Jump to content

Why are Flash puzzles allowed?


fizzymagic

Recommended Posts

Another horrible Flash-based puzzle came out in my area.  I am astonished that they are still allowed!  Without any disclaimer, even!

 

Adobe Flash is known to be insecure and is a potential malware vector.  Most modern browsers don't even support it.  Why is it still allowed on cache pages?  And, even if it is allowed, by is no warning required, as it is for downloading any other media type?

 

More inormation here, if you are not familiar with the multitude of problems caused by Flash.

  • Upvote 3
Link to comment

While I appreciate fizzymagic's warnings about Flash, the Puzzle I assume he's talking about offers an HTML-5 implementation to solve the puzzle if Flash is disabled. The HTML-5 approach is experimental, but it worked fine. About the biggest complaint I can see is that the puzzle site the CO used tries to invoke Flash first before offering the HTML-5 implementation. It's easy to see the "run Flash" screen and give up right away without noticing the "or else try our experimental HTML-5 implementation" that comes up after a pause if you don't immediately allow Flash to run.

  • Helpful 1
Link to comment
15 hours ago, fizzymagic said:

Another horrible Flash-based puzzle came out in my area.  I am astonished that they are still allowed!  Without any disclaimer, even!

 

Guidelines do not allow creating caches which requires installation of additional programs like Flash player. In this case the problem is that you have already installed Flash player. Uninstall Flash player and your problem is solved. As you already stated the program is insecure and should not be used. Many sites are automatically using HTML5 when Flash is not available.

 

 

 

Link to comment
3 hours ago, arisoft said:

 

Guidelines do not allow creating caches which requires installation of additional programs like Flash player. In this case the problem is that you have already installed Flash player. Uninstall Flash player and your problem is solved. As you already stated the program is insecure and should not be used. Many sites are automatically using HTML5 when Flash is not available.

 

Don't worry.  I do not have Flash installed.  As dprovan stated, there was an "experimental" HTML5 version; however, I don't think it is good form to be putting out puzzles where the solver is warned that the non-Flash may not work properly.

 

I reality, even if there were not the Flash issue, I dislike this kind of puzzle.  IMO, it is a lazy CO that puts out a puzzle that requires minimal effort on their part. 

 

But that's not why I am complaining.  Believe me, there are lots and lots of other bad puzzles out there that don't use Flash!

Link to comment
4 hours ago, fizzymagic said:

Don't worry.  I do not have Flash installed.  As dprovan stated, there was an "experimental" HTML5 version; however, I don't think it is good form to be putting out puzzles where the solver is warned that the non-Flash may not work properly.

 

It works very well. The warning has been there already some years and I have experienced no issues during this time. We have a similar warning in the Geocaching.com Disclaimer

 

Quote

While every effort is made to ensure the accuracy of this information, portions may be incorrect or not current. Any person or entity that relies on information obtained from Geocaching.com does so at his or her own risk.

 

If you dare to use this site despite of this warning you may dare to play some puzzles :D

Link to comment
5 hours ago, fizzymagic said:

I reality, even if there were not the Flash issue, I dislike this kind of puzzle.  IMO, it is a lazy CO that puts out a puzzle that requires minimal effort on their part. 

 

I agree. COs using one or more puzzles on every new cache are doing it with minimal effort. For some peculiar reasons, players are very interested in these puzzles. I guess that about every other new mystery cache contains these puzzles.

 

This is a similar issue as power trails. I do not like them but they are very popular. My own record is 200 puzzles with 530 pieces each, solved in one day. (Because of FTF hunt ;))

Link to comment
2 hours ago, funkymunkyzone said:

 

And yet all of which involve at least slightly more effort than a traditional hide.  Should we diss all trad hiders too?

 

Actually, no, they do not require more effort than a traditional hide.  At least, not more than a good traditional hide.

 

I don't want to stray too far from the topic (which is not about the quality of puzzles as much as a guideline issue), but the issue here is not one of some absolute effort, but rather of asymmetry of effort -- the amount of effort invested by the hider vs. the amount of effort expected of the finder.

 

What would you think of a traditional hider who consistently threw nanos into random piles of wood in the middle of the forest, and then just grabbed approximate coords from their GPS?  The cache would be approximately impossible to find, yet the effort invested into hiding it was practically nil. Think of a well-thought-out puzzle as similar to carefully crafted camo.  We appreciate it when it's done well, and wish for better when it's not. 

  • Upvote 4
Link to comment
3 hours ago, fizzymagic said:

 

Actually, no, they do not require more effort than a traditional hide.  At least, not more than a good traditional hide.

How convenient of you to compare a hypothetical poorly hidden puzzle with a hypothetical "good traditional hide" to prove how wonderful trads are vs whatever puzzle you don't like.  Well done.

