December 15, 2008
Privileged Modules: HOWTO validate signatures
In previous blog posts and presentations, I've talked about the need to do signature validation before importing a module into an AIR application. People asked for specifics, but I haven't managed to figure out all the details and document them well enough for common use.
Luckily, Charles "Joe" Ward has figured it out. Joe's article on the Developer Center walks us through the steps needed to validate the signature of a resource, and how to sign the resource in the first place using ADT or our own Java code.
Using these techniques, it's possible to load privileged modules into your AIR app. Download the module files (SWFs, say) along with their signature files. Store them somewhere local (app-storage: is good, app: is bad). Validate that they're really the modules you developed and signed, then import them (using loadBytes() with allowLoadBytesCodeExecution enabled).
Read "Creating and validating XML signatures".
Posted by emalasky at 09:21 AM | Comments (1)
November 21, 2008
MAX2008: Maintain Security With Adobe AIR
That was the title of the session I did with Peleus Uhley on Wednesday. It's always fun to talk about security, especially with such an informed audience. Hopefully it was fun for them, too.
It's taken longer than I'd hoped but the slides are available here as PDF.
Or, just check them out below!
Posted by emalasky at 06:43 PM | Comments (4)
October 11, 2008
Adobe AIR Supports XSLT
The internet is funny. Things get written, then cross-referenced, then indexed by mammoth search engines. Later, when the truth changes, the old postings stay around in various indexes.
So, if you did a search for "Adobe AIR XSLT" via your favorite search engine, you'd be forgiven for thinking that AIR doesn't yet support client-side XSLT.
But the vast majority of those pages were from August 2007, when AIR was still in Beta. By the time AIR 1.0 launched in 2008, XSLT support was enabled.
So yes: Adobe AIR Supports XSLT!
I've only seen one blog post about this truth, by my co-worker Brian Riggs, who works on Adobe Media Player.
Please, read his post, link to it, and link to this one. Together, we can change the search engines!
Posted by emalasky at 01:08 PM | Comments (1)
June 23, 2008
Slides from my onAIR talk
I've gone more in depth into security and injection attacks before. But sometimes, it's nicer to see everything boiled down into a few slides.
Here, then, are the security slides from my onAIR presentation (PDF). You may see some familiar diagrams...
For more detailed information on how application upgrade really works, check out this trio of posts that Serge Jespers did.
Posted by emalasky at 10:50 PM | Comments (2)
June 17, 2008
Quick, Cool Links
There's been a lot going on lately, even without counting a great week with the onAIR tour in Europe. Each of these deserve a full post with captivating details and insider insight. But instead I'm going for partial credit, just getting everything out there.
AIR 1.1
AIR 1.1 went live last night, bringing international and localization support to AIR. This means that users get an application install experience best suited to their language, and developers can craft apps that are similarly localized. Christian and Jeff wrote articles showing how to do just that; check out the AIR Developer Center.
Update Framework
It's crucial for applications to be able to update themselves. Users expect seamless growth as new functionality is added. Update is also a security safety valve. If an application has a vulnerability, it can update itself to a safe, patched version. Serge Jespers gave a great presentation about update for the onAIR tour.
Now there's a new Update Framework available on Adobe Labs, making it even easier to do the right thing.
Security Talk
In Warsaw last week, Kevin Hoyt was nice enough to tape my talk on security. Yesterday, he made the audio available on his blog.
I can't say enough about how educational and fun the onAIR tour was. The attendees' engagement and expertise was really humbling. Developers are digging deep into AIR and pushing it to the limit, while suggesting great improvements to make development more and more elegant. The evangelists are always great to talk to, and are even greater to travel with.
AIR Cookbook
I just learned about the AIR Cookbook on the developer center. This is a great place for people to share the "recipes" they've created for working with AIR. After seeing some excellent techniques in action the other week, I'm sure the cookbook will become a valuable tool for developers of all levels. Delicious!!
Posted by emalasky at 11:18 PM | Comments (0)
May 29, 2008
One week with the onAIR Tour in Europe
I'm posting this from the beautiful city of Stockholm, Sweden. This week I'll be traveling with Mike Chambers, Ryan Stewart and the rest of the onAIR crew.
My presentation is an introduction to building security applications in AIR. The first leg of the tour is sold out, and I'm totally excited to be presenting to a full house. If you're coming to the events in Stockholm, Berlin, or Warsaw, say hi. I want to use this opportunity outside my cube to meet the developers who give meaning to the platform.
Posted by emalasky at 12:10 AM | Comments (1)
April 14, 2008
Remote Plugins and Modules in AIR
I've been getting a lot of questions about how to use remote "modules" in AIR. "Modules" is in quotes because it can mean different things. In every case, it refers to running some SWF or HTML/JS content that is loaded at runtime from the network. The difference are in how the content is loaded and how an application can communicate with it.
Depending on the specifics of the modules you want to load there are different options about how to load and communicate with the content. Let's explore the options!!
Continue reading "Remote Plugins and Modules in AIR"
Posted by emalasky at 12:53 AM | Comments (21)
March 30, 2008
AIR for Linux -- users and developers
Two big announcements on the Adobe + Linux front today. A public alpha of AIR and a new rev of Flex Builder.
For years I've been toying with the theory that Linux hasn't caught on in the consumer desktop space because the apps users expect to run don't run there. And the apps don't run there because developers need to learn different styles to develop Linux apps. There's different distros and packaging requirements, wide variance in window managers, etc, etc.
Sure, the rise of Wine kind of undermines the whole theory. But it adds an extra wrinkle: virtualized apps are cool, but a little bit weird. I'm hooked on virtualized OSes for daily life, but I still feel like they're not really playing well with others.
Anyway, the ability to develop Linux apps using AIR is a big step. Developers can write these apps on any OS. And just as cool, developers who love what Linux offers for their own work productivity can create AIR apps that run on Mac and Win as well. Same .air file, any OS.
So try out the Linux tools and file some bugs!! It's the best way to get quality where we all want it to be.
Posted by emalasky at 09:30 PM | Comments (0)
March 11, 2008
European Vacation
This is going to be fun. Hot on the heels of shipping AIR 1.0, I've been given approval to join some excitable evangelists and other eloquent luminaries on the AIR Tour in Europe.
For one week in June, I'll join the tour, presenting in Stockholm, Berlin and Warsaw. It's always a blast to meet the developers who are pushing the envelope of rich apps. And it'll be especially fun meeting them in parts of the world that are entirely new to me. From this desk, it's sometime hard to feel the true scale of a global community.
I just need to find someone to keep an eye on my cube....
Posted by emalasky at 07:30 PM | Comments (0)
February 24, 2008
AIR 1.0 is Live
It's been years in the making, but AIR 1.0 has left the building!
I'm so proud to have been a part of the development of the product. And it's unbelievably exciting to see how many people are excited about the possibilities for rich cross platform internet applications on the desktop.
This product would not have been possible without the devotion of the community, who labored always to keep us on target. From early on, we had pros like the inimitable Mike Chambers reaching out to the community to show that the team was listening, and reaching into Adobe to make sure that the team really was.
Now that the bits are live, the big challenge begins for everyone -- show the world how great experiences can make a difference.
Posted by emalasky at 11:08 PM | Comments (1)
