Watching some political stuff on Youtube and saw the ad on the side was for Google. It's rare you see Google marketing their stuff, but it seems when they do they tend to use their own platforms to do it. And why not they have access to billions of pageviews and they already know that people using Google like Google.. As well as tons of other info about you from using their services and interacting with Adsense all over the web.

Search Stories is a YouTube Channel that features the Google search bar. There are already a bunch of episodes and you watch a 60 second plot unfold through a series of searches. They built a custom episode player with sleek effects and if you catch it as it's loading you'll see the default Flex busy mouse cursor. Google uses Flex, I'm pretty sure they use it for the YouTube player as well and some of their other Flash constructions but I wonder how it ties in to their relationship with Adobe. Since they offer API access and libraries in Flash and Flex you'd think they'd already have had to develop their own framework for working in Flash.. Then again maybe they just use the best tool for the job.

In Google's words, more videos after the jump.

(more...)

The Adobe Air 2.0 beta is available for download now. Air 2.0 is a huge advancement and brings tons of impactfull new features. Most notably you can now write fully native apps, that use fully native installers and communicate and launch native apps. Hugely improved performance. Work with sound like never before. Sockets, and HTML5.

Download the AIR 2.0 Beta.

The Flash 10.1 prerelease is also available for download.

This is from the Adobe Labs.

New Features in AIR 2

• Open documents with the user's default application
  You can open document files in the application the user has set up as the default opening application. Launching executables or script files is not permitted unless the application is packaged in a native installer. See File.openWithDefaultApplication() and Opening files with the default system application.
• Microphone data access
  You can access the sound data from a microphone directly for recording or other processing. See Microphone.sampleData and Capturing microphone sound data.
• Mass storage device detection
  You can now detect when a mass storage device, such as a USB drive or a camera, has been connected to the user's computer. See StorageVolumeInfo.
• Updated WebKit version
  • WebKit in AIR is based on the version shipped with Safari 4.0.3
  • Support for JavaScript profiling
  • SquirrelFish Extreme JavaScript engine resulting in 50% faster performance using SunSpider tests
  • CSS3 Module support (2D transformations, transitions, animations, gradients, zoom and WebKit CSS selectors, etc.).
  • Styling scrollbars via CSS
  • Latest Canvas enhancements.
• Global Error Handling
  Global error handling lets you handle all uncaught errors (both synchronous errors and asynchronous error events) in one place in your code. See UncaughtErrorEvent.
• New networking support
  • Server sockets
    You can listen for incoming socket connections. See ServerSocket and Server sockets.
  • UDP sockets
    You can send and receive messages using the Universal Datagram Protocol (UDP). See DatagramSocket and UDP sockets (AIR).
  • TLS/SSL sockets
    You now connect to a server that requires TLSv1 or SSLv3 for socket communications. See SecureSocket and Secure client sockets (AIR).
  • DNS lookup
    You can look up Domain Name System (DNS) resource records. See DNSResolver and Domain Name System (DNS) records.
  • Network interface enumeration
    You can enumerate the list of hardware and software network interfaces available on a client computer. See NetworkInfo and Network interfaces.
• Packaging an AIR application in a native installer
  You can package an AIR application in a native install program instead of an AIR file. Applications packaged and installed using a native installer have access to platform-specific features such as the Native Process API. See Packaging an AIR application in a native installer.
• Native process API
  You can launch and communicate with native processes. Applications that use this API must be installed using a native installer. See NativeProcess and Communicating with native processes in AIR and the following quick start articles: (For HTML developers) Interacting with a native process, (For Flex developers) Interacting with a native process, and (For Flash developers) Interacting with a native process.
• Database transaction savepoints
  You can commit or roll back multiple database changes as a single transaction. See SQLConnection.setSavePoint().
• Screen reader support (Windows only)
  Users can use screen reader software with AIR applications. See Accessibility.
• Printing enhancements
  • Vector printing is now supported on the Mac.
  • PrintJobOptions.printMethod allows you to control whether vector or bitmap printing is performed. You can also let the runtime choose the best method (using an internal heuristic based on analyzing the content to be printed). See PrintJobOptions.printMethod.
• Idle time-out settings for URL requests
  You can override the default idle time-out setting for URL requests. See idleTimeout.
• Improved IPv6 support
  IPv6 format addresses can now be used with all APIs that accept an IP string as input.
• Increased maximum size of NativeWindow
  The maximum size of a NativeWindow has been increased to 4095x4095 pixels (from 2880x2880 pixels). See NativeWindow.bounds.
• File promises (Win/Mac only)
  You can now allow users to drag a file that has not been created yet out of an AIR application and provide the data for that function after the file promise has been dropped. For example, you could provide a list of files available on a remote server. When the user drops an item from that list onto their desktop, you can download the data and write it to the dropped file. See URLFilePromise and Dropping file promises.
• Multi-touch events
  You can listen for multi-touch and gesture events on computers that have multi-touch hardware and operating system support. See TouchEvent.
• IME API and IME text input enhancement
  Input Method Editors (IMEs) can be used with any InteractiveObject, not just TextField objects. This allows you to support IME input when using the Flash Text Engine or the Adobe Text Layout Framework, for example. See IME.
• Native runtime install packages for Linux
  Native install packages are now provided for the rpm and debian package managers.

