EuroAsiaSPI2 is also known as European & Asian System, Software & Service Process Improvement & Innovation. The EuroAsiaSPI² conference presents and discusses results from systems, software and services process improvement and innovation or SPI projects in industry and research, focusing on the gained benefits and the criteria for success. This year’s event is the 21st of a series of conferences to which international researchers and professionals contribute their lessons learned and share their knowledge as they work towards the next higher level of software management professionalism.
I’ll be speaking on Software Safety and Security through Standards
Software has moved from the desktop in just about everything we touch. From smart thermostats to infusion pumps to cars software is pervasive and growing. These so-called “things” from the Internet-of-Things are increasingly carrying more logic and with it a larger risk of failure. Many of these devices are using in safety critical areas such as medical and automotive where they have a particular potential for bodily harm.
Most companies that have been building devices rightly view current software development as an almost insane group of cowboys and chaos. But there is hope, software CAN and MUST be treated an engineering practice. Coding standards move us from the build, fail, fix cycle back into a design, build, deliver cycle with high quality, safety, and security.
As it turns out, these same standards also provide benefits in the areas of cybersecurity, doing double duty. We will explore how standards help us move from finding bugs to building more robust software, how to prevent problems in the first place by proper coding, and how to leverage the efforts of others by using common accepted industry standards such as MISRA to achieve this goal.
For those of you who haven’t been following it (IE people without a smartphone), there has been a little tiff between Apple (AAPL) and Adobe (ADBE) for the last couple of years regarding Flash. I’ll discuss it more in detail shortly, but in brief, Apple decided not to include or even allow Flash to run on it’s IOS devices such as iPad and iPhone, based on their assertion of problems with CPU usage, battery life, security, and general UI issues re Flash on a touch interface. Adobe in turn says the Apple isn’t nice, doesn’t believe in open standards, and is preventing their customers from experiencing what they call the “full web”. Apple responded that Flash isn’t open… lather-rinse-repeat.
The reason I bring it up now, is that Microsoft (MSFT) decided last week that it’s also not going to allow plugins such as Flash in it’s upcoming Metro 8 user interface, opting instead for HTML5 support. This is of course not good new for Adobe.
Now in 2011 Flash is both ubiquitous and superfluous. It hasn’t yet become completely unnecessary, but the handwriting is certainly on the wall with things like HTML5, Ajax, etc. paving the way to the future web. For sake of simplicity, you can consider Flash usage in a few main areas: Video, Games, Ads, and non-structural animation (the ever-present loading animations). More on that later.
So when Steve Jobs wrote his open letter about flash he listed a series of issues he claimed were the reason. Adobe responded with some quasi-answers of their own. Steve Jobs said in his open letter “But the mobile era is about low power devices, touch interfaces and open web standards – all areas where Flash falls short.”
The breakdown of issues follows.
Adobe has a vested interest in maintaining their dominant position in web development tools. They could try to do with by making their tools support HTML5, which seems to be a direction they are now moving in, at least partially. But it’s a much rosier picture for them if they have a monopoly over their view of cross-platform, cross-browser compatibility. That way they, instead of Apple or Google or Microsoft, can get a bite of they pie for all internet games, applications, video, and advertising. Make no mistake about it, Adobe has no interest in open-standards – Flash is completely proprietary.
Apple is a proponent of “web standards” IE HTML5. On the other hand, while being open on the browser, they are completely closed in their application development. Apps for their smartphones are created using a funny language, and access to customers is only through their store, subject to their whims. However, while that all may be true, it doesn’t affect the core “full web” argument that Adobe is making. Apple apps are NOT the same as web browser support.
Apple’s App Store
There are those who think that Apple is only wanting to block Flash because it is costing them money in the app store. This is overly simplistic at best. There are thousands of free games in the app store, if this was simply about app revenue, Apple would block them also. This theory also ignores the real issues of CPU, battery life, and touch UI. Steve Jobs said early on that if Adobe could demonstrate Flash running with good performance on a mobile device they’d be happy to talk.
A variant is that if people can watch free video on flash, they won’t buy video on iTunes. Again, if this was true, then Apple wouldn’t support H.264 video either. So you can ignore such conspiracy theories as being the real issue.
Like everyone else, Adobe has had their own challenges with security, and Flash is certainly on exception. Essentially having a very capable runtime is a double-edged sword. While it has lots of capabilities, it also radically increases the attack surface. This is one of those areas where things will get better and then worse, and then better again. But there is no denying that a browser with a large plugin will always have more vulnerability than one without.
