Daily Archives: December 24, 2007

One of my jobs at EffectiveUI is to talk about our services to new customers… sometimes I am asked to discuss and defend the "issues with Flash". Here are the common objections, and how I talk through them:

Flash content is heavy

You are going to read several times in this post this phrase: "it is not the content or the platform, but the execution that causes most of the issues people see in the Flash Player". The fact is, most of the applications we build would be much heavier in HTML than Flash (if you could build them in HTML). Flash content should be smaller because:

  • Flash reuses components and can layer images on the client side:
    A simple example of this would these images I used as icons for our NoMokin site:

    forum_unread_subforum.png forum_unread_locked.png topic_unread_hot.png topic_unread_hot_mine.png topic_unread_locked.png topic_unread_locked_mine.png topic_unread_mine.png
    Each image has to be an individual bitmap in HTML. With Flash, I could have created 1 large image, and 2 small transparent images and compiled them in layers to get the same results, thus reducing the file size. Now imagine this same optimization application wide.

  • Flash uses lightweight vector graphics
    the same images above would be even smaller if I was about to draw them using vector graphics rather than as bitmaps. Additionally, the graphics would be infinitely scalable, so I would not have to re-create different sized icons for different uses as the below example illustrates how a bitmap looks when scaled versus when a vector graphic is scaled.


  • Flash can reduce server round trips by scripting logic on the client side.
    Things like simple email validation, sorting of records in a data grid, and data charting can all be done on the client’s machine. A reduction in server round trips reduces the overall load on the server and improves application performance for your customers.

  • Flash content can be compressed.
    A SWF file is actually compressed when it is compiled using the LZW compression scheme. We have see 10 fold improvements on the footprint of a Flash application when using compression methods.

Flash is not good for Search Engine Optimization (SEO)

A very common misuse of Flash is to build entire web sites with it. I know what might be saying "But Anthony, your web site is all Flash" — True, but it is Flash only because we needed it to do something VERY specific. At the time we build it, SEO was not as critical a requirement as usability and sexiness were. EffectiveUI builds applications using the Flash player, most of which consider "search optimization" irrelevant. After all, if you were building a mortgage calculator, or a rich email client, would search engines care about the inner workings of the application, or would you want them just to care about the location of the application in your web site?

If SEO and user experience are equally important, than you should create dual web experiences, one for the search engine robots and one for your customers. Attempting to build one site that serves both needs could mean that you will make compromises on usability in order to conform to search.


Flash content is not accessible

This is just plain wrong. The Flex components are Section 508 compliant. In fact, Adobe has a whole department dedicated to ensuring the Flex framework is, and remains 508 compliant. However, If accessibility is a requirement for your online applications, than I would encourage you to think about creating 2 versions of the application. One that is compliant and one that is engaging. I go back to the last topic: Attempting to build one site that serves both needs could mean that you will make compromises on usability in order to conform to accessibility.


Flash content is hard to localize

Well, it is, "kinda". Localization is a requirement that you need to identify during the design phase of an application, otherwise it is very difficult to go back and localize it later. Localizing an application simply requires you to externalize the text (a good practice anyhow) and embedding the right font. There are considerations on some Asian languages to make (like right to left navigation schemes versus left to right) … but for the most part, there are established best practices for creating applications that are language agnostic.


I don’t need no stinkin animation on my web site

Flash has a bad rap… probably caused by the early days of sites with lengthy intros and really bad sound effects. It is also, however, a powerful development tool. It is a long knife that you can do great things with, but you can also cut yourself really badly. Animation can be (and has been) way over used. It can also be used to immerse your customers and keep them engaged with your application. Further, it helps to provide context in navigation, just look at the iPhone’s use of animation and you start to get the picture.


My development team does not know how to use Flash/Flex, how will I maintain it?

Ahh … finally a question with some real meat behind it! It is difficult to tell a large organization’s IT department that they need to learn something new. They are already dealing with hundreds of technologies … I even worked on a project last year where we had to integrate with a machine running on vacuum tubes (no joke). So how can you possibly ask to have them add yet another platform on top of their .Net, Java, PHP, Ruby on Rails, Fortran, C++, Pearl and Cobal skills? Well, I first start with the fact that Flex does not replace anything, rather it augments their existing infrastructure… they do not need to go in and rip out the .Net infrastructure and replace it with Flex. Flex and Flash will simply sit on top of their existing SOA and APIs to meet specific business objectives where usability is core critical to success. Then I talk about how Flex and Actionscript is an ECMA compliant language, pretty easy for a Java developer to pick up (in fact, many java developers are relieved to work with a good, extensible GUI framework).


I don’t want to have to ask my users to download a plug in.

At the time of the writing of this post, Flash has 98% ubiquity. The latest version (Flash Player 9) is at 95.7% (view the latest stats here). At some point your competitors are going to leverage the power of the platform and see a huge boon in user adoption (if they haven’t already). About 20% of the engagements EffectiveUI does today are about "leap-fogging" a competitor that has already leveraged the Flash Player sone some manner. If you allow 2% of your customers dictate how you engage the other 98%, than you online business will always be well behind your competition’s…



Flash has security flaws

This is the question that started me writing this post. Recently, The Register published an article "Serious Flash vulns menace at least 10,000 web sites". The article discusses an inherent, "serious" security flaw in the flash player and in Flash content. This article reminded me of a "breaking news" story I saw on the Today Show about a year ago. It was about these things that would capture your personal data and report it back to a web site. These things were called "cookies". Although I’m sure that security nazis will tell you to turn off cookies, I actually like the fact that when I go back to eBay, it remembers who I am. In fact, almost every Fortune 500 company web sites utilize cookies to track user behavior and provide a better online experience for their customers.

Cartoonist Scott Adams put it best:



Anyhow, back to the article. It discusses a flaw in the Flash Player. The article does not go into details on exactly what the flaw is, so I am required to speculate based on this Adobe Whitepaper referenced in The Register article … the security hole requires the following to be true in order for it to be exploited:

  • You have a Flash application that ties into business logic on your server
  • This application is not served over a secured (https) connection
  • This application takes a very specific set of instructions directly from the HTML it resides in
  • Your middle tier services layers allow for any query on your data without validation or sanitization
  • You have placed a"cross domain" file on your web servers that allows ANY other Flash application on Any other domain to access your domain
  • You have not already fired your IT manager for the all of the above being true

(btw, I have NEVER seen all of these things in one place at any company doing business on the web)


The Last Word

I am always amused by those that see things only as black and white (or more appropriately only as "ones" and "zeros"). Flash is "bad" … Flash is "good". Both can be true at the same time. Flash is bad if you do not execute well, if you are new to the technology. Flash can be very powerful in the right hands and in the right circumstances.


add blog to

add blog to technorati

dig this story

%d bloggers like this: