Back issues & Flash plugin

[Edward DembowskiParticipant @edwarddembowski70671]

Now that the Flash plugin is being discontinued due to continual security issues, will there be another way to access back issues online? It seems everything from issue 277 and older needs Flash to be enabled.

[Edward DembowskiParticipant @edwarddembowski70671]

The Flash plugin is discontinued.

[Brian GParticipant @briang]

Bumped because I would also like to know if the archive will be re-issued. Since this was first raised back in 2017 there has been a format change for the newest content but it is still required to view most of the archive and Microsoft's announcement that "Flash will be completely removed from all browsers by December 31, 2020, via Windows Update." does appear pretty final.

Brian G

[Graham StoppaniParticipant @grahamstoppani46499]

Ditto

[JasonBModerator @jasonb]

I expect Neil's reply from a couple of months ago still stands.

Posted by Neil Wyatt on 20/04/2020 20:40:04:

The problem is the archives are not a significant source of income, at present they are added value for what is still a relatively modest number of people who prefer a digital subscription. Partly this is because pirate digital copies of archive issues have effectively removed the potential value of a rejuvenated archive.

At one point we were close to an official DVD of the archive, but the sums didn't add up.

Because there's always the potential for the archive to become unworkable, the T&Cs say that continued access to is not guaranteed and I fear that if the choice was between investing in converting it to HTML5 of phasing it out, the business case would almost certainly be in favour of the latter.

Fortunately I am sure there will continue to be ways to run flash (although only 5% of websites use it now, down from 28% in 2011) for the forseeable future, but I'm afraid the onus will be on readers to seek these ways out.

So my advice is grit your teeth and find flash player/browser combination that works for you; I know it isn't ideal but it is doable.

What we can do is create a page with links to reliable flash players/browsers for viewing the archive on different platforms.

We have some suggestions already. If folks would like to post more links to what they recommend/use here, I'll create a page when there are enough suggestions for it to be worth doing.

Neil

[Michael GilliganParticipant @michaelgilligan61133]

Posted by JasonB on 10/07/2020 07:25:01:

I expect Neil's reply from a couple of months ago still stands.

Posted by Neil Wyatt on 20/04/2020 20:40:04:

The problem is the archives are not a significant source of income, at present they are added value for what is still a relatively modest number of people who prefer a digital subscription. Partly this is because pirate digital copies of archive issues have effectively removed the potential value of a rejuvenated archive.

[…]

So my advice is grit your teeth and find flash player/browser combination that works for you; I know it isn't ideal but it is doable.

What we can do is create a page with links to reliable flash players/browsers for viewing the archive on different platforms.

[…]

.

… and if that is the best that can be done, then the Print edition of MEW remains my choice, and archival storage my responsibility.

MichaelG.

[Neil WyattModerator @neilwyatt]

Posted by Brian G on 09/07/2020 12:47:59:

Bumped because I would also like to know if the archive will be re-issued. Since this was first raised back in 2017 there has been a format change for the newest content but it is still required to view most of the archive and Microsoft's announcement that "Flash will be completely removed from all browsers by December 31, 2020, via Windows Update." does appear pretty final.

Brian G

Microsoft can only remove flash players from their own browsers…

Neil

[Andy StopfordParticipant @andystopford50521]

For anyone who can't view the older mags in the Linux version of Vivaldi, you need to L-Click the padlock icon in the address bar, choose Allow Flash and reload the page. You may have to do this each time you logout/in.

You may need to have Pepper Flash installed; a script to automate this can be found here:

https://gist.github.com/ruario/215c365facfe8d3c5071

This may work for other Chromium-based browsers.

[Gene PavlovskyParticipant @genepavlovsky]

I pay for Print+Digital subscription to MEW, however I find the Flash-based online reader clunky and uncomfortable to use, besides the fact that it needs an internet connection. I know, however, of a forum, where new issues are being posted in perfect quality in PDF format on a regular basis. How do these pirates get those PDFs? And why a legitimate subscriber can't have those? If I was to download these pirated PDFs, I won't feel morally wrong, but I would feel quite ridiculous. Pay the legitimate content creator, then furtively get the actual product from a pirate.

With regards to Flash, it's quite likely that sooner or later Flash will be actively blocked by all modern browsers. Encouraging users to keep an older version of a browser, which still supports Flash Player, can be harmful, as eventually these old installs will contain a number of unpatched security vulnerabilities, and won't be safe to use.

I think most companies who once relied on Flash to deliver paid content on the web, have long developed alternative HTML5 solutions. At the company where I work now (as a software developer), the flagship product was partially/fully ported from Flash already 3/4 years ago – and we were 1-2 years late, compared to our main competitors.

Sincerely some solution will be available some time soon.

