About the 16 Months Flash Crash Bug

February 9th, 2010

Recently, reports of an old bug in the Flash Player surfaced again. Claiming this bug, that enabled a developer to crash the player, were already reported 16 months ago and still hasn’t been fixed. I remember this bug from when it first surfaced and was surprised that it wasn’t fixed yet.

I had also written about 2 reproducible ways to crash the player, both were fixed by Adobe since then. I don’t remember how fast the fixes were issued but I guess it was on the next dot version.

This is definitely bad, a developer shouldn’t be able to crash the player. But, lets put this into proportion, this isn’t the crashes Steve Jobs is talking about. It unlikely that you stumbled upon this crash and if you did it wasn’t by accident, someone was messing with your player. Again, no one should have the option to crash our player/browser while we browse the web. But, It’s unlikely that this bug, which require some specific and uncommon ways from Flash to interact with the server was ever involved.

Posted in Adobe Flash, Apple, Flash General, Flash Security, iPad, iPhone | No Comments »

Kiss And Tell What Is The User Browsing Mode

January 25th, 2010

To know if the user is currently in normal or private browsing mode can be valuable info for any ads providers and spammers, but not only.

With the upcoming Flash Player 10.1 (currently in beta 2) there are many welcome improvements. One of these is the support for private browsing as described in this article.

For me, one thing that  immediately jumped out from the aforementioned article was that, unintentionally, with the aid of the new Beta Flash Player, websites can tell which mode the user is currently using.

“…in private browsing with default settings, the default local storage limit in private browsing is 1 MB…”

“To protect user privacy, there is no way for developers to tell whether their content is handling normal or private LSOs. Flash Player handles local storage data in the same way.” No it doesn’t!

Not only I can tell about the current status of the Flash Player browsing mode, but now I can tell about the browser itself since Flash inherit its mode from the browser.

Load a small enough SWF (less than 215 x 138) so it won’t ever show the settings dialog.

Now, kiss (sorry for the cheesiness ;) ) the local storage with data greater than 128kb. If it reject the kiss then you’re in normal browsing mode, if it accept it you can tell it’s a private mode.

It’s that easy, load this blog post in Private Mode with Flash Player 10.1 beta 2 installed and you’ll see the difference:

The solution is simple, private and normal modes should behave completely the same. In this case the local storage capacity should be the same. Lower both to 128kb or up both to 1MB. Which one is better, you may ask?! I’ll tell you latter ;)

The good thing is that Flash Player 10.1 is still in beta 2 so I’m sure it’ll be fixed for by the final release.

The source code is below:

?View Code ACTIONSCRIPT
package {
	import flash.display.Sprite;
	import flash.display.StageAlign;
	import flash.display.StageScaleMode;
	import flash.events.NetStatusEvent;
	import flash.net.SharedObject;
	import flash.net.SharedObjectFlushStatus;
	import flash.text.TextField;
	import flash.text.TextFieldAutoSize;
	import flash.text.TextFormat;
	import flash.utils.getTimer;
	import flash.utils.setTimeout;
 
	/**
	 * This class will tell the current browsing mode of the user
	 * Tested with Flash Player 10.1 beta 2
	 * for more info go to:
	 * http://blog.guya.net
	 */
 
	[SWF(backgroundColor="#FFFFFF", width="400", height="35")]
	public class KissAndTell extends Sprite
	{
		private var _tf:TextField;
 
		public function KissAndTell()
		{
			initStage();
			createTF();
			setTimeout(saveData, 300);
		}
 
		private function initStage():void
		{
			stage.scaleMode = StageScaleMode.NO_SCALE;
			stage.align = StageAlign.TOP_LEFT;
		}
 
		//try to save 140kb into the local storage
		private function saveData():void
		{
			var kissSO:SharedObject = SharedObject.getLocal("kissAndTell");
			kissSO.data.value = getDataString(140);
 
			var status:String;
 
			try
			{
				status = kissSO.flush();
				kissSO.addEventListener(NetStatusEvent.NET_STATUS, netStatusHandler);
			}
			catch(ex:Error)
			{
				trace("Save failed");
			}
 
			//If we can save more than 128kb then we're in Private Mode
			if (status && status == SharedObjectFlushStatus.FLUSHED)
			{
				setPrivateText();
            }
		}
 