 

3 hours ago, fizzymagic said:

I don't want to stray too far from the topic (which is not about the quality of puzzles as much as a guideline issue), but the issue here is not one of some absolute effort, but rather of asymmetry of effort -- the amount of effort invested by the hider vs. the amount of effort expected of the finder.

 

What would you think of a traditional hider who consistently threw nanos into random piles of wood in the middle of the forest, and then just grabbed approximate coords from their GPS?  The cache would be approximately impossible to find, yet the effort invested into hiding it was practically nil. Think of a well-thought-out puzzle as similar to carefully crafted camo.  We appreciate it when it's done well, and wish for better when it's not. 

I think you're just saying you don't like these types of puzzles.  Good for you, you don't have to.  Some people like some puzzles, and some don't.  We are all different and that's a wonderful thing.

 

But I think the suggestion that a good puzzle is one only where the puzzle creator goes to some extraordinary effort in order to create it is absurd.  A good puzzle is simply a good puzzle that finders enjoy... and if they don't, well, then see above.  Your comparison with a nano randomly thrown in a woodpile... well, sentences, words, but really nothing else in common.  Best to get back on topic of guidelines instead of judgy judgy...

  • Upvote 3
Link to comment

You are correct. I am being judgy. And hypocritical because I have long advocated being appreciative for whatever a CO does since it is free.  I should never have injected  my opinions and personal taste into this thread. As has been pointed out, I can choose to ignore what I don't like.  My apologies.

  • Upvote 2
  • Love 1
Link to comment

But the original question remains: Why are Flash puzzles allowed to be created? Or, more generically, why allow puzzles that use out-of-date and vulnerable applications and protocols allowed?

 

The way I see it, we have two issues. The first is cache creation, and the second is on-going changes. I also don't see an easy solution, nor do I even see a solution that doesn't have the potential to create more problems than it solves.

 

We could ask the reviewers to reject caches that use Flash. But that would add to the reviewers up front work load. In this case, technically the cache listing does not contain any flash requirements. It links to a third party web site that does. And, there is a non-Flash option. How far would the reviewer need to look for Flash (or other dis-allowed applications)? Do they dis-allow it, or require the CO to add a warning to the cache description? 

 

And, what happens over time? The third party web site might change over to HTML5, and remove Flash entirely. That wouldn't be bad. But what if they went the other way, and removed all non-Flash options?

 

So, GS might want to try to limit their liability, and add a warning that you are accessing a web site not controlled by GS when you click on the link. I have no idea what this would take to implement.

 

Another thought is to 'crowd source' the security. Allow the cache to be created with minimal inspection. And, allow for a cache to be archived because of links in the description to insecure applications. A cacher could log a NA, and the reviewer can take it from there. Although, more properly, it should be a NM log, as the CO may be able to find a more secure application. I can see a few cans of worms issues with this idea, but it is the best that I can come up with. Having the warning above, and a list of dis-allowed applications, would limit some of the problems.

  • Upvote 1
Link to comment
19 hours ago, fizzymagic said:

 

What would you think of a traditional hider who consistently threw nanos into random piles of wood in the middle of the forest, and then just grabbed approximate coords from their GPS?  The cache would be approximately impossible to find, yet the effort invested into hiding it was practically nil. Think of a well-thought-out puzzle as similar to carefully crafted camo.  We appreciate it when it's done well, and wish for better when it's not. 

The cleverest puzzle in the world is no guarantee  that the cache will be anything special or any better (or worse) than a traditional.

Link to comment
3 hours ago, Wet Pancake Touring Club said:

But the original question remains: Why are Flash puzzles allowed to be created? Or, more generically, why allow puzzles that use out-of-date and vulnerable applications and protocols allowed?

 

Just to add a couple more questions...  Is it really an issue?  Yes Flash is software that needs to be downloaded at some point, but then so is a browser.  Many people optionally download Firefox to browse cache pages themselves (and obviously the rest of the internet too).  Flash is just something that people can optionally download too.  So is it an issue, and if so, why, what makes it different to other internet browsing software and extensions etc that people download onto their computers in order to browse the internet the way they want?

Edited by funkymunkyzone
  • Helpful 1
Link to comment
46 minutes ago, funkymunkyzone said:

 

Just to add a couple more questions...  Is it really an issue?  Yes Flash is software that needs to be downloaded at some point, but then so is a browser.  Many people optionally download Firefox to browse cache pages themselves (and obviously the rest of the internet too).  Flash is just something that people can optionally download too.  So is it an issue, and if so, why, what makes it different to other internet browsing software and extensions etc that people download onto their computers in order to browse the internet the way they want?

