When Adobe Stopped Flash Content, It Impacted A Chinese Railroad

Jalopnik shares a story for our times: Adobe's Flash, the web browser plug-in that powered so very many crappy games, confusing interfaces, and animated icons of the early web like Homestar Runner is now finally gone, after a long, slow, protracted death. For most of us, this just means that some goofy webgame you searched for out of misplaced nostalgia will no longer run. For a select few in China, though, the death of Flash meant being late to work, because the city of Dalian in northern China was running their railroad system on it.

Yes, a railroad, run on Flash, the same thing used to run "free online casinos" and knockoff Breakout games in mortgage re-fi ads...

Hell, YouTube used to run on Flash until 2015. It wasn't all stupid little web games but, that said, I can't for the life of me fathom why anyone would want to run a freaking railroad network on it, with physical, multi-ton moving railcars full of human beings on it. So, when Adobe finally killed Flash-based content from running, this Tuesday Dalian's railroad network found itself ground to a halt for 20 hours.

The railroad's technicians did get everything back up and running, but the way they did this is fascinating, too. They didn't switch the rail management system to some other, more modern codebase or software installation; instead, they installed a pirated version of Flash that was still operational. The knockoff version seems to be known as "Ghost Version." This, along with installing an older version of the Flash player to work with the knockoff Flash server setup, "solved" the problem, and the railroad was back up and running.
UPDATE: ZDNet reports that "later reports from Chinese media clarified that railway traffic never stopped in Dalian because of the Flash end-of-life": However, the reports also admitted that there's some truth in the original report and that, indeed, some internal traffic statistics system had stopped working at the rail station on Jan. 12, when Adobe blocked Flash content from working.

Please uninstall Flash if you haven't already

[GayLinuxDev]

I do a lot of security work and Flash has been a headache. Besides, Flash no longer works on Chrome, Mozilla, or Microsoft browsers, and HTML 5 effectively ended Flash's cause for existence. Adobe stopped supporting it with security updates in December, which means Flash Player is vulnerable to hackers trying to gain access to personal computers.

Re: Please uninstall Flash if you haven't already

[BAReFO0t]

Fun fact: HTML5 is just Flash all over again.
Except with full GPU access, websockets, background threads that can and do persisit even if the tab is closed. (Or even the entire app, like I verified on Android.)

Yeah, running basically an OS with software from unknown sources on your system is always gonna be a security nightmare. With browser security theater or without.

Re: Please uninstall Flash if you haven't already

[OrangeTide]

You can access gamepads and MIDI instruments from inside a webpage now, that primarily is used to track your browsing habits. It's a whole application platform that goes beyond the invasiveness of Flash or Java applets (old shit, but same old shit).

Re:

[Malifescent]

Exactly, and it seems they're adding all sorts of dangerous web extension with the name Web(add your dangerous extension here) such as WebSockets, WebGL, WebUSB and others that I may not be aware of.

These are basically JavaScript wrappers around a computer's "private parts" and seem to riding roughshod over all the security sandboxing JavaScript was originally designed with.

Re:

[hjf]

WebSockets? WTH. WebSockets is just a long lived HTTP connection where the server can send you notifications instead of you polling it constantly.

Re: Please uninstall Flash if you haven't already

[arglebargle_xiv]

Nin hao, my name is Zhang Wei. I like having alligator clips applied to my nipples, being kicked in the nuts by Mistress Lien, but most of all having to write train control software in Adobe Flash.

Re:

[AleRunner]

There was this excellent browser extension; Umatrix [github.com], which let you enable and disable different features for each site. I say was, because unfortunately the author stopped maintaining [ghacks.net] it since people kept asking about broken sites and it's a bit of a complicated thing to explain. However the idea is excellent, just unfortunately not taken far enough.

If there was a JVM which allowed you to similarly switch on features per site, with similar allow/learn/deny cascading lists and that was integrated with some

You cannot block browser features

[aberglas]

If you do, your web pages will simply not work. You might wonder why your social media site needs full access to your hard drive. But turn it off and it just wont work. Might as well turn off the internet.

Welcome to the future.

Flash was also a lot cleaner and simper than HTML5.

Killing it completely was pretty rough though. If you said yes enough times you should be able to run it on sites you trust. Flash is much, much more secure than C, and we often download C programs and run them.

Re:

[thegarbz]

Fun fact: HTML5 is just Flash all over again.
Except with full GPU access, websockets, background threads that can and do persisit even if the tab is closed. (Or even the entire app, like I verified on Android.)