		//Listening to this event just to prevent exception on debug players
		private function netStatusHandler(event:NetStatusEvent):void
		{
			trace("event.info.code: " + event.info.code);
		}
 
		private function setPrivateText():void
		{
			_tf.text = "Private Browsing Mode";
			_tf.backgroundColor = 0xAA2222;
		}
 
		private function createTF():void
		{
			_tf = new TextField();
			_tf.autoSize = TextFieldAutoSize.LEFT;
			_tf.defaultTextFormat = new TextFormat("Arial, Verdana", 20, 0xFFFFFF, true, null, null, null, null, null, 10, 10);
			_tf.text = "Normal Browsing Mode"
			_tf.backgroundColor = 0x22AA22;
			_tf.background = true;
			addChild(_tf);
		}
 
		private function getDataString(kb:int):String
		{
			var t:int = getTimer();
			var word:String = "GUYA.NET_GUYA.NET_GUYA.NET_GUYA.NET_GUYA.NET_GUYA.NET_GUYA.NET_GUYA.NET_GUYA.NET_GUYA.NET_GUYA.NET_";
			var count:int;
			var a:Array = new Array();
			var lenNeeded:int = kb * 1024;
			while(count * word.length < lenNeeded)
			{
				a.push(word);
				count++;
			}
 
			var ret:String = a.join("");
			trace("time for generating " + kb + "kb: " + String(getTimer() - t) + " ml");
			return ret;
		}
 
	}
}

Tags: , , , , ,
Posted in Actionscript, Adobe Flash, Flash General, Flash Security, Safeloper, Security | No Comments »

Pitfalls to avoid when installing Magento on XAMP

January 20th, 2010

Magento is a PHP open-source online shop platform built to scale, so they say.
XAMP is the best way to develop PHP locally on your machine. It gives you an easy to run and configure Apache, MySQL and few other stuff.

The new Magento (1.3.2.4) doesn’t completely support PHP5.3 and above. The last version of XAMP 1.7.3 comes with PHP 5.3.1. Because of that the installation might have some errors. Luckily there are some workarounds.

Generally the Magento on XAMP installation manual is fine, but, here are some of the common problems that might occur:

If you get this error:
Fatal error: Method Varien_Object::__tostring() cannot take arguments in /magento/lib/Varien/Object.php
Go here.

If you get this error:
Parse error: parse error, expecting `’&” or `T_VARIABLE’ in C:\lib\Varien\Object.php on line 498
Its because you copy and pasted the code from the previous link and "an apostrophe is used in the end of the lines instead of the single quote"
(From comment 13 in the previous link)

If you get this error:
Unknown error (8192): Function split() is deprecated in ….
in the frontend or
Unknown error (8192): Assigning the return value of new by reference is deprecated in …
in the connectManager.
Follow the instruction in here. (part of it is the same as the afford mentioned)

If installation goes fine but you can’t login into your admin: (It’s a cookie issue)
Add this to your c:\windows\system32\drivers\etc\hosts file
127.0.0.1        magento.localhost.com www.localhost.com
Browsing to magento.localhost.com/magento worked for me.
More info

just in case –> to edit the hosts file on vista/win7 -> right-click on notepad –> run as admin… –> open the file.

Generally there is a chance that the installation won’t be smooth,
but don’t give up cause it seems that every issue has already been solved by someone out there.

Just google it!

Tags: , , , , ,
Posted in Google, Magento, PHP, XAMP | No Comments »

Has my blog got hacked again?!

January 20th, 2010

I was checking my email when all of a sudden I saw this email “New WordPress Blog”. I didn’t remembered adding, updating or doing anything with my blog. I thought about it yesterday though. Could it be that Wordpress is so smart and read my mind.

Something was fishy, I’ve already experienced the fact the WP can be hack-able sometimes. I rushed to backup and remove the blog, before the hackers will start messing with me and my visitors.

I was already FTPing when it came to me, even if it was really hacked no need to rush about it, I’ll try to find out what happened.

And indeed google gave the quick answer that if the option database table get corrupted, somehow it gets, WP behave as a new install.  You only need to repair it from the phpMyAdmin, that’s it %)

Anyway it’s time to redo things in my blog, but without the rush.

The moral is always “google it” before you jump to any assumptions.

Posted in Google, Safeloper, Security, Wordpress | No Comments »

Developing Flash/Flex on Google Chrome

October 12th, 2009

I find Google Chrome fast startup and multiple processes, a key when developing Flash/Flex applications. And it’s my preferred target browser for stuff other than HTML.

The problem is that, when debugging a Flash/Flex application and hitting a breakpoint, the Flash Player is stalled, chrome detect this stall and gives you this annoying message every 30, 60, 120, 240, etc’ seconds:

—————————
Plug-in Unresponsive
—————————
The following plug-in is unresponsive: Shockwave Flash
Would you like to stop it?
—————————
Yes   No  
—————————

It’s very annoying when the context jump to chrome exactly when you intent to click on F6.