[Michael GilliganParticipant @michaelgilligan61133]

Copied from the 2021 thread:

_______________________

Starting the year right : **LINK**

https://www.bbc.co.uk/news/technology-55497353

Adobe Flash Player is finally laid to rest ^^^

… must be one of the longest ‘Death Scenes’ ever !!

MichaelG.

[Roderick JenkinsParticipant @roderickjenkins93242]

Just tried looking at the MEW archive in Firefox. Clicked on a an older issue and it asked me if I wanted to run Flash. Clicked yes and it took me to an Adobe site that said, amongst other stuff, this:

"Since Adobe will no longer be supporting Flash Player after 31 December 2020 and Adobe will block Flash content from running in Flash Player beginning 12 January 2021, Adobe strongly recommends all users immediately uninstall Flash Player to help protect their systems."

That seems to that. As I only have a digital subscription to enable access to the back numbers then that's a revenue stream that MTM will be losing from me .

Rod

[Ady1Participant @ady1]

I've got Win7 64 and you can run different instances of your browser

Instead of using your main browser when you want to use flash, download and use an old browser version, get it set up and working for viewing flash stuff

then Disable updates in it, and ONLY use it to visit the ME site for viewing the mag, it will have its own separate icon

For one old Activex scripts program, which microsoft abandoned in 2015, I still use an ancient never been updated internet explorer browser

Don't expect one browser to do EVERYTHING, especially for rarer more specialised stuff

There's no security issue because you're not surfing about, you're visiting one trusted site with that browser, then closing it down, and enable "erase history on shutdown" to be extra safe

Edited By Ady1 on 12/01/2021 17:42:21

[Gray62Participant @gray62]

Since Adobe have End of lifed (EOL) flash player and are now actively blocking anything which runs in flash player, it is no longer possible to view the older magazines in the archive. Do the publishers/web developers have any plans to re publish the older archives in a different format ( hopefully using something more user friendly than the current viewer. How about offering access to subscribers of magazines in pdf format. Many other publishers do this and are not afraid of piracy, If it is only available to subscribers, they are hardly likely to be the type who would download and sell on for what would be little gain.

Edited By JasonB on 14/01/2021 07:01:08

[Paul LousickParticipant @paullousick59116]

There are many alternative applications for viewing flash files.

Can anyone recomend one for Windows 7 ?

Adobe has has always suggested to update to their latest version for security reasons. Is there a security risk when viewing Flash files ?

Paul

Edited By JasonB on 14/01/2021 07:02:02

[Colin HeseltineParticipant @colinheseltine48622]

One of the worlds major wifi hardware companies has been very slow porting over to html5. Because of they they bought out just before this Christmas a special app to allow all users worldwide who used software that relied on flash to be able to configure it via the GUI until they had the HTML5 stuff done. Great we all through better late than never.

Till last night and as soon as 12/1/2021 arrived it ceased to work and just put the Adobe Failure message on screen. Users around the world have been shouting at them to get it fixed asap.

Colin

[Mike HurleyParticipant @mikehurley60381]

When I decided to subscribe to MEW for the first time just before Christmas (my local WH Smith having closed), i decided the print & digital would suit me as I had missed print issues in the past and the archive would be useful.

Oddly, I don't remember big, clear lettering in the 'subscribe' pages saying 'Sign up, pay a bit extra for a service that will only work properly until the end of this year', I'm sure a cop out is in the small proint of the T&Cs but it still annoys me. I relise the publishers have no control over external products and suppliers, but it would be nice to make things clear up front and I might have saved myself a couple of £

regards to all. keep safe.

[Paul LousickParticipant @paullousick59116]

Mike,

You will still be able to view the issues of MEW that you subscribed for and some of the archive issues as they are not in Flash format.

Pocketmags is a better way of viewing the digital magazines and all issues of Model Engineer and Model Engineers Workshop are readable from January 2016 as they do not use Flash.   But Pocketmags does not have all of the earlier issues that are on the ME site

Paul

 

Edited By Paul Lousick on 14/01/2021 10:10:53

[Nick Clarke 3Participant @nickclarke3]

Posted by Paul Lousick on 13/01/2021 22:19:00:

Adobe has has always suggested to update to their latest version for security reasons. Is there a security risk when viewing Flash files ?

This site lists over a thousand **LINK**

[Gene PavlovskyParticipant @genepavlovsky]

It seems I was wrong.

Recent magazines (MEW 278 and newer) are displayed in a viewer that uses HTML5, and don't require Flash. If you monitor the requests that the viewer makes (using e.g. Chrome DevTools, Network tab), you can find download links for the magazine's individual pages in both jpg and pdf formats. So it's easy to download all the magazine's pages for offline usage, with a simple shell script (even a one-liner command). One file per page, so not 100% convenient, but better than nothing. There should be multiple software packages available that can assemble the individual pages into a single pdf.

