1. Background
Recently, the Dalian Train Department published an article entitled "Take full strength in one day and night to ensure 30 transportation stations" on its official account, which quickly aroused ridicule on the Internet and had to delete this article by itself in the face of pressure from public opinion. The reason is that the webpage code of the current car subsystem running in the browser relies on the operation of the Flash Player control, and its developer, Adobe, has done a show operation without considering the risk of commercial business systems, and added it in the version after 32 In addition to the "time bomb", starting from January 12, 2021 (US time), Flash content is banned from running in Flash Player, and Flash Player has always been built-in automatic updates in Windows 8 and above operating systems. Now the car subsystem is malfunctioning. It stands to reason that your Adobe company no longer maintains Flash Player. You will bear the risks caused by users' continued use, and no one will hold you accountable. You have to put such a time bomb in the software. **What's the difference between viruses? Many people may be saying that 3 years ago, Adobe announced that it would stop updating and distributing Flash Player at this point in time. I believe you would never expect Adobe to plant this time bomb. The problems encountered by the Dalian train service department are by no means isolated cases, but not all units have posted a commendation draft on the official account.
Since its birth in 1996, Flash Player has gradually become a widely used multimedia program player. Because Adobe vigorously promotes its Flex as the framework of RIA (Internet applications), third parties have developed and created many rich Internet applications. Typical such as the once-hot web games, further enrich the use scene of Flash Player. According to statistics, Flash Player has been installed and used on 1.3 billion computers, with an installed rate of over 90%. Because of this, various business systems developed a few years ago, including the websites of enterprises and institutions, rely more or less on it to run normally.
However, the update of Internet technology has always been very fast. Because of Adobe’s series of mistakes, Flash Player has missed the opportunity to develop on the mobile platform. There are too many vulnerabilities and the continuous maturity of HTML5, WebGL, WebAssembly and other technologies. The current mainstream Chrome and Edge The 88 version of the browser released on or about January 22, 2021 has also been a killer to Flash Player, canceling the operation support of its PPAPI plug-in, and Microsoft has also launched an optional update KB4577586 to directly uninstall the original system integrated Flash Player version. For those websites and business systems that rely on Flash Player, how to ensure continued normal operation has become a problem.
2. Existing solutions
Although Adobe recommended that developers migrate Flash content and programs to HTML5, WebGL, and WebAssembly three years ago, the objective reality is that the companies that developed Flash-related content and programs may have closed down, or because of migration costs It is too large or cannot be established due to institutional reasons, lack of funds, or insufficient new technology reserves, etc. It has not been modified for a long time. For example, our CCTV official website still needs Flash Player to play many videos, so we can only find a way from the browser. Up. If you want to continue to use Flash Player normally in the browser, there are currently several options:
1. Roll back the old version.
This is also the conservative solution adopted by the Dalian train department. Uninstall the version with time bomb logic. Flash Player reverted to version 29 (no lock zone and advertising harassment issues). Although this solution is available, it is inevitable because the old version is used. There are exposed vulnerabilities in it and there are still great security risks. In addition, It can only be loaded and used in browsers 87 and below such as Chrome, Edge, and IE browser.
2. Unique browser program
This solution is also the domestic browser solution, such as 360 speed and QQ browser. These browsers are generally dual-core, and the Chromium kernel version is generally low, so you can continue to load the Flash Player to use it. These domestic browsers are completely unsupported when they upgrade their kernels to 88 and above. A typical web game website such as 4399 is also recommended for users to use domestic browsers with Flash Player China version (the time bomb is lifted, but your surfing habits will be collected to target advertisements) to use (of course, you can also roll back the version, but yes Xiaobai individual users don't know how to operate). In addition, Adobe's official solution to enterprise users who want to continue using Flash Player is: Update for Enterprise Customers Using Adobe Flash Player. The recommended third-party partner is HARMAN. It is understood that the solution given is to provide a browser with built-in Flash Player. The cost of 50,000 dollars a year is actually a proprietary browser solution that cannot be used in mainstream Chrome, Edge, Firefox and other browsers.