Luckily we can use the -disable-hang-monitor startup switch  to avoid this annoyance. (All Google Chrome Startup Switches).

Right-click on the desktop link to Google Chrome, select Properties and add the switch to the target:

…Chrome\Application\chrome.exe -disable-hang-monitor

From now on, start Chrome using this link, first, only than you’ll be able to debug in a new tab/window and not get the Plug-in Unresponsive message. The first Chrome window has to be the one started from this link. A bit awkward I know, but that’s the best there is right now.

Trying to add this Startup Switch to the browser parameters inside Flex Builder didn’t worked for me either.

Posted in Adobe Flash, Adobe Flex, Google Chrome | 2 Comments »

My PureMVC presentation

September 29th, 2009

When it comes to enterprise application it’s difficult to recommend  project owners to bet on a framework that hasn’t proved itself for a long time. So all these sexy new frameworks with their lovely IoC will have to excuse us for now. That leaves us with cairngorm (yeah, I’ve heard the rumors) and PureMVC which is better IMHO and many others HO.

Recently, I’ve made this presentation about PureMVC, targeted to a specific enterprise application. These are most of the slides from the presentation.

Generally, the topics are:

  • Why use an application framework?
  • Why choose PureMVC?
  • The PureMVC meta pattern
  • PureMVC cons
  • Can we SCRUM it?
PureMVC
View more presentations from guya1.

Posted in Actionscript, Adobe Flash, Adobe Flex, PureMVC, SCRUM | 12 Comments »

HTML 5 vs Flash vs SilverLight

September 6th, 2009

This is by no mean a full technical comparison between these technologies, just a chat between 2 geeks. One is a skeptic backend dude ;) and the other one is yours truly, a GUI guy.

It started with an email from Eli (the backend dude)  titled “the Next big thing”?

Elihttp://www.chromeexperiments.com/ , RIP Flash. Long live HTML 5 + JavaScript.

Guy: This is old…  Let me know when Chrome will reach 99% of desktop computers.

Eli:  HTML 5 is old? LOL.  FYI, despite the fact that the spec is far from being finalized, browsers with sparks of HTML 5 support count among them ie8, ff3, opera and safari.

Guy:  Old news, that is.  HTML 5 is only started to get supported.   HTML 5 + Javascript has a small subset of what Flash 10 can offer.  By the time HTML 5 will be a standard Flash 12 will reach 90%

Eli:  Yeah, yeah, I’ve heard the same thing about java applets about a decade ago… ;)   Seems like the simplicity of markup languages makes them the long distance runners

Guy:  Exactly, Flash has succeeded where Java failed. Flash has a lot of issues, but currently (and in the few coming years for sure) it’s the most powerful and available runtime.  HTML + Javascript is far from simple and cause huge problems for complex applications.

Eli:  Flash is mostly used to fill gaps in HTML, not to solve the huge problems in the complex applications the web is made of, isn’t it?

Guy:  This is what Adobe aim to solve with Flash, to be the ultimate platform for creating and running RIA (Rich Internet Applications). Still, a lot of RIAs are written in AJAX (Javascript+HTML), which, with the aid of solid and powerful frameworks like jQuery become reasonable in some cases. Lately Google, which already have a lot of RIA tools, is trying to change the game with its Chrome browser and OS. The Chrome browser is equipped with a much faster JavaScript engine that enables what we can see in chromeexperiments.com. Microsoft is also trying to be a player in this space with its new SilverLight runtime.

Eli:  Yet, the idea of basing the web on some proprietary browser plug in is doubtable. Epic fall of java applets and endless annoying ActiveX bullshit are just a couple of examples. IMHO, the shortcoming of this approach is missing the idea that The Web is more than “screenfuls of text and graphics” ©. Layout engines, however, are here for more than a decade and markup languages – for ages, proving themselves in taking the web into the places no one was thinking then about.

P.S. The only thing Adobe aims is profit.

P.P.S. I love holy wars.

Guy:  The proprietary thing is indeed an issue, it prevents Flash from being accepted in some areas of the web and by some users. E.g. the Wikipedia video project uses HTML 5 video, they can’t use anything that is closed. What prevents Flash from being open-sourced is that it contain 3rd party patent not owned by Adobe. Adobe is already trying to appeal to the open source crowed with the opening of some of its IP http://opensource.adobe.com. IMHO they might completely open the Flash runtime if and when it’ll be pushed to the wall by Microsoft and its new SilveLight (talking about proprietary ;) .

