Category Archives: Silverlight

Putting Data Into Context

The challenges of presenting large amount of data visually in a way that one will be able to easily digest and understand it are becoming more viable daily. The democratization of data, challenge authors to think about new ways to visualize it.

The above text, is pretty much the summery of this highly inspiring video called Journalism in the Age of Data. As the name suggest this video is mainly about journalism data viz, but, it is also highly inspiring for anyone dealing with data of any kind.

Many RIA applications today struggle with the ability to present large data sets to the user in away which he can digest and understand.
I would say that many of these new apps, especially in the enterprise space and from the last few years, are built upon the Flex framework.

As RIA developers many of us face these challenges in the day to day work. Obviously, the charts that comes bundled with the Flex framework won’t suffice most of the time, and one would need to relay on third party components or role her own. Not so long ago, its seemed that this area is blooming. The amazing open source projects like Flare and BirdEye. The slick commercial components, IBM ILOG Elixir and KapLab – ridiculously priced and has draconian licensing, respectively.

Today, these open source projects seems to be abandoned and the commercial tools prices seem to increase. The field of online data visualization is exploding and yet the Flex tools seems a bit halted.

The somewhat halted SilverLight with its basic charts and decent third party components. And the HTML5 alternatives, like Protovis, which still needs some maturity – doesn’t seem to provide the alternative.

Anyhow, if one wants to create something “out of the box”, than she needs to use something like Flare as the base and invent her own data viz, other than use some slick, out of the box, components.

InsideRIA has an immense list of with most data visualization frameworks and resources

The Video

I’ve extracted some selected examples, for your convenience:

Many Eyes (Java)
Budget Forecasts, Compared With Reality (Flash)
The Jobless Rate for People Like You (Flash)
In graphics: Eurozone in crisis (HTML)
The Stimulus Tracker (Flash)
Crash: Death on Britain’s roads (Flash, HTML)
How Different Groups Spend Their Day
The Crises of Credit Listening History – What have I been listening to? 
Eurovision Song Contest 2008 (Flash)
Google public data explorer (Flash, HTML)
Oakland Crimespotting (Flash)
Tracking Taxi Flow Across the City

Blogs: (not from the video)

HTML 5 vs Flash vs SilverLight

This is by no mean a full technical comparison between these technologies, just a chat between 2 geeks. One is a skeptic backend dude 😉 and the other one is yours truly, a GUI guy.

It started with an email from Eli (the backend dude)  titled “the Next big thing”?

Eli , RIP Flash. Long live HTML 5 + JavaScript.

Guy: This is old…  Let me know when Chrome will reach 99% of desktop computers.

Eli:  HTML 5 is old? LOL.  FYI, despite the fact that the spec is far from being finalized, browsers with sparks of HTML 5 support count among them ie8, ff3, opera and safari.

Guy:  Old news, that is.  HTML 5 is only started to get supported.   HTML 5 + Javascript has a small subset of what Flash 10 can offer.  By the time HTML 5 will be a standard Flash 12 will reach 90%

Eli:  Yeah, yeah, I’ve heard the same thing about java applets about a decade ago… ;)  Seems like the simplicity of markup languages makes them the long distance runners

Guy:  Exactly, Flash has succeeded where Java failed. Flash has a lot of issues, but currently (and in the few coming years for sure) it’s the most powerful and available runtime.  HTML + Javascript is far from simple and cause huge problems for complex applications.

Eli:  Flash is mostly used to fill gaps in HTML, not to solve the huge problems in the complex applications the web is made of, isn’t it?

Guy:  This is what Adobe aim to solve with Flash, to be the ultimate platform for creating and running RIA (Rich Internet Applications). Still, a lot of RIAs are written in AJAX (Javascript+HTML), which, with the aid of solid and powerful frameworks like jQuery become reasonable in some cases. Lately Google, which already have a lot of RIA tools, is trying to change the game with its Chrome browser and OS. The Chrome browser is equipped with a much faster JavaScript engine that enables what we can see in Microsoft is also trying to be a player in this space with its new SilverLight runtime.

