Deitte.com

Here are my notes from the second day at MAX. It includes info on the keynote, development best practices with Flex, Flash security, RTMFP, and speech to text.

General Notes

A lot of people were interested in the basics of Brightcove but didn't know a lot about the technology. I've been meaning to write more about certain areas for awhile- advertising, BEML, a few other things- and this reminds me to do this.

I got a lot of comments on the compiler update I've released, and I appreciate all the comments on it. But I want to make clear again that I didn't make the compiler changes myself! I've merged the changes from the Flex compiler team- thank Paul Reilly and the rest of that group for doing the real work.

Keynote

Besides making me go slightly deaf with the sound system, they showed off a lot of new features in CS4 and other products. They showed off a literal copy and paste from CS4 applications to Catalyst which was then turned into components. This round tripping is done through FXG support in CS4 applications and Catalyst.

I saw Alchemy again as they showed the following demos in Flash: open SSL encryption, decoding of Ogg Vorbis, decoding of RAW images, showing PDFs in Flash, Doom, and Mario. The showing PDFs is particularly interesting for the future of the Flash player and the Adobe Reader. I wonder if some of PDF viewing will switch over to the Flash player?

On the .NET front in Flex, they have a partner plugin to Visual Studio and a possible C# version of BlazeDS.

In addition to multi-bitrate and RTMFP, they showed off an interesting live feature in FMS. You can now record a stream and stream it live at the same time to have a DVR-like experience.

Developer Best Practices With Flex

This session was about developer best practices with Flex with a particular focus on using Catalyst. There was quite a bit a talk about general engineering practices that should be used in Flex as they should be used elsewhere: use coding standards, comment code, and use design patterns. Nothing too surprising in this part of the talk other than advocating code behind, which I don't think works very well for Flex.

They talked about various things that developers should do to prepare their projects for Catalyst development, such as applying metadata to files and laying things out properly. There will be a lot more code-level interaction with designers when Catalyst is used.

One more interesting note, something which I didn't know yet, is that Catalyst is built on Eclipse.

Flash Security: Why and How

This was an explanation of content restrictions with the Flash Player. Deneb had a few overriding rules for Flash security: use least privilege, validate input, deploy HTTPS consistently, prototype early, and keep track of security changes.

You need to call Security.allowDomain() if a SWF loads from another domain. This allows the SWF you are loading to call things within the parent SWF. The wrong way to do this is to call Security.allowDomain("*"). "There are rare times when you might want to do this."

You need to specify allowScriptAccess or allowNetworking in the HTML to allow your SWF to script the HTML from a different domain. allowScriptAccess set to never isn't used anymore because there really isn't a way in Flash to stop same domain communication between the SWF and a browser.

Data loading requires permission because it's data that the user can access but not necessarily data that's publically available. So a cross-domain policy file is required so that the server gives permission for the data to go elsewhere. Flash is also the first client to allow direct cross-domain data loading, although browsers are looking into similar abilities in HTML5.

You must use a socket policy file with any socket connection (including the same domain).

You need to specify allowInsecureDomain() to allow HTTP connection when HTTPS is being used in the main SWF. This can cause a man in the middle attack. Allowing HTTP content in HTTPS is even worse.

Sneak Peeks

I saw RTMFP yesterday, but there was a live demo of the many-to-many feature in progress today. RTMFP application-level multicast allows for many-to-many broadcasting, live streaming from one client to many clients without using a server.

Nitro is a platform to create Flash widgets which can be distributed to desktop, Web, TV, and mobile.

Content Intelligence Toolkit can find different scenes in a video and give information about each scene in metadata: lighting, activity, etc. Includes tracking of faces, and most impressively, speech to text of the video.