Mozilla's Flash plugin replacement Shumway lands in Firefox Nightly
The majority of browser developers agree that plugins based on Netscape's old NPAPI are bad and that HTML5 is the future of the Internet. This has several reasons, with major ones being compatibility, stability and security. Companies disagree on how that future will look like in particular though. Google for instance introduced its Pepper API in Chromium and Chrome, and is still making use of plugins. The only difference here is that they use the new API and not the old one.
Mozilla's take on the matter is different. The company wants to get rid of plugins completely, and has been working on replacements for popular ones for some time now.
Shumway is the organization's idea to replace Adobe's Flash Player on the Internet. It has been working on the project since 2012. The main goal of the project is to create a platform for parsing and rendering SWF files. Unlike Google's implementation, which is reserved to Chromium-based browsers, Mozilla's is completely open and released as open source on Github.
Shumway lands in Firefox
Shumway has been available in form of a browser extension for some time now for testing purposes. This extension is still available, but Mozilla landed the core code in the Nightly version of Firefox today.
The technology is not enabled by default right now, but that can be easily done. Shumway has additional requirements though, and you may need to make changes to certain preferences in Firefox to make it work at all.
- Adobe Flash Player still needs to be installed, and it needs to be set to Ask to Activate in the Add-ons Manager.
- Click to Play needs to be enabled in Firefox.
With that out of the way, load about:config in the browser's address bar and hit the enter key. If this is your first time here, confirm that you will be careful. Now search for shumway using the search form up top, and double-click the preference to change the value ofÂ shumway.disabled from true to false.Â Restart Firefox afterwards to complete the operation.
You should not expect miracles right now though. A quick test on popular sites such as Kongregate or YouTube turned out that it is not really able to replace Flash just yet on these sites. It did not work at all on YouTube for example, with Flash being used automatically on the site even though click to play was enabled. On Kongregate, games would not load but display the Shumway logo in the lower corner.
The Shumway extension supported several parameters that were not set by default in Firefox, and it seems that the native integration supports at least some of those as well. You can check out this Github Wiki page for a list of supported configuration parameters.
Code integration is a major step for the project, and while it will certainly take some time before the implementation lands in the stable version of Firefox, it is fair to say that Mozilla is making good progress so far. It remains to be seen if Shumway will be able to replace Adobe Flash fully though in Firefox and maybe also other browsers out there.Advertisement
This is… just amazing… I really do look forward to when it becomes complete.
“Chromium and Chrome, and is using still making use of” – delete “using” and the sentence is perfect. It’s understandable as is but I know you like to polish rough spots in these great articles.
From a security perspective this is a very positive area of development given how slowly HTML 5 is maturing as the de facto web media format. Most users are infected through their browsers and Adobe garbage – I mean products – are consistently a major source of vulnerability.
Checking this site from time to time – http://www.us-cert.gov/ncas/bulletins/ – I see Adobe, esp Flashplayer, listed every other week in the High Vulnerability section.
Interesting, looking back over the past couple of months I don’t see Flash listed on http://www.us-cert.gov/ncas/bulletins/ at all. I do see Firefox listed several times.
I’m not sure if I’m doing this right but I looked at the same website and across the field the Flash Player has half to two thirds as many vulnerabilities per year than the other products I’ve listed here.
If you take only the Flash Player itself and not include software that uses it such as Adobe Acrobat, the vulnerabilities are much much lower. I think less than 10 instances. Surprisingly, Silverlight has less than 5??? Flash Player included in it’s containers was around 50 and the others were around 100 to 200 per year.
Flash Player – http://1.usa.gov/HKHfv5
Firefox – http://1.usa.gov/1bceSiH
Chrome – http://1.usa.gov/1asUgjP
Internet Explorer – http://1.usa.gov/1bcfMfg – does not include activex, etc
Microsoft Windows – http://1.usa.gov/1asUtn8
Silverlight – http://1.usa.gov/19FmcFb
I mainly use HTML, PHP and Flash and Flex for developing applications. Flash / Flex apps can be exported to mobile, desktop and web using one code base and run natively or in a vm and it looks the same on all platforms. I’ve chosen it because it’s easy to use, I save time and I can target the most devices.
I would love to see Shumway work especially since the SWF format is an awesome container for delivering content.
I was pointing a finger at Adobe and their lax programming standards using that link as a handy reference, not presenting a polished statistical analysis.
Just casually click through Vulnerability Summaries Dec 24 2012 – Apr 8 2013; Out of 16 weeks Adobe is listed in the High Vulnerability sections 8 times, Flashplayer several times. No need to research further. That’s a pattern, a ridiculous, unacceptable pattern.
Couldn’t agree more with SubgeniusD’s comment — the remark on a misprint apart, too obvious — when indeed Adobe has been, still is marketing its products as if they were tied in a natural way to whatever system when it comes to rendering, name it Flash, name it PDF …
Here in France I am not far from believing that masses of programmers, high-skilled for big companies, even State-owned Web sites, have been technically educated to present Adobe, it’s Reader in the first place, as THE reader, with NO alternative!
The Web must remain free, and that included propriety emprisonements.
I used to use the extension of chromes like Ginger and other extension. But now I’ve got used to using Mozila. It’s nice to read that Mozila has been working to replace Adobe since 2012. Just waiting for it. It could be more interesting and Google Chrome will have to think about it.
Nice post. Thanks.
I tried to activate shumway in Nightly, it doesn’t work or I didn’t succeed in it
It is so good
Getting rid of Flash, once there’s something good enough to replace it, makes sense. Getting rid of plugins altogether is even stupider than forcing all addons on a single toolbar as an effort to make the browser more customizable.
I don’t agree : they don’t want to replace all plugins, only the main ones (readers).
But Mozilla policy (replacing main plugins by native functions) is criticized : slow, use of interpreted languages, etc. Cf the debate following this article if you read French
adobe flash player plung in kis trha download hoga…
The Extension can be installed at: http://mozilla.github.io/shumway/extension/firefox/shumway.xpi
Then just disable Flash Player at Extensions menu: press “Ctrl + Shift + A”, then go to Plugins.
More info: http://mozilla.github.io/shumway/
Shumway is not good because it is only for only for Firefox and Google Chrome.
Adobe Flash Player is better, because it is runing on all Browsers.
That’s not the only criteria. Adobe’s flash plugin for Linux has many security bugs. While Adobe does keep fixing them, there will be a time when an alternative is a safer route.