You are here: Home / Journal / Ruffle to the rescue for Macromedia Flash

Ruffle to the rescue for Macromedia Flash

ByGarf

Do you remember Macromedia Flash? Now, thanks to the canny lads and lasses at Ruffle, Flash is back! To celebrate Garfnet’s 30th anniversary, we thought it would be fun not merely to reinstate the Flash presentations we used to host here, Only this time we’ll fix it so that readers can watch them on any modern computing device, with any modern browser, without needing to install a browser plugin. 


The old “GarfNet Clock” from back in our Joomla days, reinstated with Ruffle. If you can see this clock, then all the other flash presentations on this site should work for you too. So please click the link to our “Projects section” below to try it out.

Back in the late 1990’s and early 2000’s Flash was everywhere on the web. Sadly as a result of some dispute between Adobe and Apple, coupled with some rather serious security issues, the entire format died. This was rather unfortunate because some of the Flash presentations of the era were really rather good. However, thanks to Ruffle, you can see a selection of vintage Flash content over at our Projects section. Granted, they are all quite old, but like they say “There’s many a good tune played on an old fiddle“…

Is Ruffle more secure than the old Flash players?

Ruffle is generally considered pretty secure, certainly compared to the original Macromedia and Adobe Flash Players. It is developed using a modern systems programming language called Rust. This is known for its proper handling of RAM. This prevents common Flash security issues like buffer overflows and other exploits that dogged Flash Player.

The server-side version of Ruffle we use here on GarfNet was compiled to WebAssembly and runs inside a modern browser’s “sandboxed” environment. This adds an extra security layer because it isolates the emulator from direct access users’ systems. Ruffle is also compiled at build time, thus eliminating a whole class of vulnerabilities. There is no “just-in-time” (JIT) Compilation: Unlike Adobe Flash Player, which used JIT and was vulnerable to attack in runtime compilation, 

The embedded code it supports is limited too. At time of writing, Ruffle currently supports ActionScript versions 1 and 2, with only partial support for ActionScript 3.0. This limits the “attack surface” from more complex scripting features that might have vulnerabilities. Importantly , Macromedia and Adobe Flash were both closed source. Whereas Ruffle is open source. Which means that it undergoes continuous review and updates. This improves security and responsiveness to bugs. 

Known issues

While Ruffle is much safer than the old Flash Player, it is still emulating Flash content. This can occasionally be exploited if malicious Flash files are loaded. However GarfNet is using Ruffle in a trusted context, with known good content. All the flash files here on GarfNet are considered safe.

Ruffle is still under development and will likely support all Flash features in the future, especially complex ActionScript 3.0. However this  means that  for the time being, more advanced games will not run. That is not an issue for GarfNet because we don’t have any of those!  Users may also observe that some Flash files may not run as smoothly as they did with the old Macromedia or Adobe Flash. Assuming users can remember back that far, of course. 🙂

More about Ruffle
https://ruffle.rs/

Leave a Reply

Your email address will not be published. Required fields are marked *