 

Because Flash is uniquely well-suited as a malware carrier.  The major browsers no longer support it; you can't even view Flash if you use the newest version of Firefox. 

  • Upvote 3
Link to comment
8 hours ago, Wet Pancake Touring Club said:

But the original question remains: Why are Flash puzzles allowed to be created? Or, more generically, why allow puzzles that use out-of-date and vulnerable applications and protocols allowed?

<...>

We could ask the reviewers to reject caches that use Flash. But that would add to the reviewers up front work load. In this case, technically the cache listing does not contain any flash requirements. It links to a third party web site that does. And, there is a non-Flash option. How far would the reviewer need to look for Flash (or other dis-allowed applications)? Do they dis-allow it, or require the CO to add a warning to the cache description? 

As far as I know reviewers do click links in cache listings, so that's not really adding to work load - I had one rejected due to a linked website using ads. Flash is generally pretty obvious these days I'd say.

 

Perhaps there needs to be a move towards gently discourage the use of flash in cache listings through guidelines. Chrome plans to stop supporting it at all next year and there's a strong possibility Adobe will stop updating it at the same time. It's dead technology but we're supposed to be placing caches with a long life expectancy. Time to move on from this technology.

  • Upvote 1
Link to comment
1 minute ago, Blue Square Thing said:

Flash is generally pretty obvious these days I'd say.

 

I no longer have flash on any device (Android, Win 10, Istuff).  Puzzles I've done for more than the last year always offered (or default) to HTML5. So it seems like a non-issue if flash is allowed, I can't remember when I saw a website (puzzle or other) where it was "needed", it must be a long time ago.

 

Link to comment
5 hours ago, on4bam said:

I no longer have flash on any device (Android, Win 10, Istuff).  Puzzles I've done for more than the last year always offered (or default) to HTML5. So it seems like a non-issue if flash is allowed, I can't remember when I saw a website (puzzle or other) where it was "needed", it must be a long time ago.

 

I must agree. The cache do not require to install Flash player. The security issue is self-inflicted by installing the vulnerable application.

 

Earlier it was allowed to use Java-based applications. When I tried to publish my Java-based cache, the reviewer told me that Java has been recently banned but I can publish the cache with Java application if it has an alternative solution which is not based on Java. Here is the same situation. If you don't have Flash installed the alternative solution is HTML5.

Link to comment
1 hour ago, arisoft said:

 

I must agree. The cache do not require to install Flash player. The security issue is self-inflicted by installing the vulnerable application.

 

Earlier it was allowed to use Java-based applications. When I tried to publish my Java-based cache, the reviewer told me that Java has been recently banned but I can publish the cache with Java application if it has an alternative solution which is not based on Java. Here is the same situation. If you don't have Flash installed the alternative solution is HTML5.

 

If someone creates an application that uses HTML5 (which is basically HTML + CSS + Javascript) it unlikely that they're going to also maintain a version that uses Flash.  Likewise, someone that has developed an an application that uses Java in the client probably wouldn't have an alternative solution in some other client side programming language.  

  • Upvote 1
Link to comment
3 hours ago, NYPaddleCacher said:

If someone creates an application that uses HTML5 (which is basically HTML + CSS + Javascript) it unlikely that they're going to also maintain a version that uses Flash.  Likewise, someone that has developed an an application that uses Java in the client probably wouldn't have an alternative solution in some other client side programming language. 

 

True, but in this case the CO has managed to solve this problem as I did earlier. I know only that Java has been banned. Reviewers should know if Flash has been banned also.

Link to comment
On 8/13/2019 at 5:00 AM, funkymunkyzone said:

 

Just to add a couple more questions...  Is it really an issue?  Yes Flash is software that needs to be downloaded at some point, but then so is a browser.  Many people optionally download Firefox to browse cache pages themselves (and obviously the rest of the internet too).  Flash is just something that people can optionally download too.  So is it an issue, and if so, why, what makes it different to other internet browsing software and extensions etc that people download onto their computers in order to browse the internet the way they want?

I think it's time to outlaw Flash. It was officially announced that the function of all flash players will be forcibly terminated at the end of 2020. This means that on January 1, 2021, it will not be possible to solve these mysteries. Although it is a long-known fact, why are new and new caches using this technology still being

approved?

Some browsers are already blocking Flash and these animations cannot be run on them.

Edited by Arne1
  • Upvote 2
Link to comment

For those more knowledge about Flash than me, and that would most everyone, are you referring to Adobe Flash Player and associated apps? I have then app in my Application folder with Adoice Flash in there names. Four  are dmg,  twoe a install,mamager, some plugins, some Pepper Flash and plug ins. Recommend deleting? Using a Mac computer.

