New TabSample App

The TabSample app I posted three years ago has gone horribly stale.
Here’s a new version, with no additional features other than compiling nicely with the Flex 4 SDK.
Thanks to xbrotherx on the AIR Forum for caring enough to post about it!

Privileged Modules: HOWTO validate signatures

In previous blog posts and presentations, I’ve talked about the need to do signature validation before importing a module into an AIR application. People asked for specifics, but I haven’t managed to figure out all the details and document them well enough for common use.
Luckily, Charles “Joe” Ward has figured it out. Joe’s article on the Developer Center walks us through the steps needed to validate the signature of a resource, and how to sign the resource in the first place using ADT or our own Java code.
Using these techniques, it’s possible to load privileged modules into your AIR app. Download the module files (SWFs, say) along with their signature files. Store them somewhere local (app-storage: is good, app: is bad). Validate that they’re really the modules you developed and signed, then import them (using loadBytes() with allowLoadBytesCodeExecution enabled).
Read “Creating and validating XML signatures”.

MAX2008: Maintain Security With Adobe AIR

That was the title of the session I did with Peleus Uhley on Wednesday. It’s always fun to talk about security, especially with such an informed audience. Hopefully it was fun for them, too.
It’s taken longer than I’d hoped but the slides are available here as PDF.

UPDATE 2012/05/28: Updated the link to the PDF, which got busted in blog migration.

Adobe AIR Supports XSLT

The internet is funny. Things get written, then cross-referenced, then indexed by mammoth search engines. Later, when the truth changes, the old postings stay around in various indexes.
So, if you did a search for “Adobe AIR XSLT” via your favorite search engine, you’d be forgiven for thinking that AIR doesn’t yet support client-side XSLT.
But the vast majority of those pages were from August 2007, when AIR was still in Beta. By the time AIR 1.0 launched in 2008, XSLT support was enabled.
So yes: Adobe AIR Supports XSLT!
I’ve only seen one blog post about this truth, by my co-worker Brian Riggs, who works on Adobe Media Player.
Please, read his post, link to it, and link to this one. Together, we can change the search engines!

Slides from my onAIR talk

I’ve gone more in depth into security and injection attacks before. But sometimes, it’s nicer to see everything boiled down into a few slides.
Here, then, are the security slides from my onAIR presentation (PDF). You may see some familiar diagrams…
For more detailed information on how application upgrade really works, check out this trio of posts that Serge Jespers did.

Quick, Cool Links

There’s been a lot going on lately, even without counting a great week with the onAIR tour in Europe. Each of these deserve a full post with captivating details and insider insight. But instead I’m going for partial credit, just getting everything out there.

AIR 1.1

AIR 1.1 went live last night, bringing international and localization support to AIR. This means that users get an application install experience best suited to their language, and developers can craft apps that are similarly localized. Christian and Jeff wrote articles showing how to do just that; check out the AIR Developer Center.

Update Framework

It’s crucial for applications to be able to update themselves. Users expect seamless growth as new functionality is added. Update is also a security safety valve. If an application has a vulnerability, it can update itself to a safe, patched version. Serge Jespers gave a great presentation about update for the onAIR tour.
Now there’s a new Update Framework available on Adobe Labs, making it even easier to do the right thing.

Security Talk

In Warsaw last week, Kevin Hoyt was nice enough to tape my talk on security. Yesterday, he made the audio available on his blog.
I can’t say enough about how educational and fun the onAIR tour was. The attendees’ engagement and expertise was really humbling. Developers are digging deep into AIR and pushing it to the limit, while suggesting great improvements to make development more and more elegant. The evangelists are always great to talk to, and are even greater to travel with.

AIR Cookbook

I just learned about the AIR Cookbook on the developer center. This is a great place for people to share the “recipes” they’ve created for working with AIR. After seeing some excellent techniques in action the other week, I’m sure the cookbook will become a valuable tool for developers of all levels. Delicious!!

One week with the onAIR Tour in Europe

I’m posting this from the beautiful city of Stockholm, Sweden. This week I’ll be traveling with Mike Chambers, Ryan Stewart and the rest of the onAIR crew.
My presentation is an introduction to building security applications in AIR. The first leg of the tour is sold out, and I’m totally excited to be presenting to a full house. If you’re coming to the events in Stockholm, Berlin, or Warsaw, say hi. I want to use this opportunity outside my cube to meet the developers who give meaning to the platform.

Remote Plugins and Modules in AIR

I’ve been getting a lot of questions about how to use remote “modules” in AIR. “Modules” is in quotes because it can mean different things. In every case, it refers to running some SWF or HTML/JS content that is loaded at runtime from the network. The difference are in how the content is loaded and how an application can communicate with it.
Depending on the specifics of the modules you want to load there are different options about how to load and communicate with the content. Let’s explore the options!!

Continue reading…

AIR for Linux — users and developers

Two big announcements on the Adobe + Linux front today. A public alpha of AIR and a new rev of Flex Builder.
For years I’ve been toying with the theory that Linux hasn’t caught on in the consumer desktop space because the apps users expect to run don’t run there. And the apps don’t run there because developers need to learn different styles to develop Linux apps. There’s different distros and packaging requirements, wide variance in window managers, etc, etc.
Sure, the rise of Wine kind of undermines the whole theory. But it adds an extra wrinkle: virtualized apps are cool, but a little bit weird. I’m hooked on virtualized OSes for daily life, but I still feel like they’re not really playing well with others.
Anyway, the ability to develop Linux apps using AIR is a big step. Developers can write these apps on any OS. And just as cool, developers who love what Linux offers for their own work productivity can create AIR apps that run on Mac and Win as well. Same .air file, any OS.
So try out the Linux tools and file some bugs!! It’s the best way to get quality where we all want it to be.

European Vacation

This is going to be fun. Hot on the heels of shipping AIR 1.0, I’ve been given approval to join some excitable evangelists and other eloquent luminaries on the AIR Tour in Europe.
For one week in June, I’ll join the tour, presenting in Stockholm, Berlin and Warsaw. It’s always a blast to meet the developers who are pushing the envelope of rich apps. And it’ll be especially fun meeting them in parts of the world that are entirely new to me. From this desk, it’s sometime hard to feel the true scale of a global community.
I just need to find someone to keep an eye on my cube….