Yeah, running basically an OS with software from unknown sources on your system is always gonna be a security nightmare. With browser security theater or without.

I notice you didn't mention other things like the fact that they run sandboxed, the code is actively maintained, and for all your ignorant ramblings there's been less critical CVEs issues for HTML5 in its time than for Flash.

But I expect nothing less of our most prolific ignorant poster.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[jeremyp]

Flash has nothing to do with Adobe Acrobat. It's a different technology to PDF.

Having said that, your general point is completely correct.

Re:

[thegarbz]

Flash was more "sandboxed" than HTML 5's features. Flash applications didn't even have access to the HTML on the page they were embedded on.

Holy shit did you miss the point of sandboxing. It's not about isolating from what is displayed on the page, it's isolating from other tabs, the OS, the hardware etc. There's a reason Flash was such an incredible lucrative target for exploits that basically never saw a time when there wasn't a critical unpatched zero day. By comparison Webkit's handling of HTML5 is fucking Fort Knox.

Re: Please uninstall Flash if you haven't already

[NateFromMich]

Fun fact: HTML5 is just Flash all over again. Except with full GPU access, websockets, background threads that can and do persisit even if the tab is closed. (Or even the entire app, like I verified on Android.)

Yeah, running basically an OS with software from unknown sources on your system is always gonna be a security nightmare. With browser security theater or without.

That's nothing: https://webassembly.org/ [webassembly.org]

Re:

[Tablizer]

That might be, but you have just one leaky UI engine instead of two: the browser and Flash. It's similar to Java applets. I don't believe they are necessarily more risk than browser-based apps that do the same things, it's just less parts to go wrong to only have an HTML-based browser. It's arguably unfair to Flash and applets, but that's the reality of the situation. Winner-take-all is common in many aspects of the modern world. However, we are putting all our eggs in the browser basket.

Re:

[bobby]

Ugh, these online discussions. Everyone makes sweeping statements. There are many scenarios you may not be aware of. I have a client who bought a security camera system that uses Adobe Flash to display remotely. Flash only. NO html5 or anything else. He now has no ability to view his building / parking lot. Camera system is only 2 or 3 years old. Who should pay for a new one? Or do you know of some other fix?

Re:

[Anne Thwacks]

I have a client who bought a security camera system that uses Adobe Flash

Anyone who does uses Flash in a security context has a terminal case of Kruger-Dunning.

Your client should be on a charge of conspiring to leak data, and moved to an institute for the mentally deranged at the earliest opportunity.

Re:

[Pimpy]

2 to 3 years ago the impending end-of-life of flash was already well documented, so to some extent it's your client's fault for not doing his due diligence when selecting a supplier. On-going support for something that requires external software over which you have no control should be near the top of anyone's risk list when comparing options, particularly on things that are going to be installed in the field and generally left alone for years. If it's still under warranty, he would have a good case to dema

Re:

[Immerman]

>That being said, if the vendor is actually a camera manufacturer and not just a Chinese importer, they'll presumably have some incentive to provide a workaround.

I'm trying to figure out what incentive a camera manufacturer would have to provide a workaround that removes your need to buy new cameras...

Re:

[bobby]

Reputation, hopefully.

Re:

[NateFromMich]

He now has no ability to view his building / parking lot.

He has the ability to buy a new system, and this time look into it better before wasting his money.

Re:

[cusco]

If it's an Avid system there was an update last year.

https://avid.secure.force.com/... [force.com]

Re:

[bobby]

Thank you for a civil, polite, and informative answer. No, not an Avid. Being I'm in the A/V world a little, I know them.

Not sure what to call some of the responses I got above. Not sure why people have to post stuff like "he should have known better". Camera system literature says NOTHING about using Flash. Not sure how someone could have anticipated that, especially someone non-technical.

I never heard, anywhere, that Adobe had date-bombed the Flash players. You can backdate a computer and it'll run

Re:Please uninstall Flash if you haven't already

[freeze128]

An elderly neighbor often asks me to do PC support for her. She likes to play Lucky Slots flash game on facebook. I have been warning her that Flash has been discontinued, but she still wants to play the games. Other players of these games on facebook have used http://flash.puffin.com/ [puffin.com] as a sort of proxy to run the flash games. The puffin web site loads and executes the flash code, and then delivers it to your browser via HTML5. It's a little bit slower, but seems to work as a stopgap. Perhaps it can help with your client's security camera system.