Link to comment
2 hours ago, Arne1 said:

why are new and new caches using this technology still being

approved?

Are they?  generally i see puzzles where Flash is an option, sometimes the  obvious option, but other options exist.  

 

If you're aware of a new cache where the puzzle requires running Adobe Flash on your home computer, you could email the cache owner, or the publishing reviewer, or log NA on the cache.

I'd be a bit of shy of doing any of these, until/unless I was absolutely certain that running Flash on my machine was required.  I'd start with a simple query to the cache owner.

Edited by Isonzo Karst
Link to comment
4 hours ago, Arne1 said:

I think it's time to outlaw Flash. It was officially announced that the function of all flash players will be forcibly terminated at the end of 2020. This means that on January 1, 2021, it will not be possible to solve these mysteries.

Yes it will, because in the case of the OP flash is not required in order to solve the puzzle because that website provides a non-flash alternative.

 

I think the issue here would be solved if cache listing that make use of that puzzle website inform people beforehand that flash isn't required, and to use the HTML5 alternative, at least as long as the Flash version of the interface is the most prominent on that website.

 

Honestly, this particular context is a non-issue. If that website ONLY offered a flash interface, the cache should be (and I believe would be) denied publication.

 

And this, was also almost year thread bump.

Link to comment
6 hours ago, Arne1 said:

I think it's time to outlaw Flash. It was officially announced that the function of all flash players will be forcibly terminated at the end of 2020. This means that on January 1, 2021, it will not be possible to solve these mysteries. Although it is a long-known fact, why are new and new caches using this technology still being approved?

The guidelines seem to define "temporary" as a cache intended to stay active "for fewer than three months".

 

If Flash puzzle caches are still being published in October, then I think it's fair to question why they're still being published. But a Flash puzzle cache published today could have a six-month run, which seems to comply with the guidelines just fine.

Link to comment
4 hours ago, niraD said:

The guidelines seem to define "temporary" as a cache intended to stay active "for fewer than three months".

 

If Flash puzzle caches are still being published in October, then I think it's fair to question why they're still being published. But a Flash puzzle cache published today could have a six-month run, which seems to comply with the guidelines just fine.

 

Flash is a horrible security risk and is responsible for a great deal of malware.  I guess I fail to understand how that complies with the guidelines.

  • Upvote 1
Link to comment
6 minutes ago, on4bam said:

I haven't seen Flash puzzles for a long time. I don't have flash on any computer either and all jigsaw puzzles I did either automatically switched to HTML5 or showed a link to the HTML5 version.

 

 

And I suspect that other than the format, the puzzle is the same.  In other words, it's not the payload (the puzzle) that is the security risk, but the player required to play it.  

 

 

Link to comment
1 hour ago, colleda said:

Pardon my ignorance but what are Flash puzzles so that I can avoid them?

 

They were animated games that required "Adobe Flash Player", a "plug-in" for web browsers.  Modern browsers don't have the plug-in, so you'll probably just see an error if you try to open a Flash puzzle.  It's unlikely that you'd be able to run Flash without specifically setting it up and enabling it. 

More info is here:  https://www.zdnet.com/article/adobe-wants-users-to-uninstall-flash-player-by-the-end-of-the-year/

 

flash-1.jpg

 

 

Edited by kunarion
  • Helpful 1
Link to comment
20 minutes ago, kunarion said:

 

They were animated games that required "Adobe Flash Player", a "plug-in" for web browsers.  Modern browsers don't have the plug-in, so you'll probably just see an error if you try to open a Flash puzzle.  It's unlikely that you'd be able to run Flash without specifically setting it up and enabling it. 

More info is here:  https://www.zdnet.com/article/adobe-wants-users-to-uninstall-flash-player-by-the-end-of-the-year/

 

flash-1.jpg

 

 

OK, good, thanks.

Link to comment

And most commonly, the security risks were due to hidden code provided in the flash source. If you ran Flash from a trusted source, it's extremely unlikely there'd be any security risk. Which is not to say it would be impossible for other malware to piggyback on the browser plugin, but it's pretty safe to say that flash from a trusted source is okay to run. However, it is extremely outdated, and HTML5 can accomplish much the same that Flash can, and is relatively standard and browser supported. Which is why the structure of a game offered in both Flash and HTML5 can be pretty much identical.

 

But being no longer supported or recommended, geocaches cannot require (and this is the key) Flash to solve. And as this thread was bumped from long ago about a puzzle website that allows an HTML5 alternative, the answer is clear - flash puzzles aren't still allowed. And the jigsaw puzzle caches using said website aren't exclusively "flash puzzles", thus they are allowed.

  • Upvote 1
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...