Flash Was Killed Because It Was Objectively Dangerous
I get it, I get the Flash nostalgia and the fondness for old Flash games. I was big on Neopets before they decided to ruin the art and make all the pets samey paper dolls to play dressup with (completely ruining the point of the far more expensive "redraw" colors like Mutant and Faerie and Desert). I have fond memories of Newgrounds games and I even managed to take a class for a semester in high school where I could learn flash.
But I also remember how terrible it was. And you should too.
Leaving aside all of the issues involving performance and inaccessibility (such as being easily broken by bog-standard browser actions like the back button, and its ability to modify web code AND OS code in real time likely broke a lot of accessibility tech too), Flash was legitimately one of the most dangerous web technologies for the end user. An end-user is you, or more specifically back then, child-you.
According to Wikipedia and its sources, Flash Player has over a thousand vulnerabilities known and listed and over 800 of these lead to arbitrary code execution.
What is arbitrary code execution? That's when someone can just run any commands they want on a machine or program that didn't intend it. A fun way to see this is in this infamous Pokemon tool-assisted speedrun where they manage to get an SNES to show the host's twitch chat in real time. It's not so fun though when it's someone stealing all the files on your computer, grabbing your credentials so they could clean out your Neopets account (yes, really, it was a pretty common concern at the time), and other nefarious works. Also, there was a time where it allowed people to spy on you with your webcam and microphone.
Oh and on top of all of this, Flash had its own "flash cookies", which could not be cleared by ordinary means and thus could be used to track users indefinitely, at least until Adobe slapped a bandaid over it by introducing yet another screen an ordinary person wouldn't know to use. (I assume this is how the infamous neopets "cookie grabbers" worked, so they could get into your account. This is mainly what I remember about using Flash back in the early 2000s lol) So it not only was a "stranger taking over your machine" concern, but a bog-standard privacy concern too, arguably a precursor to our current panopticon internet landscape, where greedy websites would track you because they could and maybe get some money out of it, facilitated by this technology.
When Apple decided to block it, it wasn't out of greed; Steve Jobs cited its abysmal performance and security record, among other issues such as an inherent lack of touchscreen support, and Apple cited specific vulnerability use-cases when blocking specific versions before they nuked it entirely. When Mozilla, who makes Firefox, decided to block it, it's not like they would've gotten money out of doing so, or by offering an alternative; they did so because it is fucking dangerous.
Your ire and nostalgia is misplaced. Flash was not killed by our current shitty web practices that ruin unique spaces and fun games. Flash was killed because both Macromedia (its original developers) and Adobe were incapable of making it safe, if that was even possible, and it was killed after third-parties, in an unprecedented gesture, collectively threw their hands up and said enough.
Well, that and HTML5 being developed and becoming more widespread, being able to do everything Flash can do without being a pox on technology. One could argue that you should bemoan the lack of Flash-to-HTML5 conversion efforts, but that requires asking a lot of effort of people who would have to do that shit for free...and if they have to run Flash to do so, opening themselves up to some of the nastiest exploits on the internet.
Nostalgia is a fucking liar. The games themselves I think are worth having nostalgia over (look, I still find myself pining for that one bullet hell Neopets made and Hannah and the Pirate Caves), but Flash itself deserves none of that, and absolutely deserved to be put in the fucking ground. You're blaming the wrong causes. It was terrible.
(specifics and sources found via its wikipedia page, which has a lot more than is mentioned here. and also my own opinions and experiences back then. lol)
15 notes
·
View notes
tl;dr: Don't trust (most) forensic science
"Bad Evidence" from The Intercept
Hair analysts testifying on the stand had made erroneous statements in at least 33 death penalty cases, according to the agency. “Nine of these defendants have already been executed and five died of other causes while on death row.”
[...]
Much of the recent upheaval in the forensics world can be traced back to a landmark study released by the National Academy of Sciences in 2009. Titled “Strengthening Forensic Science in the United States: A Path Forward,” the report questioned the scientific basis for virtually every forensic discipline used to convict people and send them to prison. With the exception of DNA analysis, it found, “no forensic method has been rigorously shown to have the capacity to consistently, and with a high degree of certainty, demonstrate a connection between evidence and a specific individual or source.”
[...]
The NAS report, and an even more stinging critique of pattern-matching practices released by the President’s Council of Advisors on Science and Technology in 2016, were particularly critical of bite marks. The “available scientific evidence strongly suggests that examiners cannot consistently agree on whether an injury is a human bite mark and cannot identify the source of [a] bite mark with reasonable accuracy,” reads the PCAST report — a problem the group did not think could be rectified. “PCAST considers the prospects of developing bite-mark analysis into a scientifically valid method to be low. We advise against devoting significant resources to such efforts.”