Re:

[bobby]

You are awesome, thank you. Some positivity, rather than platitudes and "should have known not to buy the system". And the client is non-technical, so even if the stupid camera system company had disclosed that it was Flash-based, I don't think he would have known to not buy it, or to send it back once he did. Again, I had no idea that Adobe would brick the existing Flash players.

I looked at flash.puffin.com and it looks like you have to upload the app to them and they run it. But I like the idea of an i

Re:

[bobby]

I'm not sure when the guy bought the system. Probably around 2015 maybe? But it had already been in production, and as I commented below, there's no mention anywhere that it uses Flash to play remote video. I thought it was annoying when I discovered the Flash requirement, but I did not know that Adobe was going to brick the Flash player.

Even more annoying: to update the device, there's a Flash widget you have to click. But now, the widget (link) does not appear. I backdated a PC and then Flash ran, so

Re:

[Bert64]

Well consider that a lesson to learn...
When you acquire devices in future, ensure they don't rely on any proprietary third party software, and go for vendors that don't create lock-in like this.
There are standards for streaming video from cameras (eg ONVIF), if you select standards compliant devices then you have a choice of many ways to access the stream.

Re:

[bobby]

When you acquire devices in future, ensure they don't rely on any proprietary third party software, and go for vendors that don't create lock-in like this.

Bert, that's pretty obvious, especially now. Again, I did NOT make the decision. Wealthy non-technical guy did. Camera company did not disclose that it was a Flash-based system.

And frankly, what is a "standard" anymore? There are many many video codecs, even more stream formats. Look at how many people used the "standard" .gif format, and then whoever it was that owned the copyright to the format, then enforced it and everyone had to scramble, and .png came out of it. Can you tell me you knew it from

Re:

[pjt33]

You could try GNU Gnash, but I'm just throwing this out as a suggestion in case you haven't heard of the project. I can't actually recommend it because I don't use it and I'm not sure how good its support is.

Re:

[TheGavster]

While certainly there are security issues with running a Flash program from an unknown source, what sort of problem have you seen in your work with internally developed applications?

Re: Please uninstall Flash if you haven't already

[hey00]

I will not.

I salvaged 32.0.0.371 binaries from archive.org, apparently the last without the time bomb, and I will use it for as long as I please. And if Mozilla his full stupid Google like, I'll get an old build of Firefox or other to run it.

And if I need to, I'll use a VM.

I'm aware of the security risks, I only want to use it to run local swf files. You'll day I could use the standalone flash projector, but despite being made by Adobe too, is buggy AF compared to the browser plug-in. And gnash is worse, an

Two things

[quonset]

A) Good for them. It should not be up to a company to unilaterally make a piece of software unusable. If someone wants to run the software years after it expired, that is their business, not the company's.

B) How? In what form could they make the railroad be reliant on this? What programming did they have to do to even make this feasible? And of all the things they could have used, why Flash?

Re:Two things

[Forty Two Tenfold]

A) Good for them. It should not be up to a company to unilaterally make a piece of software unusable.

EFF agrees and they are working to prevent that by promoting open formats and open source.

Re:

[Anonymous Coward]

A) Good for them. It should not be up to a company to unilaterally make a piece of software unusable. If someone wants to run the software years after it expired, that is their business, not the company's.

Exactly right. I own my computers, not Adobe. If Adobe wants to stop supporting Flash, that's their business, but if I want to continue running Flash on my computers, that's none of Adobe's business.

How much Flash sucks is irrelevant. How much everyone hates Flash is irrelevant.

Re:

[moronoxyd]

Exactly right. I own my computers, not Adobe. If Adobe wants to stop supporting Flash, that's their business, but if I want to continue running Flash on my computers, that's none of Adobe's business.

Sure, you own your computer. But you don't own Flash and thus you don't own the right to use Flash indefinitely.
You're free to implement your own version of Flash that doesn't infringe on Adobes intellectual property.

Re:

[nagora]

But you don't own Flash and thus you don't own the right to use Flash indefinitely.

I think I do, actually. Not that I want to; it's shit.

Re:

[r2kordmaa]

Initial version of Flash was published 1996, so that version will enter public domain 2091, last verion will have to wait until 2115, might as well be never for all the difference it makes. Perhaps some digital historians yet to be born will one day care.