Eli:  Yet, the idea of basing the web on some proprietary browser plug in is doubtable. Epic fall of java applets and endless annoying ActiveX bullshit are just a couple of examples. IMHO, the shortcoming of this approach is missing the idea that The Web is more than “screenfuls of text and graphics” ©. Layout engines, however, are here for more than a decade and markup languages – for ages, proving themselves in taking the web into the places no one was thinking then about.

P.S. The only thing Adobe aims is profit.

P.P.S. I love holy wars.

Guy:  The proprietary thing is indeed an issue, it prevents Flash from being accepted in some areas of the web and by some users. E.g. the Wikipedia video project uses HTML 5 video, they can’t use anything that is closed. What prevents Flash from being open-sourced is that it contain 3rd party patent not owned by Adobe. Adobe is already trying to appeal to the open source crowed with the opening of some of its IP IMHO they might completely open the Flash runtime if and when it’ll be pushed to the wall by Microsoft and its new SilveLight (talking about proprietary ;).

Java and Active-X are completely different stories, each had its own reason to fail. Partially and shortly, it is too difficult to create a Java applet and its far from appealing to a designer. Active-x has no sandbox, hence it has a lot of security issues, and also runs only in IE.

HTML was created to display text and images with basic layout, Javascript was added to enable simple interactivity, no one dreamt it can be used the way it’s done today. Only with the maturity of the browsers and with specialization of web developers, these king of RIAs could have been created. Yet it still pushes the tech to it limits.

The HTML 5 standard will be adopted relatively fast, but we’re still talking in years. Even with the Chrome JS engine (V8), Javascript can’t match the power of languages like Actionscript 3.0 and C#. Javascript 2 is somewhere in the very distant future. HTML 5 biggest improvement is the support for media (video/audio). But, it still can’t compete with Flash and SilverLight media abilities, in terms of playback and deployment.

HTML 5 is nice but the main holy war is between the reigning RIA world champion which is Adobe Flash and the challenger which is Microsoft SilverLight. There is much to be loved about this holy war, since it pushes the technologies forward and the biggest winners are us, the developers and the users.

(I’m talking about hard-core RIA, not some lightbox image gallery which is still preferably done in HTML)

P.S.  Adobe isn’t a saint, but, everyone want to make some profit, even google, even us as I recall 😉 If you gain it morally and also use it to make something like the web better, than it’s fine with me. 

P.S.S aforementioned.

So what is Flex then, again?!

With the release of the new Flash Builder 4 beta yesterday, it’s my chance, again, to congrat Adobe on the name change.

Yeah I know this is old news, Flex builder has been rebranded to Flash Builder. I just wanna join the people who welcomed it.
Flex sounded more serious then Flash so, it served it’s purpose as a marketing term for showing the maturity of the Flash platform. Confused already?!
I know a lot of people were and probably still are. Even seasoned Flash/Flex developers weren’t sure want is going on.
I’ve heard comments like – “Flex is what competing with SilverLight and not Flash.” Which is obviously wrong.

I really wonder why it’s so difficult to understand, it’s not that complicated. If you feel like you still don’t get it then, read this.

Of course some people think this change is a terrible mistake, these are mostly the people who the name Flex was meant to attract and will rather die in pain then to say they’re Flash developers. – You can still be a Flex developer, you know!
Some raise none important questions,  to say the least, like – will the new logo retain it’s colors? – yes it does, yes it does.

I mostly like the change because, it reduces the pain of trying to explain common people what is Flex.
– “There is the Flex Builder and the Flex framework.” Here you probably lost most of them already. And you end with – “but anyway everything is compiled into Flash.” – “Aha, so what is Flex then, again?!”

Here is a screencast about the name change that also showoff the new builder.

Anyway it’s time to get busy with the new toys:

Get Flash Builder 4 Beta

What’s new in Flash Builder 4 beta

What’s new in Flex 4 SDK beta

Get Flash Catalyst

Flash Builder 4, Flex SDK4 and Flash Catalyst tutorial and demonstration videos

gotoAndLearn() Flash Catalyst and Flex 4: Part 1, Part 2

Malicious camera spying using ClickJacking

Update: Adobe has fixed this issue by framebusting the Settings Manager pages. Now, 99.9% of the users are protected from this specific exploit. Congrats on the fast response. —-

Turn every browser into a surveillance zombie. The wet dream of every private eye and peeping tom. Imagine this scenario, you play a short game on the web and by doing that you unknowingly grant someone full access to your webcam and microphone.

