Hello, Adobe Flash Player Background Updater (Windows)!

This week was another exciting week for Adobe’s Flash Player: We officially shipped Adobe Flash Player 11.2. One feature that I’m going to highlight today is one that I personally worked on: the Background Updater for Windows.

I wrote a fairly detailed DevNet article about the bits and pieces that make this updater work. It was also mentioned in Peleus Uhley’s blog post, highlighting the impact that this new updater can have on Flash Player Security.

Since the release, I have been scanning forums and reading blog posts about this feature, and I’d like to answer some of the questions that were mentioned there.

1. I’m very interested in the Background Updater, but I’m using Mac OS. When will Adobe release a Background Updater for Mac?

A Background Updater for Mac OS is currently in development and will be released in an upcoming release of Adobe Flash Player.

2. Will I ever get to see a Flash Player notification again that asks me to update Flash Player?

Yes. For new features and/or releases that require the acceptance of new terms of use, Adobe may need to notify users before an installation can be performed.

3. Why does the updater install the service and scheduled task even though I chose the option to disable updates during the installation?

If you chose to turn of all updates, the Background Updater will be turned off! If you are familiar with network analyzing tools, I encourage you to verify that there is no network traffic initiated by the Background Updater service. The scheduled task and the service are being installed in the event that you choose to enable the Background Updater at a later point. As mentioned in my DevNet article, you can do this by going to the Flash Player Settings Manager in the Windows Control Panel.

4. Yet another background updater? Isn’t that consuming a ton of resources?

I’m very happy to say: NO! By using the Windows Task Scheduler, we are able to run the Background Updater only once per hour for a few milliseconds. The Background Updater will usually launch, check if it is time to do an update check and then shut itself down. Only if an update is available will the updater stay running for a longer period of time to allow for the download to complete and the installation to start.

5. I have a third-party tool that tells me that the Background Updater is running every hour. This despite the fact that Adobe claims that after a successful update check, the next check will be deferred for 24 hours. Why?

The fact that the process starts every hour does not mean that it will perform an update check every hour. Rather, it will first check to see if it is time for the next update check. If it isn’t, it will shut itself down again after only a few milliseconds. If you are familiar with network analyzers, I encourage you to verify that there is no network traffic caused by the Background Updater in the 24 hours that the update check is deferred.

6. I have the Background Updater disabled, but the service still starts every hour. Why?

The Background Updater will launch every hour and will check if it is enabled. If it isn’t, no network traffic will ever be generated by the Background Updater and it will shut itself down after only a few milliseconds, saving valuable CPU and memory resources. This allows you to enable the Background Updater from the Flash Player Settings Manager in the Windows Control Panel at a later point without having to reinstall Flash Player.

 

If you have any other questions, please leave them in the comments and I’ll be happy to answer them!

What is Flash? :-)

Today, I thought it would be interesting to remind ourselves what Flash actually is. As the speaker in this video puts it:

“Flash is software that enhances the look, the feel and the interactivity of a medium.”

Enjoy!

Angry Birds on Facebook runs on Flash!

This has obviously been mentioned by many people before, but I think it’s so amazing that it deserves to be mentioned again: Angry Birds on Facebook is running on Flash!

You can play it here: https://www.facebook.com/angrybirds

For people like me who are interested in the technical aspects of why and how Rovio developed Angry Birds for Facebook in Flash, read the very interesting interview with Ville Koskela (Lead Flash Programmer of Angry Birds for Facebook).

Flash Runtime for Gaming

Adobe released a new micro-site this week that focuses on gaming. Here is a sneak peak of the site:

image

http://gaming.adobe.com/

This comes right on the heels of an announcement on the Digital Media blog that Adobe AIR 3.2 has received a huge performance boost.

 

I invite you to go and try it out. Please let me know what you think of the new gaming initiative in the comments!