Re:

[NateFromMich]

Exactly right. I own my computers, not Adobe. If Adobe wants to stop supporting Flash, that's their business, but if I want to continue running Flash on my computers, that's none of Adobe's business.

Good for you. Don't worry, I'll get off your lawn.

Re:

[HiThere]

Well, that depends on what they're using it for. If they're using it to display scheduling information to the customers, no real danger. (Problems, yes, but not danger.) If they're using it to determine the scheduling...WHEEEE!

Re:

[pottsj]

How? Don't know for sure, but perhaps they made the mistake of developing their front end in Flex [wikipedia.org]

Re:

[Pimpy]

A company certainly has the option of shutting down servers that provide external services within the terms of their licensing agreements. Absent some costly SLAs, they are under no legal obligation to provide the service beyond the licensed period. That being said, for software that has no interaction or dependency on their infrastructure besides e.g. license verification, they certainly could have handled this better. One option would be to make an EOL license available for users that still wish to use it

Re:

[K. S. Kyosuke]

In what form could they make the railroad be reliant on this?

The summary says:

Yes, a railroad, run on Flash, the same thing used to run "free online casinos"

Riding their trains was probably a gamble?

Re:

[havana9]

Problem is that someone was convinced by some saleswasel to use Adobe Flex to build an internal system, maybe for a vertical application, and due a time bomb the system got inoperable. At least Microsoft didn't put a time bomb into MSDOS or Windows 2000. Next time what will Adobe make unusable Photoshop? Illustrator? Acrobat? Premiere?

Re:Two things

[cusco]

It's likely they put the control room display in a browser, if the controllers can't tell the status of the switches on the line they have to shut it down.

Re:

[DrSpock11]

It's likely they put the control room display in a browser, if the controllers can't tell the status of the switches on the line they have to shut it down.

Which likely was a completely reasonable solution at the time it was built. In Flash's heyday it was one of the the best cross-platform UI stacks around. People decrying "why did this use this?!" don't seem to understand that all tech eventually becomes obsolete, the question is not "if" but "when".

Re:

[jythie]

There was a time when Flash/Flex was being marketed as a general solution. Any place you could use Java, Flash/Flex could fill the same role.

I have a May 26 2019 version of flashplayer

[innocent_white_lamb]

I have a Linux flashplayer executable on my computer that's dated May 26 2019. I use it for playing local copies of flash games (I particularly recommend Minute Maid Mahjong) and it still works fine.

I didn't really go out of my way to find a flashplayer executable without the time bomb; it just happened that I downloaded the flashplayer executable from Adobe (in 2019, apparently) and never bothered to try to find another one after that since it's just a local executable and isn't used for any online stuff.

Re:

[flink]

If old flash content is your thing, you should check out Operation Flashpoint [bluemaxima.org]

Railroad Tycoon...

[creimer]

Only in China would Railroad Tycoon [wikipedia.org] be taken seriously by an actual railroad.

So much nonsense in this.

[BAReFO0t]

First of all: Did you think they'd code an entire new railroad management system in 10 hours or what? Tje stupidity of your mindset in no way is any better than that of people running a railroad on Flash.

Secondly, what do you mean "pirated"?
Leaving aside the fact that you are using a word, delinerately misused by organized crime, to equal people who do not accept playing along with racketeering schemes andbeing stolen from with seafaring rapist thugs ...
As far as I know, Flash Player is freely available fro

Re:

[Forty Two Tenfold]

They had a decade to do the reasonable thing. That's 8760 times the 10 hours you're yapping about.

Re:

[aaarrrgggh]

It really depends on what the Flash was doing and how it was implemented. Presumably it was just HMI, and quickly getting the critical functions re-implemented would be about making calls to an abstraction layer and not actually handling the logic.

Re:

[HiThere]

OTOH, the discontinuation of Flash has been public knowledge for a long time. So it isn't like they didn't have warning. Therefore point one fails.

As for the second point...well, I don't know what the company required the system to do, and I've never programmed in Flash. So I'm not sure that FlashPlayer would handle the requirements. But countries can definitely set their own copyright laws, and I wouldn't be surprised if China explicitly allows companies connected with the government to continue to use

Re:

[Cmdln Daco]

We're talking about Adobe here. They didn't even create Flash, they just bought it. They're a company that used to be totally in thrall to the Macintosh, not so much anymore.

They're highly allergic to open source.

Re:So much nonsense in this.

[BoogieChile]

> Re:So much nonsense in this.