I’ve made a live demo of it in here, this demo won’t listen or record any of your input.

If you don’t want to try it or don’t have a webcam connected, then check out the video.

When I've first heard about ClickJacking and how Adobe is concerned about it, I thought that the Flash Player Security Dialog must have been compromised. But the Security Dialog does a good job disabling itself when you try to mess with it's visibility through DHTML. Unless there's some 0-day issue with the Dialog it's probably relatively safe.

The problem here is the Flash Player Setting Manager, this inheritance from Macromedia might be the Flash Player security Achilles heel.

I've written a quick and dirty Javascript game that exploit just that, and demonstrate how an attacker can get a hold of the user's camera and microphone. This can be used, for example, with platform like ustream, justin and alike or to stream to a private server to create a malicious surveillance platform.

I've made it as a JS game to make it easier to understand, but, bear in mind that every Flash, Java, SilverLight, DHTML game or application can be used to achieve the same thing.

Some of the clicks are real game clicks other are jacked clicks. Every time the click is needed to be jacked the content simply move behind the iframe using z-index

I had doubts about publishing this, but, if I could have understand it so are the bad guys, so it's better to know about it.

In this case Adobe could have just framebust the pages that holds the Settings Manager. There are two issues with frambusting in this case, it won't solve all cases (legacy browsers for ex) and will force Adobe to rely on javascript.

Play it here, watch it here

Mysteries Flash exploit is hijacking the clipboard?

Update: Adobe Product Security Incident Response Team (PSIRT) has referred to this “Clipboard attack”

Update 2: Aviv Raff has updated me about the fact that it won’t be that easy to replicate this attack using Javascript on the latest browsers and with the default security settings. Thanx.

Lately there were some rumors about a mysteries Flash exploit that is hijacking the users clipboard and will always fill it with a URL to some malicious website, no matter what you’ll copy to the clipboard it’ll will always paste the same URL. This malicious website will ask you to download a fake anti-virus. It’s also been mentioned in some places that in order to clear this behavior you’ll have to restart your machine.

But is it really an exploit, a bug in the Flash player that let the attacker demolish the users clipboard until restart?! From what I’ve seen so far it’s not an exploit and no restart is needed, it’s just a bad use of a Flash and JavaScript feature. Both of these allow a valid script to write text to the user’s clipboard. I’m surprised that only now this questionable feature is starting to get abused. The abusing code is probably residing in some Flash AD, in one of the user tabs and consistently rewriting the clipboard.

Although this attack can be done using simple JavaScript, Flash it the right vessel for this kind of attacks. I think that, encapsulating attacks inside RIA code, mainly Flash and SilverLight, is just starting to gain attention and will become a major security issue. I have some other examples which I attend to write about soon.

Adobe fight fire with fire

Recently Adobe has been needing to deal with a massive force attacking its main domain of dominance, we can call this domain – the highly interactive web or RIA. I don’t refer to Microsoft SilverLight which is supposed to compete with Adobe Flash on the same ground, but to the brutal MS marketing machine. This machine can make every boy and girl blindly recite fallacious facts and numbly say things like “Yeah, but, SilverLight is search engine optimized”.

It took Adobe some time to understand what it is dealing with, and I think I’ve noticed a change in their PR brutality lately, generating big PR out of small things.

This last SEO announcement from Adobe, which claim that Flash will be more searchable by search engines, might have some substance in it, as opposed to the similar one from Microsoft, but, it’s still mainly a marketing battle. I just hope it doesn’t take too many resources out of the real development of the products.

Google were probably working on their own humanoid crawler that has a broader vision then just the Flash Player and can work with any RIA applications even if its written in AJAX or SilverLight. Apparently searching and indexing RIA is not an easy thing to achieve, and it doesn’t seem that even google has managed to do it yet.

The main problem of indexing Flash websites or any other RIA website, is to understand the context of the data and then link to it directly, aka deep linking. The fact that google can now read the text from within Flash even better then it did before, don’t yet solve that problem.