Strengthening Forensic Science in the United States: A Path Forward
By using the term “underresourced,” the committee means to imply all of its dimensions. Existing data suggest that forensic laboratories are underresourced and understaffed, which contributes to a backlog in cases and likely makes it difficult for laboratories to do as much as they could to inform investigations, provide strong evidence for prosecutions, and avoid errors that could lead to imperfect justice. But underresourced also means that the tools of forensic science are not as strong as they could be. The knowledge base that underpins analysis and the interpretation of evidence—which enable the forensic science disciplines to excel at informing investigations, providing strong evidence for prosecutions, and avoiding errors that could lead to imperfect judgment—is incomplete in important ways.
[...]
Although DNA laboratories are expected to conduct their examinations under stringent quality controlled environments, errors do occasionally occur. They usually involve situations in which interpretational ambiguities occur or in which samples were inappropriately processed and/or contaminated in the laboratory. Errors also can occur when there are limited amounts of DNA, which limits the amount of test information and increases the chance of misinterpretation. Casework reviews of mtDNA analysis suggest a wide range in the quality of testing results that include contamination, inexperience in interpreting mixtures, and differences in how a test is conducted.
[...]
Uniqueness and persistence are necessary conditions for friction
ridge identification to be feasible, but those conditions do not imply that anyone can reliably discern whether or not two friction ridge impressions were made by the same person. Uniqueness does not guarantee that prints from two different people are always sufficiently different that they cannot be confused, or that two impressions made by the same finger will also be sufficiently similar to be discerned as coming from the same source. The impression left by a given finger will differ every time, because of inevitable variations in pressure, which change the degree of contact between each part of the ridge structure and the impression medium. None of these variabilities—of features across a population of fingers or of repeated impressions left by the same finger—has been characterized, quantified, or compared.
"How did we fall for the junk science of forensics?" from The Spectator
I believed in the polygraph test, in an unthinking way, right up until last week when I read a new book by M. Chris Fabricant, Junk Science and the American Criminal Justice System, which carefully and unarguably explains that almost every forensic science is unreliable, and most are entirely bogus. It’s not just polygraphs, says Fabricant, but the whole damn shooting match: arson investigation, hair microscopy, bullet lead analysis, voice spectrometry, hand-writing and bloodstain spatter analysis. ‘The list of discredited forensic techniques is considerable,’ writes Fabricant.
"We Need To Get Junk Science Out of Courtrooms" from Current Affairs
Fabricant:
I defined junk science in the book as subjective speculation masquerading as scientific evidence. And what I mean by that is that there is no scientific or empirical basis for the opinion. It’s based largely on training and experience and hasn’t been demonstrated to be valid and reliable through scientific research done through the scientific method and published in peer-reviewed journals, the way that mainstream typical science works.
In forensics, what we often have as compared to mainstream science are forensic techniques and knowledge generated by law enforcement. And typically, it’s done in an ad hoc basis. It will become useful in a particular case or a particular crime. Bite mark evidence is an example that I use in the book to demonstrate how a particular form of junk science gets introduced into the legal system. But it really only takes one case—one precedent-establishing case—or one judge to allow in one technique, and it’s very, very hard to exclude that evidence forever thereafter, no matter how junky it was to begin with.
[...]
Yes, it’s a fundamental problem with forensics. A lot of it goes back to what we were talking about earlier in terms of the difference between mainstream science and forensic sciences. One of the other examples that I point to in the book is arson investigation. Arson investigation, like bite mark evidence, hair microscopy, blood spatter evidence, firearms analysis—many of these techniques really operate in essentially a guild-like structure. The masters of the trade have the received wisdom that is passed down from mentor to mentee, generation from generation. A lot of it is folklore. What I mean is that it sounds science-y, and there are big textbooks, and there are leading practitioners of the field who become very high flying and high paid consultants. But it’s just never been tested.
[...]
One of the real problems with fingerprints and forensics, generally, is that there aren’t any standards nationally for, well, anything in particular—even as a threshold issue as to how much information you need in a latent fingerprint to make a so-called match. We know, today, that fingerprints have not been demonstrated as a matter of science to be unique. I think they probably are. I’m not arguing that they aren’t. But we don’t know this as a fact. What’s more important in forensics is that we don’t know how similar two fingerprints are. When you’re talking about latent fingerprints, these are smudges at crime scenes. If we don’t have any standards for how much information in that smudge you need, then you get a real problem with creating a potential wrongful conviction, a false positive, because some fingerprint experts will be willing to make a match based on very little information. What we get in that type of situation is the influence of cognitive bias on that conclusion. All forensics have a certain amount of subjectivity, some much more than others. Fingerprints are no different in that there aren’t any measurements being taken here to say that we need to have within a measurement of uncertainty, that when we declare a match that we know exactly what that means as a measurement, that this came within our one-millimeter degree of confidence in this measurement on this loop and this loop on this fingerprint. We don’t do that; it’s eyeballed.
10 notes
·
View notes