And you just had to go and make it worse, didn't you [wikipedia.org]?

Re: So much nonsense in this.

[BKX]

Convincing people of bullshit yet plausible sounding etymologies is a hobby of mine. I really like doing that. Sometimes I'm even right. A good example is misdemeanor meaning misbehavior in the 18th century. Having said that, my point in language moving on and word meanings changing over time still stands.

we've got it too

[Anonymous Coward]

Where I work there are lots -- and I mean *lots* -- of mission-critical things that require flash. We got a system-wide broadcast email recently that read, essentially, OMIGOD NON OUR SOFWAR WILL WORKS NO MORE!@!!

They've had, what, a couple of YEARS to adapt? But no.

The cynic in me thinks it was a conspiratorial dragging of the feet to force the hiring of consultants to fix things ASAP and bump up the IT budget, a flexing of muscles to remind people how important IT is.

We've been known this is coming for awhile.

[The MAZZTer]

Over 5 years [youtube.com]. There's really no excuse.

Re:

[LenKagetsu]

My GameFAQs signature used to be "It has been [0] days since the last Adobe Flash exploit was discovered"

Pirated Flash? Why?

[williamyf]

They are a FilesyetmCheking Railroad Company. For companies this big, official support for Flash can be easily had from Harman (a Samsung subsidiary) to which Adobe offloaded all Flash related activities.

Services include keeping your flash infrastructure working until 2023 and beyond, and helping you migrate:

https://services.harman.com/pa... [harman.com]

As for the client, the latest Flash client in China can still be downloaded from Adobe.cn, and has no time bomb....

So, this is mone ineptitude from the chinese sysadmins than a fault of Adobe itself

PS: I DO NOT AGREE with Adobe planting time bombs on the SW.

Re:Pirated Flash? Why?

[williamyf]

Can you please share the link for the client? Unfortunately it is necessary for some .gov sites on brazil, I'm saying "not my problem" every time a user try to access one of those stupid sites, but it's about time that a manager will need it....

English follows.

No hablo portugues, pero aqui tienes el Link.

https://www.flash.cn/ [flash.cn]

Espero te ayude.

Recuerda que para que funcione, necesitas FireFox ESR 78 para usar el plug-in NPAPI, o hackear tu browser para usar el Plug-In PPAPI

The link is there, Just remember that, in order to use it, you need iether FireFox ESR 78 to use the NPAPI plug-in, or to hack your browser to use the PPAPI plug-in.

Re:

[higuita]

well, what you wrote is actually Spanish, not Portuguese, but they are similar enough... usually Portuguese speaking understand Spanish better than the reverse.

Re:

[williamyf]

Yo se papa, por eso escribi en espa#nol, si no, lo hubiese dejado solo en Ingles.

Como solo hablo espa#nol, ingles y frances, parecio la mejor opcion.

Re:

[cusco]

That's because Spanish is at least spelled rationally. the way it's pronounced. Portuguese on the other hand . . .

Still more rationally than English, though.

Re:

[higuita]

Don't do it!

Keep those sites failing and contact then pointing that it is impossible to run flash now, put the pressure on their side to replace that instead of trying to find workarounds. If there are workarounds, they may postpone again.
Tell that also you your boss and warn that any other "flash replacement news" are actually malware trojan that do not even work (true if you have only recent browsers). Make yourself "dumb" and and report you know no possible workaround.

Again, if you don't do it, you risk

Good.

[Gravis Zero]

The only more fitting punishment for running such a system using Flash would be if it caused the train to derail. What the fuck are people thinking when they make shit like this?

I bet I know what happened...

[aaarrrgggh]

Someone saw a picture of a train control HMI, looked at the cost of licensing the software, and decided to just have a few guys do it themselves. They chose Flash...

(For the life of me though I can’t find/remember the name of the quintessential HMI package that everybody used to use for these things... so much for my Google-Fu as well.)

Re:

[aaarrrgggh]

Wonderware. Wow... I guess I haven’t dealt with it in a decade or more, but funny what things you block out over time.

Re:

[cusco]

Wonderware . . . OK, now I'm going to be having nightmares, I had managed to suppress that memory almost completely. Thanks for nothin'.

I'd be surprised if it was anything more complex than then interface for the controller's screen, I have trouble figuring out how they would make flash talk to a SCADA system otherwise.