Older magazines (MEW 277 and older) try to open the Flash-based viewer. I still have Windows 7 on my main laptop, I just tried Firefox, Chrome and even IE11. All of them fail to open the viewer, and instead redirect to Adobe's Flash End-Of-Life page. It seems to me that the version of Flash Player plug-in that I have installed (quite some time ago) already contains a "time bomb" which results in the player not willing to work any more. Or perhaps it makes a network request to Adobe to see if it should work or redirect to EOL page – I haven't checked. Either way, it seems to me that to make the Flash player work again, it's not a question of using an old OS or a browser. I am guessing that one would need to have a sufficiently old version of Flash Player plug-in.

Personally, when I bought a print+digital subscription, my motivation was having new magazines in print, and digital was to be able to access all the older back issues. This is now impossible and I guess I will buy just the print subscription next time. Luckily there are those crafty pirates who managed to get ALL of those old issues in pdf.

By the way in most of cases pirates are just sharing the files (magazines, music, movies, software), they are not trying to make money by selling the pirated stuff. I think that people who think it's right to buy/subscribe, and have money for that, will do so, even if they know where to download the pirated versions. And the people who for some reason decide to get pirated stuff, in most cases wouldn't buy/subscribe even if the pirated stuff would disappear. They would just live without those things. So I'm also of the opinion that it makes total sense for letting subscribers download the digital versions. The pirates will be able to get the files anyway whether or not they are made available. Time and time again they prove themselves more crafty than the DRM guys…

And something should be done about those archive back issues no longer accessible to subscribers. Sell it as a DVD full of pdf files, offer it as a free download to digital edition subscribers.

[Gene PavlovskyParticipant @genepavlovsky]

Posted by Nick Clarke 3 on 14/01/2021 10:55:27:

Posted by Paul Lousick on 13/01/2021 22:19:00:

Adobe has has always suggested to update to their latest version for security reasons. Is there a security risk when viewing Flash files ?

This site lists over a thousand **LINK**

Every browser has tons of security issues as well, as well as the underlying OS.

Granted, Adobe did a very …………… job with Flash after they bought it with Macromedia.

Flash being thrown out is 99% politics and security issues is just a good excuse.

Most HTML5 developers I talked to, who had to switch from Flash, agree things mostly worked better and were easier to develop with Flash. Dealing with 3+ different browsers is a huge pain in the …. I think Flash could have been way better than any current browser stuff, if Adobe would just made it open source and let people advance it.

Edited By JasonB on 14/01/2021 11:36:04

[Michael GilliganParticipant @michaelgilligan61133]

From the BBC page that I linked earlier:

“An open, collaborative project known as Ruffle is working to develop software that can play Flash content in a web browser, without requiring a plug-in.”

… but personally, I think the security risks are just security risks.

MichaelG.

[Nick Clarke 3Participant @nickclarke3]

Posted by Gene Pavlovsky on 14/01/2021 11:09:45:

Every browser has tons of security issues as well, as well as the underlying OS.

Most HTML5 developers I talked to, who had to switch from Flash, agree things mostly worked better and were easier to develop with Flash. Dealing with 3+ different browsers is a huge pain in the ass. I think Flash could have been way better than any current browser stuff, if Adobe would just made it open source and let people advance it.

OS's are developed and security issues are addressed during their service life but they do not have to cope with active content coming from unknown sources making the issues with Flash (and Postscript, JavaScript and even HTML5) more of a problem.

Regarding the open source question, while an enthusiast for it (2 of the four laptops by me now run Linux) the developer's job might possibly be even more difficult if they had to face a multitude of different rendering engine variants, even with access to the source code.

[Gene PavlovskyParticipant @genepavlovsky]

@Nick,

Security is a complicated subject and there are all kinds of ways our computers can get compromised. Same as Flash, modern browsers have their fair share of vulnerabilities. See e.g. these recent news. I don't think that Flash is inherently less or more secure than HTML5/JavaScript in our browsers. It is true that Adobe did somewhat poor job at maintaining Flash, including the security issues. They didn't put enough money/effort into it and allowed it to die.

Adobe open-sourcing Flash wouldn't necessarily mean a multitude of variants (forks). Open-source developers are well aware of pitfalls of forking, and most projects exist in only one variant. There are some cases when due to various reasons (personal or technical) there exist two (rarely more) versions of open-source software, e.g. OpenOffice and LibreOffice. There had been cases where projects had split and then, years later, merged back together.

The most relevant to our current topic would be FireFox, earlier Mozilla, earlier Netscape Communicator. It's an open-source browser and there's one main version of it, although there are multiple browsers "based on FireFox". These are all more or less niche browsers with a small user base, so their developers naturally aim for compatibility with FireFox in terms of being able to render all the same websites correctly.

