The latest Flash vulnerability and monoculture

John Gilmore gnu at
Mon Jul 27 07:58:52 EDT 2009

> > While I agree with the sentiment and the theory, I'm not sure that it
> > really works that way.  How many actual implementations of typical
> > protocols are there?

For Adobe Flash, there are three separate implementations -- Adobe's
proprietary one, GNU Gnash, and Swfdec.

Gnash is focused on long-term reliability and compatability, like the
rest of the GNU programs.  Its browser plugin executes the flash
interpreter in a separate process (which draws in the browser's
subwindow).  It can use either gstreamer or ffmpeg to play video or
audio.  This summer, the development focus is on implementing Flash
10's new class library (they redid it all).

Swfdec is focused on playing popular video sites well (sooner than
gnash).  They share some common regression-testing infrastructure, but
the implementations came from different code bases.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list