Early green tech and BI dashboards were in Flash

[nadass]

About 10 years ago, I spent several years at a "smart, green tech" firm which built customer- and consumer-facing performance dashboards illustrating their energy management performance metrics: electricity consumption, occupancy, energy production, etc.

In 2012, I spearheaded the dev team to build an HTML5 dashboard tech with no reliance on Flash. By 2014, the powers-that-be decided that migrating existing clients *away* from Flash would... invalidate... the terms of the deployment contracts at customer sites. As of 2018, those clients were *still* relying on the Flash-based dashboards for their energy management decisions.

TL;DR - Many companies built "mission-critical" UI's in Flash because they prioritized aesthetics over function. I laugh. They cry.

Re:

[Tablizer]

Many companies built "mission-critical" UI's in Flash because they prioritized aesthetics over function. I laugh. They cry.

It's not just Flash. JavaScript toys and other web page bloat are maintenance nightmares, as new browser versions/brands often break the bloated web stuff.

Eye Candy over K.I.S.S.

It's one of the reason it takes about 3 times longer to build the same web app than using the 90's desktop IDE's. Don't even get me started about fucking Bootstrap: Spaghetti Science galore. (I realize deployme

Re:

[Cito]

Ah... Remember the days of Frontpage and Frontpage Extensions?

Heh, my first website I used a Frankenstein mess of Dreamweaver and some Macromedia Shockwave which I believe was the predecessor of Flash then installed server side Frontpage Extensions and used Frontpage to edit the website.

Nowadays Im usually just lazy and spin up a lamp stack and throw WordPress & Nextcloud on it usually and call it a day. Hehe

So much legacy

[xack]

We keep hearing of companies stuck in a hard place that their old systems can't be maintained anymore because the people that maintained them have all died. There is going to be legacy flash content run past it's end of support date for decades, running in insecure browsers and Adobe can't stop them

vmware

[nnet]

Did vmware fix their webui so html5 could be used for ALL operations now?

Re:

[williamyf]

Yes, they did. They took their sweet long time, but they did.

But some people and organizations still cling to the Flash UI. Either because they are more familiar with it, or because they are still ussing obsolete/unsuported versions of vmWare.

Legacy systems

[troutman]

There are many pieces of expensive carrier network and telecom gear where the management system is web based with a lot of flash. Some of the vendors released terrible HTML5 versions in the last few months, but many things will never get updated.

In the real world there are still things like windows NT 4 servers running as management consoles for extremely expensive gear. Usually not on the Internet.

Re:

[cusco]

There's a lot of hardware out there like that, especially medical equipment. All the old MRI and PET machines were originally designed to write their scans to a DVD to be placed in the patient's physical record because pushing that much data across a 10 mb network would have shut the whole hospital down and filled every bit of storage in no time. Now that stuff is all on the network but the hardware can't be upgraded because XP and Win2K are much more liberal about how drivers can access hardware than lat

Jalopnik

[AnonCowardSince1997]

I decided to RTFA on the Jalopnik website.

Mistake.

That website is a crime against humanity. It’s more ad than article.

Well, DUH

[93 Escort Wagon]

This is exactly how you’d expect this to be solved. The first step would be to get your critical system back into an operational state as quickly as possible by any means necessary.

Hopefully now they’ll continue on to step two, which is to put together a longer-term solution that’s not reliant on an obsolete technology... but I imagine that decision is being made by the same penny-pinching types who were ignoring the EOL warnings coming these several years already.

Of course, there’s

Re: Well, DUH

[dwater]

Flash was hugely prolific in China, much more so that in "the west" in my experience. It was also a favourite of designers who just wanted their UIs working and flash they found easy for some reason. I don't think there was much awareness of the potential problems with proprietary products.
Things have changed significantly, iinm. It's still a problem, but it is everywhere.

It's rampant in other industries

[CasinoMktgGuy]

I work in the gaming industry and one of the biggest gaming management systems out there by Bally's runs on Flash

Flooded help-desk at work

[Tablizer]

Many of our org's intranet training sessions run in Flash. They stopped working late last week. Everyone was scrambling to find a fix or work-around. Monday probably won't be pleasant.

Re:

[jfdavis668]

One of the training courses we have to take at work uses Flash to show your scorecard for the final test. Now, you can take the test, but you don't have a score, so you can't pass. I had to take the test with Internet Explorer to get the scorecard to work.

Re:

[Bert64]

Try using an intercepting proxy like burpsuite, a janky old system like that will probably let you choose your own score.

