the battle has dropped down to the cost of storage per dollar creating a whole new category of marketing lows. 3D Flash is now so dense that failure modes are now dependent upon being aware of “how and when” the bits were used during the entire lifetime of the device.

Cork, Ireland NVMdurance was the first to understand this phenomenon and is now firmly embedded in their first customer Altera (now Intel). Pure and Nimble Storage are offering their services for their AFAs – seems that leasing AFA memory is a probable in the future of solid state storage. We’re still left reading the indemnification clauses of their contracts.

Poison Pill

Micron Technology filed with the SEC a poison pill last Friday. The buzz is that the company is once again in play. The likely suitor is none other than Intel according to the lead rumor. We will be talking with Micron and Intel at FMS 16 and although they’ll not say anything about what’s going on we’ll at the very least get to look into their pupils while they’re telling us…,

HTML 5 is just as rubbish as Flash

flash_superhero_running-t2Rather than saving the world from the security nightmare which is Flash, HTML 5 might be drawing us into a bigger load of hurt, according to the latest security report.

Since Steve Jobs blamed Flash for breaking his perfect operating system, the world has been a little hard on Flash. It has been gradually downgrading it and replacing it with HTML 5.

However according to GeoEdge, an ad scanning vendor, Flash has been wrongly accused as the root cause of today’s malvertising campaigns, and switching to HTML5 ads won’t safeguard users from attacks.

The problems are in the platforms and advertising standards themselves and not Flash.

For many years, Adobe has been slow to patch vulnerablities but things changed recently after browser vendors threatened to have the plugin disabled for most of their users. But this has come too late.

But according to GeoEdge Malvertisers don’t care if ad is Flash or HTML5 they rely on standards used to build the advertising network’s infrastructure, regardless if they deliver static or video ads.

Video ads, the primary root of malvertising use the VAST and VPAID advertising standards. If the ad is Flash or HTML5, there are critical points in this ad delivery path where ad creators can alter the ad via JavaScript injections.

These same critical points are also there so advertisers or ad networks can feed JavaScript code that fingerprints and tracks users.

 

Tor developer helps spooks hack Tor

tor-sheepA former Tor Project developer is making a living creating malware for the Federal Bureau of Investigation that allows agents to unmask users of the anonymity software.

Matt Edman is a cybersecurity expert who worked as a part-time employee at Tor Project, the non-profit that builds Tor software and maintains the network, almost a decade ago.

Apparently he has developed some killer malware which is being used by the Untouchables to unmask Tor users. It’s been wielded in multiple investigations by federal law-enforcement and U.S. intelligence agencies in several high-profile cases.

The Tor Project has announced that it came to its attention that Matt Edman, who worked with the Tor Project until 2009, subsequently was employed by a defence contractor working for the FBI to develop anti-Tor malware.

Edman was only with Tor for a year. In 2008 he joined and worked on Vidalia, a piece of software meant to make Tor easier for normal users by implementing a simple user interface. He was a graduate student then, pursuing a Ph.D. in computer science that he would obtain in 2011 from Rensselaer Polytechnic Institute.

Of course there was a few fears that had Edman been considering his future he could have been installing backdoors into Tor. However Vidalia was the only Tor software to which Edman was able to commit changes and that software was dropped in 2013.

By 2012, Edman was working at Mitre as a senior cybersecurity engineer assigned to the FBI’s Remote Operations Unit, the bureau’s little-known internal team tapped to build or buy custom hacks and malware for spying on potential criminals. Edman became an FBI contractor tasked with hacking Tor as part of Operation Torpedo, a sting against three Dark Net child pornography sites that used Tor to cloak their owners and patrons.

At Mitre, Edman worked closely with FBI Special Agent Steven A. Smith to customize, configure, test, and deploy malware he called “Cornhusker” to collect identifying information on Tor users. More widely, it’s been known as Torsploit.

Cornhusker used a Flash application to deliver a user’s real Internet Protocol (IP) address to an FBI server outside the Tor network. The malware targeted the Flash inside the Tor Browser. The Tor Project has long warned against using Flash as unsafe but many people enough people made security mistakes and Operation Torpedo netted 19 convictions.

According to court documents, Cornhusker is no longer in use. Since then, newer FBI-funded malware has targeted a far wider scope of Tor users in the course of investigations.

Adobe rushes out a flash update

flash_superhero_running-t2Adobe has issued an emergency update for Flash after researchers discovered a security flaw that was being exploited to deliver ransomware to Windows PCs.

The software maker urged the more than a billion users of Flash on Windows, Mac, Chrome and Linux computers to update the product as quickly as possible.

The bug was being exploited in “drive-by” attacks that infect computers with ransomware and poisoned websites.

Ransomware encrypts data, locking up computers, then demands payments that often range from $200 to $600 to unlock each infected PC.

Japanese security software maker Trend Micro Inc said that it had warned Adobe that it had seen attackers exploiting the flaw to infect computers with a type of ransomware known as ‘Cerber’ as early as March 31.

Cerber “has a ‘voice’ tactic that reads aloud the ransom note to create a sense of urgency and stir users to pay,” Trend Micro said on its blog.

Adobe’s new patch fixes a previously unknown “zero day” security flaw.

FireEye said that the bug was being used to deliver ransomware in what is known as the Magnitude Exploit Kit. This is an automated tool sold on underground forums that hackers use to infect PCs with viruses through tainted websites.

Google plots the death of Flash

flash-gordonSearch engine outfit Google has just announced a so-called “timeline” for banishing Flash from its advertising network and  going totally HTML5.

According to a spokesGoogle the Google Display Network and DoubleClick Digital Marketing are now going 100 percent HTML5.