Flash Game Programming

For people like me who work on the actual Flash Runtime it is sometimes easy to forget how our product is being used. I came across an introduction to Flash Game programming on YouTube today that made me stop and think for a moment. Believe it or not, I suddenly realized how easy it is to get a basic game up and running in Flash. Crazy, right? Here’s the video:

 

 

I thought this was a neat little game that demonstrated the basics of game programming in Flash quite well. Knowing that there are very advanced games in Flash too, it sure seems like Flash allows everybody to develop games that match their skill set. One of my favorite games is Zombie Tycoon:

 

zombie-tycoonhttp://molehill.zombietycoon.com/

Have you coded your own game in Flash yet? Smile

The passion that is Project Euler

Recently, I was made aware of a website called Project Euler through a friend. One of his status updates on a popular social networking site showed a screen shot of his progress. Having spent a considerable amount of time in Switzerland and Swiss schools as a child, the name Euler was quite familiar to me. I decided to click on the link on his status update, something that I rarely do. I did not regret it.

project_euler

See, Project Euler is a website that allows you to work on various algorithmic problems and track your progress. You can use any programming language that you want, since the answers to the problems are always a single number that you type in a text box. If you have the patience, you could actually solve some of the problems with paper and pencil, which is great.

 

I was quite impressed when I realized that a total of 369 problems were available for people to work on. On my train ride back from work (I regularly commute between San Jose and San Francisco), I decided to give it a shot. In a span of half an hour, I solved 3 problems and I was hooked. It was a Friday, and the weekend was spent on Project Euler problems. It was great fun, but I started to wonder why these problems are so exciting to work on.

 

I’m sure that everybody has their own reasons. For me personally, I believe that the most exciting part of it is that I get to work on very isolated problems. When writing code for work, the most important thing to keep in mind is usually security, followed by modularity/reusability, maintainability etc. With the Project Euler problems however, it is okay to solve just the problem at hand. If I need to operate on an array of size 100, I know that it will always be of size 100 simply because I write all the code from scratch for every single problem. It makes coding fun, and when I’m back to writing safe, reusable and maintainable code, I feel less bored.

 

Working on these problems has obviously many more benefits to us Software Development Engineers than just the fact that it gives us a nice way to unwind: One night I was working on a problem that required me to scan and format a long string of ASCII characters. Since I had become a bit rusty with the string formatters for scanf(), I decided to invest the time and read up on them before solving the problem. The most exciting thing happened the next day at work however: I had to write a routine that could scan a bunch of text using scanf()! Smile

 

I’m wondering: Are you familiar with Project Euler? If yes, do you consider yourself passionate about solving the problems? What are your reasons for liking/disliking Project Euler? Are there any other websites like this that you’re aware of?

 

I’d be curious to read your thoughts in the comments section!

Adobe Flash Player for Firefox gets a sandbox

This week is quite an exciting one: Adobe has officially released a pre-release version of Flash Player for Firefox with a sandbox. The concept of a sandbox, or protected mode, has been around for many years, but it is fair to say that Google Chrome’s sandbox has helped make this concept better known among end-users. Another product that has successfully implemented a sandbox is Adobe Reader X: We have yet to hear about a case where an exploit was able to break out of the sandbox.

The fact that the Reader sandbox held up so far is a good indicator that the Flash Player version could hold up for some time as well. Let’s keep our fingers crossed. Fingers crossedSmile

A sandbox is supposed to lock an application into a restricted space so that even if a vulnerability is found in the software, it cannot be exploited to do damage on the system. So if you were to visit a website that is hosting a malicious Flash file, it will not actually be able to break out of Flash Player’s sandbox and do damage to the system. Creating a sandbox is usually achieved by dropping the application to a low-integrity process. Being low-integrity, it can’t access the system in uncontrolled ways.

Peleus Uhley wrote some very interesting blog posts on sandboxing that go into a little more technical detail:

http://blogs.adobe.com/asset/2012/02/flash-player-sandboxing-is-coming-to-firefox.html

http://blogs.adobe.com/asset/2010/12/the-year-of-the-sandbox-isnt-over-yet.html

I encourage everyone to give the pre-release a shot and try the sandbox out for yourself. If you run into any issues with Protected Mode for Flash Player, please feel free to leave your feedback in the pre-release forums.

If you are a security researcher and you have feedback that is valuable to our security minded folks at Adobe, please use one of our security notification methods.

New blog in town

I’d like to take a moment to welcome everybody to my new blog. The goal of this blog will be to give a bit of insight into some of the solutions that we’re developing here at Adobe, but also to discuss some general problems in computer science and software development. You are invited and encouraged to share your opinion in the comments. Should you read about topics that you’re actively working on yourself, or if you have experience that would be beneficial to other people, don’t hesitate to share.

With this being said, let’s get started!