Re:

[jythie]

Once a system is delivered and installed, sometimes you don't know what technology it is using until it stops.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Proprietary timebomb.

[couchslug]

I understand the necessity to deprecate the cancer of Flash, but the users got what they signed up for.

I can almost forgive using Flash for that.

[pecosdave]

Flash COULD look really nice and make a really nice looking front end to a control system. Probably was never actually the best choice, but I can see it.

What I cannot forgive is actually exposing anything in that system to the Internet at all, especially to such a degree that the stuff can tell Flash is expiring. I would have locked that shit onto the version of Flash it was originally created for, maybe done some manual patches after that, but isolate and offline the shit.

Re:

[jythie]

eh, they were probably trying to be good and keep up with patches and simply did not realize there was a self destruct timer in them.

I miss flash on YouTube

[dwater]

I could buffer the entire video so that it was usable/watchable on slow connections, but html5 has no such ability. I'm happily corrected, if there is some way, BTW...

The British Library map collection is also broken

[jaa101]

See map page [www.bl.uk] for example. All their zoomable maps are now broken. The “full size printable” alternatives don’t appear to have the same resolution as the Flash zoomable versions.

What a way to run a Railroad...

[Tulsa_Time]

to coin a phrase...

so many fails

[bloodhawk]

Not sure what is scarier.

a) Using flash to run a train system. WTF!
b) Not being aware your critical software is about to break from a widely announced update that has been known for years, face palm!
c) Not controlling the software that runs said train system tightly so that it receives updates that kill flash! double WTF!

I think they're trying to get ahead of the story

[hattable]

The source article [appledaily.com] doesn't read at all like the main link. The headline is full of snark and it ends with a section with netizens lauding the achievement with so much sarcasm that the official article which was hailing it as the highest order of technological achievement of 2021 was taken down.

From the summary-linked article's "source"

Chinese network users called the incident “the happiest technology news in early 2021.” The article in the official WeChat account of the “Dalian Train Department” may have something wrong in the message and the article has been deleted.

Original article (not the Official one)Archived Copy [archive.org]
This is an 'article' that looks like the English version [appledaily.com] with little more than running spellcheck. Worse, that article is related to the original Chinese version in nouns only.

I don't expect much in the way of any review of posts by /. but this is sloppy even for them.

Not the only one

[mysystem32]

South African Receiver of Revenue (SARS) - tax authority also broke because they took too long to upgrade.
More details here: SARS: Some taxpayers’ tax forms gone in a Flash https://www.dailymaverick.co.z... [dailymaverick.co.za]

Homestar Runner isn't gone

[Guspaz]

Homestar Runner is still available and posting new content occasionally (including a short in 2021). You can go to https://homestarrunner.com/ [homestarrunner.com] and it works just fine. Legacy content uses Ruffle (a WebAssembly flash emulator written in Rust), newer content uses embedded YouTube videos.

Classic exmple or technology NOT upgrading

[Murdoch5]

How many software platforms and systems are based on old technologies that need to be transitioned?
How many times have you been at a company, looked at the code / software / hardware stack and wondered why it's 20 years out of date and held together with band-aids?
How many times have we seen an old library in a large system that seems to hold everything together, but can't be upgraded because it was EOL'd years ago?

We can call out this railroad for running flash, but really this same scenario happens al

Re:

[BeerCat]

Related to "just use another JVM", here is a "just use another legitimate Flash version in a way that won't get it swtiched off"

Software installed with "Flash-enabled if necessary". Some report elements use native API (translated into Flash when saved), and some use Flash API. No-one can say for sure which business critical reports use the Flash mandatory elements, and which used the native stuff only, so switching off the "enable Flash if necessary" could have been no issue, or could have broken some busin

Re:

[alexgieg]

The newest versions have a kill switch based on the current date. Until day 'n' they work while giving the occasional warning about EOL. After day 'n' they refuse working altogether. So, no phoning home needed, just a computer set to auto-update Flash, which is the default.

Re: flash? Yuck!

[dwater]

That sounds like a lot of software these days. What's to stop it from happening to them too?

Re:

[alexgieg]

Not just nowadays. Since the 1980's there's been software that did that, typically trials and time-limited sharewares. The easy solution back then was to change your computer's clock to before the kill switch time. Nowadays cryptography requires clock accuracy, so there's no solution other than installing an older version without the time-based kill switch or hacking the software to disable the time check.