From June 30, 2016, Google will no longer accept new Flash display ads from advertisers. On January 2, 2017, even old Flash ads will be blocked from appearing, making Google’s ad network mostly Flash-free.

Video ads will remain in Flash however, although there are not many of those.

Google has been trying to get advertisers off of Flash for some time, providing tools and best practices for switching. Now it apparently feels good enough about the switch to force it on the world.

Even Adobe has had enough of Flash. It killed Flash Professional—its Flash authoring tool—in December, and today announced Adobe Animate, which outputs projects in HTML5.

Flash beats HDD areal density

flasherCoughlin Associates has said that NAND flash memory has surpassed hard disk drive (HDD) technology in areal density for the first time. Believe it or not.

The market researchers told the assorted throngs at the 2016 IEEE International Solid State Circuits Conference in San Francisco that areal densities in its laboratories of up to 2.77Tbpsi for its 3D NAND. That compares with the densest HDDs of about 1.3Tbpsi.

Tom Coughlin, Coughlin Associates’ president, said that hard drive products from the third quarter of 2014 to the third quarter of 2015 had an increased areal density of about 60 per cent, So HDDs have not stopped evolving.

“On the other hand, flash memory is getting denser with technology announcements of 2.77Tbspi, higher than any announced HDD areal density. This is a new development. So flash is developing and certainly getting competitive in terms of areal storage density, but the chips are still more expensive to make than disks and the raw costs of storage will likely remain less for HDDs for some time to come.”

The highest areal density for today’s HDD products is about 1.3Tbpsi, according to Coughlin. Most HDD products, however, are well below that. For example, Seagate’s desktop hard drives have a maximum areal density of 850Gbpsi; those drives use shingled magnetic recording (SMR), which overlaps the magnetic tracks for greater density.

Samsung has already announced what would be industry-leading 15TB 2.5-in solid-state drives (SSDs) are already on the horizon.

However the price is not likely to reach parity with hard drives any time soon. The factories to build flash are still a lot more expensive to build than the hard drive factories, Coughlin said.

But Micron and Intel are opening new plants or are revamping older NAND facilities to increase their 3D production, which is driving prices down.

 

Oracle kills Java plug-in

Ned's_executionOracle has finally announced that it is killing off its Java browser plugin.

The cunning plan is to scale  down the plugin technology in Java Developer Kit 9 and remove it completely from Oracle JDK and Java Runtime Environment in a future Java SE release.

Oracle admitted that plugins were outdated and modern Web browsers don’t need them.  Chrome disabled Java in April last year, while Firefox also announced plans to kill Oracle’s technology.

Oracle has warned developers to find an alternative.

“With modern browser vendors working to restrict and reduce plugin support in their products, developers of applications that rely on the Java browser plugin need to consider alternative options such as migrating from Java Applets (which rely on a browser plugin) to the plugin-free Java Web Start technology,” Oracle said in a blog post to users.

Oracle acquired the Java plugin, in 2010. It is a bit like Flash and  Silverlight in that it uses NPAPI, which is an ancient Netscape Plugin API. These plugins have caused more trouble than good and using one is like painting a large bullseye on your back and screaming “hack me”.

Some will be miffed at the plug-in’s exist. Some enterprises are likely still running older Web browsers that need Java, and created plenty of applets for it.

Adobe kills Flash

flash-gordonAdobe has decided that the name “Flash” is pretty poisonous and will kill off the brand name next year.

The 2016 iteration of Adobe’s Creative Cloud subscription software scheme will see the end of the ‘Flash’ branding, and an even greater emphasis on  HTML5.

Adobe said that the Flash product will be called Adobe Animate CC from January’s update of the Creative Cloud suite. There’s no explicit mention of what the browser plug-in will be called, but presumably it will mirror the change of name.

This is a low key exit for a name which pioneered rich text media and video in the age before broadband. For the last decade it has been a buzzword for security vulnerabilities and exploits.

The Flash browser plugin has always been binary, hard-coded software and it was impossible to fix because of the proprietary nature of the code.

The rapid emergence of HTML5 and more ‘open’ standards which could more effectively and safely replace the web’s dependence on Flash.

Google’s Chrome browser has its own custom Flash player which allows Flash content to continue to run on its browser. Mozilla has agreed to continue Flash plugin support despite its plans to kill off some aspects of it.

In January of this year YouTube progressed its experimental HTML5 video support into the default format for video, and from September Amazon began to refuse Flash-based ads in its own consumer networks.

However the tech is still with us, but it will not be called Flash. Any new version of the plugin will continue to run Flash content in 2016. The company said:

“Today, over a third of all content created in Flash Professional today uses HTML5, reaching over one billion devices worldwide. It has also been recognized as an HTML5 ad solution that complies with the latest Interactive Advertising Bureau (IAB) standards, and is widely used in the cartoon industry by powerhouse studios like Nickelodeon and Titmouse.”

Chrome switches off Flash by default tomorrow

flash-gordonAnyone who is using Flash on their website might want to replace it pretty smartish – Google is stopping Chrome from running it.

After September 1 Google will pause “many” Flash ads in its web browser Chrome. It will allow you to run Flash videos, but the adverts are the most important thing for most sites.

If site visitors want to look at a piece of Flash content that was paused, you can click on it and start it manually. But face it, who is going to click on an advert?

The change, originally announced in June and enabled for beta users, goes into effect for everyone September 1, Google announced.

The feature already exists in Chrome; you can turn it on in the browser’s “Advanced settings,” under “Content settings,” by choosing the “Detect and run important plugin content” option.

The change going into effect September 1 will be that this feature will be turned on by default.

The new option speeds up page loading and reduce Chrome’s memory consumption, which is a growing problem for Google’s web browser.

All this is shaping up to remove Flash from the planet.