Java and Active-X are completely different stories, each had its own reason to fail. Partially and shortly, it is too difficult to create a Java applet and its far from appealing to a designer. Active-x has no sandbox, hence it has a lot of security issues, and also runs only in IE.

HTML was created to display text and images with basic layout, Javascript was added to enable simple interactivity, no one dreamt it can be used the way it’s done today. Only with the maturity of the browsers and with specialization of web developers, these king of RIAs could have been created. Yet it still pushes the tech to it limits.

The HTML 5 standard will be adopted relatively fast, but we’re still talking in years. Even with the Chrome JS engine (V8), Javascript can’t match the power of languages like Actionscript 3.0 and C#. Javascript 2 is somewhere in the very distant future. HTML 5 biggest improvement is the support for media (video/audio). But, it still can’t compete with Flash and SilverLight media abilities, in terms of playback and deployment.

HTML 5 is nice but the main holy war is between the reigning RIA world champion which is Adobe Flash and the challenger which is Microsoft SilverLight. There is much to be loved about this holy war, since it pushes the technologies forward and the biggest winners are us, the developers and the users.

(I’m talking about hard-core RIA, not some lightbox image gallery which is still preferably done in HTML)

P.S.  Adobe isn’t a saint, but, everyone want to make some profit, even google, even us as I recall ;) If you gain it morally and also use it to make something like the web better, than it’s fine with me. 

P.S.S aforementioned.

Posted in AJAX, Actionscript, C#, Flash General, Flex 3, Google Chrome, Javascript, RIA, Silverlight | 6 Comments »

The biggest terrorists in the world are… Flex bloggers

July 14th, 2009

Adrian Parr, a Flex blogger mostly known for his post listing of AS3 frameworks got hacked by some political lamers. The whole blog is replaced with common and lame hacker page. The allegedly hackers came from this Arab security forum, m4r0c-s3curity.cc.

What is the relation of this blog to your “war on terror”?! Leave your political BS where it belongs.

Posted in Actionscript, Flash General, Flex 3, Security, Wordpress | 8 Comments »

So what is Flex then, again?!

June 3rd, 2009

With the release of the new Flash Builder 4 beta yesterday, it’s my chance, again, to congrat Adobe on the name change.

Yeah I know this is old news, Flex builder has been rebranded to Flash Builder. I just wanna join the people who welcomed it.
Flex sounded more serious then Flash so, it served it’s purpose as a marketing term for showing the maturity of the Flash platform. Confused already?!
I know a lot of people were and probably still are. Even seasoned Flash/Flex developers weren’t sure want is going on.
I’ve heard comments like – “Flex is what competing with SilverLight and not Flash.” Which is obviously wrong.

I really wonder why it’s so difficult to understand, it’s not that complicated. If you feel like you still don’t get it then, read this.

Of course some people think this change is a terrible mistake, these are mostly the people who the name Flex was meant to attract and will rather die in pain then to say they’re Flash developers. – You can still be a Flex developer, you know!
Some raise none important questions,  to say the least, like – will the new logo retain it’s colors? – yes it does, yes it does.

I mostly like the change because, it reduces the pain of trying to explain common people what is Flex.
- “There is the Flex Builder and the Flex framework.” Here you probably lost most of them already. And you end with – “but anyway everything is compiled into Flash.” – “Aha, so what is Flex then, again?!”

Here is a screencast about the name change that also showoff the new builder.

Anyway it’s time to get busy with the new toys:

Get Flash Builder 4 Beta

What’s new in Flash Builder 4 beta

What’s new in Flex 4 SDK beta

Get Flash Catalyst

Flash Builder 4, Flex SDK4 and Flash Catalyst tutorial and demonstration videos

gotoAndLearn() Flash Catalyst and Flex 4: Part 1, Part 2

Posted in Flash Builder 4, Flash Catalyst, Flash General, Silverlight | 4 Comments »

Hundred million breaths of fresh AIR

January 29th, 2009

Lately I was wondering how well is AIR doing, has it lived to its promise of compatibility? Today passing through the technical default, Techcrunch, I found out it’s already been installed on 100,000,000 machines in less then a year of existence. Looking at it with most pessimistic assumptions (double installs etc’) still make it a decent number.

Hopefully Adobe will continue to push and improve this cool runtime as vigorously as they did so far.

Posted in AIR, Flash General | No Comments »

« Older Entries