Even so, it doesn’t mean that we shouldn’t be optimistic, and there is a possibility that this will improved the indexing of Flash content. We’ll have to wait and see.

OSE instead of SEO

The promise of google to have a human like understanding of the Internet it crawls has yet to reach reality. My point is that, we should start to expect Optimized Search Engines (OSE) instead of painfully optimizing our content for them (SEO). Currently search engines can’t understand RIA (Rich Internet Application), websites written in Ajax Flash and SilverLight, and the authors of these websites need to invest a lot of resources to make it SEO. As RIA become bigger and more significant part or the Internet daily, what use is a search engine that can’t understand it? It’s the age of obscurity all over again, the age before google.

This clip (02:22) has reminded me of the old promise that google will see and understand the web the same as we humans do, a promise which wasn’t really fulfilled. I know there is a big technological challenge in that, hey google can’t do it yet, but the one that will do it the best might be the next google.

The search engine game might be open again since the late 90th.

The greatest SilverLight lie

I’ve been to a few SilverLight events and read about it on the web, I’ve even played with it a little, and I think it’s very interesting. But, one thing I’ve learned from all of these experiences, beside the fact that the average developer feels awed when he sees how to create a rectangle with a gradient fill, is that Microsoft is pumping the fallacious fact that SilverLight is SEO (Search Engine Optimized) because it uses external XAML files, which are basically plain XML files. In the last event I were at, the presenter repeated this "fact" with such determination, which made me jump out of my seat with rage, well not really rage :), I’ve just explained it to him nicely why it’s not true. He was more modest with he’s determinations, afterwards.

Even though it’s a known fact that SilverLight isn’t just SEO out of the box, I still see this being repeated all over the web. You should question authority, and shouldn’t believe everything you’re being told, even if it’s Microsoft.

Currently, search engines don’t even bother looking at XAML files, IMHO they won’t start parsing it any time soon. The same way google don’t parse dynamically loaded XML files, since it can’t do much with it, you can’t get much out of a parsed XAML unless your looking for a Rectangle that is positioned at x=0.1232 and y=33.4355.

Technologies never cry

I’ve been thinking lately, will I leave my beloved Flash and jump to the newer SilverLight?! After all that Flash did for me, made me the man I am today, got me this cool job I’m happily manage to wake up (almost) every morning to go to. Will I just leave that all behind? I know SilverLight is still underage but it might become very sexy eventually. What if it’ll become the better technology, can I just dismiss all of our past together, me and Flash, that is? I might also have an easier time pushing SilverLight then Flash, in my area. I’m defiantly gonna play with the real SilverLight (ver 2.0) when it’ll come out, that might be fun.

I believe a lot of us Flashers share the same feeling. Lately this has been recognized even by our native Adobe branch (Israel) which was ignoring us, flashers, completely till now. They have set a Flex3 / Air conference for tomorrow (25.2.2008), which is the exact same day that Microsoft is doing her local Silverlight conference. As for myself, I’m gonna jump between conferences, have the best of both worlds, eat the cakes and have it too, they’ll probably be a lot of cakes :)

Again, I would like to give Microsoft credit for it’s SilverLight showoffs, even though it’s funded with lots of MS money. The latest is the Microsoft Virtual Events. For me, it didn’t worked in FireFox, gave me some error. Tried in IE7, although it was a lengthy load again (more then 8 mega), the experience was not that good, with lots of too long delays and un-intuitive behaviors and eventually some Javascript errors. maybe it’s mainly a matter of design and not the technology to blame, but this is a Microsoft website, if they don’t know how to use their own technology, then who will.

Compare it with one of the latest Flex showoff, funded with developers passion.

What I would really don’t like to see is that MS will win this fight even though it’ll provide the inferior technology. We’ve all seen it happen in the past, but, I still believe, this time the game is different. If they can really excel Flash then they should be the winners, but, as objective as I can possibly be, I believe they’re still far from it.

I would like to see both of these technologies nurturing each other with the competition. I’m not sure that Flash/Flex would have received such frantic amount of updates in such a short time if it wasn’t for MS upcoming competition. So, so far it’s been great and it’s gonna be even more interesting.

P.S. Maybe this guy can already convince you to make the move to SilverLight 😀