Flash was discontinued because Adobe couldn't keep up with the security problems. Is there any expectation that the same won't be true with Ruffle? Perhaps Ruffle doesn't try to do all the powerful/unsafe things that Adobe tried to have Flash do?
My guess: Flash required installing a native host and browser plugins, while this runs in the browser sandbox which is generally considered very safe (much safer than Flash)
I’m too young to understand how plugin architecture worked for old browsers (flash, java, what else am I forgetting).
I’m guessing it was some horrible unsafe C interrop mess with close ties to the kernel. Or maybe there was no samdboxing and security built in like there is these days.
Anyone able to shed some light on how it worked and why it was so easy to exploit flash and therefore the whole system? Was it the same for Java applets?
The main way Rust helps with security normally doesn't especially apply. The main feature of Rust that Ruffle takes advantage of is just that it can compile to WebAssembly. So it runs in the same browser VM other modern web content does. Thus inheriting all that sandboxing and security. So idt Rust deserves the credit here.
I know, but it also exists as a native desktop app. And I suppose if there are any remaining native plugin interfaces in modern browsers, it can also potentially become a browser plugin.