Naturally web developers only test their websites and web applications on the most common browsers. E.g. the company I work for cares for these desktop browsers: Chrome, FireFox, Edge, Safari. We still support IE11 although the percentage of people who use is going down fast. We don't develop or test for any of the niche browsers. Too much work as it is, with all the browsers I mentioned!

Which is why Flash was easier to work with. For the most part it was: write once, works everywhere. In the several years I worked with Flash, I recall only one obscure bug in our application that caused IE to freeze while in FireFox it seemed to work ok. Turned out on IE a "load complete" event listener was fired immediately (synchronously) when loading a file, and asynchronously on Firefox. Our code assumed that every load is async (not the best idea). If there were many files to be loaded in a row, we had a call stack overflow on IE, which was for some reason just freezing the browser, instead of showing an error dialog.

Anyway, I think if Flash was open-sourced and given to the community, there would be a single organization taking care of it, and open-source contributors aiming for their contributions to end up back in that single "standard" Flash Player, rather than making their incompatible forks. We can only guess now, although in some alternate universe this might have happened

[SillyOldDufferModerator @sillyoldduffer]

Posted by Gene Pavlovsky on 14/01/2021 12:05:08:

@Nick,

…

I don't think that Flash is inherently less or more secure than HTML5/JavaScript in our browsers. It is true that Adobe did somewhat poor job at maintaining Flash, including the security issues. They didn't put enough money/effort into it and allowed it to die.

…

Couple of important differences between Flash and HTML5. Flash is closed-source proprietary and wasn't designed with security in mind – a common problem with pioneer software. Closed software is an instant security risk because no-one apart from the supplier knows how it works or can fix it. HTML5 is a standard, and it was designed from the outset with security in mind. Many implementations are open for inspection.

Flash isn't in the same league as HTML5! At the moment there are 45 CVE (Common Vulnerabilities & Exposures) identified for HTML5 compared with 1445 listed against Flash. And the HTML5 vulnerabilities are being fixed, whereas Flash is stuck with them.

The main problem with Flash is it's security problems are fundamental. It's not a product with a few loose ends that can be tidied up, the whole thing needs to be re-written from scratch to close multiple loopholes. Bit like putting up a greenhouse and then discovering it needs to be secure enough to protect gold bullion.

Adobe decided to walk away because mending fundamental security flaws is expensive, there's no profit in fixing it, and a new secure version is likely to break everything written for old Flash. Everyone is happy except those who've invested in Flash and don't care about user security! Vested interests always hate change.

Javascript is also riddled with security problems but it's possible for the Browser to contain most of them, basically by blocking insecure features. Javascript has 3129 CVEs, but they can mostly – we hope – be contained. Flash can't be sandboxed in the same way due to the way it's built.

Users and developers don't care about security until they've been stung. We like software that's easy to develop and use, and dislike anything that slows us down. If you want to get at your money quickly, take it out of the bank and keep it in a handy pile by the front door…

Dave

[Gene PavlovskyParticipant @genepavlovsky]

@Dave

I agree with most of what you said, but not about Flash's design being insecure from start. Flash Player is a virtual machine that executes (ActionScript code compiled to) bytecode. The capabilities the VM provides can be summarized as: displaying graphics, playing sounds, accepting user input, accessing camera/microphone (with user's permission), various network requests and do general purpose processing. There are no capabilities of executing arbitrary code, read/write arbitrary files on disk, etc.

Therefore it's inherently a sandboxed environment, same as JavaScript code running in a browser. Most if not all security vulnerabilities are bugs in the particular implementation of the Flash Player VM, which may lead to potentially escaping the sandbox and doing something nefarious. So the implementation may indeed suck with regards to security, but it doesn't mean the whole design is bad.

If Adobe would have donated the whole thing, I'm sure enthusiasts would have fixed the bugs or rewritten the complete Flash Player from scratch. As an example, enthusiasts had more than a decade ago developed an ActionScript compiler superior to what Macromedia/Adobe ever offered, which has since evolved to use it's own language (Haxe), it's compiler can produce bytecode for Flash Player / AIR runtime, but can also output JavaScript, C++, Java, PHP code, to name just several of all supported targets. We will see what this Ruffle project will produce. But for sure it's going to be a niche offering, because HTML5/JavaScript is (for better or worse) not the future, but already the today.

Many developers these days do care about security, because security issues are a huge liability for companies. The company I work for has a dedicated team looking for vulnerabilities, trying to break into our own systems. Fortunately, this is becoming more common.

One of biggest security holes is Windows, I think it would be wiser to stop using Windows, than to discontinue Flash

I might have steered this discussion a bit too far off topic.

[Author]

Posts