CPU / battery / Performance
Flash performance problems are well documented – if you doubt it just try a web search. Better yet, uninstall Flash or install a Flash control in your browser, especially on a laptop, and see what happens. It’s amazing how much extra battery life you get. In my case, I don’t even watch flash video or play flash games, so essentially it was pointless animations and unwanted ads using my CPU and reducing my battery. I always have a control plugin now so that I only run Flash that I want.
From WWDC 2009 Keynote:
“Number one cause of crashes in OS X is browser plug ins (read: Flash)“. This is based on crash logs that Apple receives, at least pre-SnowLeopard. Something to think about.
Why can’t they improve performance? Programmers are getting sloppy with faster CPU’s and more memory available. Programs have grown in capability, and the average size of programs is radically bigger than what it used to be. Battery powered devices may reverse that trend. There is still a lot of room for improvement in battery life, but the reality is that we currently have a situation where people are now setting battery life at a higher premium than typical geek-specs such as CPU clock speed. (As an aside, this is probably a good thing, as raw hardware specs say essentially nothing at all about actual performance. But I’ll leave the topic for another day.)
If we set all other issues aside for a moment, and just look at the UI issues, we’ll find something interesting. It turns out that a mouse is not the same as your fingers. This sounds silly, but it’s critical. Beyond the obvious issue of having one mouse and lots of fingers, there is behavior. From a software perspective, a mouse makes constant movement, IE even if a user picks up a mouse and sets is back down on their desk, the cursor hasn’t moved.
A finger on the other hand is prone to such behavior -making the cursor appear and disappear depending on where you point. One might even say this is desirable behavior. Simply taking a mouse interface and putting it on a touch device is a recipe for frustration. The more interesting (complex) the application, the worse the problem is. This is not easily solved, especially not with a one-size-fits-all methodology, such as Flash.
Is Flash The Full Web
OK, this one is downright silly. Adobe is pushing a phrase they call “The Full Web” – implying that if you don’t have Flash, you’re missing out. I’ve addressed above what this really means, but essentially it depends on your device and on what you happen to use the web for. Not having Flash runs the gamut from “critical problem” to “merely annoying” to “never noticed”.
Not having Flashhasn’t hurt the iPad, nor has using Flash as a differentiator helped other tablet devices.
Apple has a history of getting rid of old technology before others. Somehow they have managed to figure out what items are headed to the technology graveyard. First they killed off floppy drives, , then they started removing CD/DVD drives from the MacBook Air line, and now Flash. If they’re wrong, they can always reverse their choice, but increasingly it looks like they’re right about the long term in this case, again.
I’ve added this one on my own, but it’s actually one of the core issues. Essentially Adobe claims that it is acting sole in the best interest of people who use the web, while Apple they claim is acting solely in their own self-interest. The truth is of course somewhere in-between. While Adobe has a point that users without flash are missing out on some content, Apple has several technical points that remain outstanding. Clearly part of this is in Apple’s financial interest, and that cannot be discounted, but many of the purely political arguments are simplistic and ridiculous as discussed above. What content you’re actually missing depends on the sites you visit. Increasingly websites have video available outside of flash, and that will continue to grow. Those who like the games available on the web may have an issue, but it depends on the app ecosystem. If you’re favorite game is an app, this isn’t an issue, if it is, this is a deal-breaker for you. For me, the biggest thing I see being blocked on sites I visit is pointless animations (loading…) and unwanted ads. Good riddance from my point of view.
Conclusions about Flash
So what can we learn from all of this as a software development community? Firstly, be careful of putting your eggs in one basket. Especially if that basked is based on a proprietary standard. Big companies will always have disagreements, in the end it matters less who is right or wrong, or even who you agree with, and more about whether you’re lined up to continue to deliver the software you create to your target audience.
Beware technology based on proprietary “standards”. I’m not talking about proprietary software vs open-source, but rather protocols et al that we all rely on. If they’re in the hands of a single company eventually they will be a problem. Use them when you must, but be aware that one day you’ll likely need to migrate.
Stay ahead of performance issues. As hardware gets faster, cheaper, smaller, with more memory, it’s easy to forget about performance issues and simply take advantage of platform improvements. It’s better to take a more proactive approach – spend every 2nd or 3rd release on performance and quality and you’ll find yourself in a much better position, rather than being way late and too big/slow to compete.