3. Alternative technical solution
There is an open source project on Github, https://github.com/ruffle-rs/ruffle , which is an Adobe Flash Player emulator developed in Rust language, which supports web playback through WASM technology. But Ruffle is not perfect. At present, it does not guarantee the perfect compatibility with all Flash components. Sometimes it will encounter errors. In addition, although it can be called in Chrome and other browsers as a browser extension, it is not officially listed. Stores can only deploy and install manually, which is not friendly to business users. Since it is not natively officially supported, there may be problems with its compatibility, stability and playback performance. It is unknown whether the follow-up can be updated and maintained for a long time.
Three, improvement plan
It can be seen from the existing solutions that if you want to solve the problem perfectly, you need to solve the time bomb problem at the same time (the version after 32.0.0.371 has added the time bomb problem), the browser fully compatible operation problem (Chrome, Edge, etc. 88 version removed Flash Player operation support). Although the special edition released in mainland China has no time bomb problem, because it collects computer Internet information and targeted pop-up advertisements, the majority of users have long complained and naturally cannot be used in a commercial environment. The international version starting from 30.0.0.113 has added a lock zone operation restriction, that is, the international version cannot normally run on computers in mainland China. Therefore, for the latest international version, the lock area problem and time bomb problem can be solved by modifying the bytecode of the specific position of the control. But if you want to be compatible with the operation of version 88 and later browsers such as Chrome and Edge, there is no mature solution on the whole Internet. Searching the Internet found that there is a cross-browser native applet system such as PluginOK middleware ( https://codechina.csdn.net/zorrosoft/pluginok ). Through simple exploration and test verification, it is proved that it can be used to solve this problem. With PluginOK middleware, there are two ways to keep Flash Player running in the latest browsers such as Chrome and Edge:
1. PluginOK middleware with IE control applet ( https://codechina.csdn.net/zorrosoft/pluginok /-/blob/master/Bin/IEApplet.txt), so that Chrome, Edge, Firefox and other browsers can become a dual-core solution, and you can also specify the version of the IE core running. This solution is especially suitable for those websites that were only compatible with lower versions of IE browsers. You only need to make simple For retrofitting, connect to the Web Socket listening port through JS script, and then send commands through JSON package. The front end can also interoperate with the IE control applet. Due to the use of the IE core in this solution, the memory usage will be higher, and it may encounter warning problems when IE web pages load ActiveX controls.
2. PluginOK middleware and Flash Player web playback applet ( https://codechina.csdn.net/zorrosoft/pluginok/-/blob/master/Bin/FlashPlayerApplet.txt ), this solution completely throws away the IE kernel to load Flash Player’s ActiveX control has better running performance than the first solution, low memory usage and better experience. However, there are more website modifications, but it is a once and for all solution. If it is a new project, it must be compatible with the operation of Flash Player. It is recommended to use this scheme.
For the above two solutions, there is also a trial version of the program package that can be downloaded: http://zorrosoft.com/Files/PluginOKFlash.zip , friends who need it can try it, if you encounter problems, there is also contact information in the package for consultation.
Although the Adobe Flash Player problem is solved here, Microsoft's Silverlight will also reach the end of support on October 12, 2021. At the beginning, Silverlight was a hot program framework that competed with Adobe Flex and used various business systems of Silverlight. There are many, and only supports IE browser. With the help of PluginOK middleware, business systems that use Silverlight can also be compatible with browsers such as Chrome to run, which also kills two birds with one stone.
4. Summarizing
a good technical implementation plan, first is to meet the rigid needs of customers, second is to minimize the total cost of development, implementation and operation, and third is to have good compatibility and stability, and finally to ensure that the technical solution cannot It is invalid because of the browser upgrade. Based on the latest technical information and practical experience, this article provides such a stable, reliable, and compatible low-cost semi-open source technical solution for your reference.