A flaw was discovered in the tls renegotiation process where a 'man in the middle' could take over the connection in a number of ways and perform a number of exploits. Transferring login, credit card, and other important info using https:// is no longer considered secure. The 'man in the middle' could be bumming off your local wireless network, anywhere in between you and your ISP, your ISP and the destination, or on the destinations network. Secure Certificates from the likes of VeriSign can no longer be fully trusted until they find a fix, at which point you'll need to update all your software - browsers, email clients, twitter apps, smart phone firmware, as all the software manufacturers implement and roll out the new(not yet figured out or released) protocol.

Luckily the vast majority of internet users are stupid and this won't affect activity on the internet a bit, even people that are reading or writing this post will still log into their email accounts and go about their online life relying on sheer improbability of them being exploited by this massive(read: catastrophic) security hole. Once again it's stupidity and recklessness that will keep the world turning cause as we all know if you stop and think about anything too long you'll just give up and go live in the forest like we were originally supposed to.

If you're interested in a more technical description go here.

If you're a programmer and you contribute to or write software which implements tls please disable renegotiation a.s.a.p. and push the update to all your users until a new version of the protocol is released.

via Ars Technica

First of all GRRRRRR!!

Second, this has been one of those things I randomly get sucked into between projects where I'll spend 5 hours on Google trying to figure it out and getting tiny fragments of info but never actually solving the issue. This is the worst! What the hell am I talking about? Say you use MAMP or whatever as a local testing server. You write some PHP and you need to use the mail() function. You test your new email function to your personal gmail account. Ok so you try it and it doesn't work, or even worse it works a couple times and then never again.  So you go to Applications->Utilities and fire up the Console application. You're shocked to see that there's a message in there saying something about Gmail not accepting mail from your IP address because it's registered as a residential thingy and apparently a lot of spammers use their personal computers to send spam.

So you say no no there must be some mistake I'm a programmer, not a spammer, I'm just trying to test out my new app. But you quickly realize you're talking to a computer, pleading, and well it doesn't care. typical. After, you cry and try piece together a coherent step by step set of instructions to route all mail sent from your computer through your Gmail account - so it would be from you, and all go through. here's what you do.

note that $ is used to show a new terminal command, you don't actually type it in:

Open Terminal - found in Applications->Utilities and type in:

$ sudo nano /etc/postfix/relay_password

You'll now be editing a new file called relay_password in the nano Terminal editor, type in the following substituting your login info - it should work with google apps accounts as well:

smtp.gmail.com example@yourdomain.com:yourpassword

Press ctrl+o on your keyboard followed by Enter to save the file, then press ctrl+x to exit the editor.

Now type in:

$ sudo postmap /etc/postfix/relay_password

That should tell Postfix to use the relay file you just created. Gmail uses a secure connection so you need to head over to Verisign and download some root certificates. Go to the following url fill out your info and download the .zip file:

https://www.verisign.com/support/roots.html.

Now type in the following commands one after another. In the second command it wants the roots.zip you just downloaded, you can just drag the zip file onto the Terminal window and it will fill in it's location, don't do that for the 4th command though. Also note you may have some certificates already on your system, so after the second last command you may be prompted to replace existing certificates, type N so it doesn't replace the ones you have:

$ sudo mkdir /etc/postfix/certs
$ sudo cp roots.zip /etc/postfix/certs
$ cd /etc/postfix/certs/
$ sudo unzip -j roots.zip
$ sudo openssl x509 -inform der -in thawte\ Primary\ Root\ CA\ -\ G2_ECC.cer -out thawte\ Primary\ Root\ CA\ -\ G2_ECC.pem
$ sudo c_rehash /etc/postfix/certs

Now type in:

$ sudo nano /etc/postfix/main.cf

Go to the end of the document, you can delete the MAMP stuff, also note that if you have MAMP Pro and you edit postfix settings from there it'll fuck up what we're doing here. So remember this going into the future and don't do that.

Paste in the following at the end of the document - note: use the keyboard to get around the document, but use the mouse to right click and paste:

relayhost = smtp.gmail.com:587
# auth
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/relay_password
smtp_sasl_security_options = noanonymous

# tls
smtp_tls_security_level = may
smtp_tls_CApath = /etc/postfix/certs
smtp_tls_session_cache_database = btree:/etc/postfix/smtp_scache
smtp_tls_session_cache_timeout = 3600s
smtp_tls_loglevel = 1
tls_random_source = dev:/dev/urandom

Save it like we did before by pressing ctrl+o, then Enter, then ctrl+x.

Now type in:

$ sudo nano /etc/postfix/master.cf

You're now editing master.cf, this is a different file to main.cf we just pasted stuff into. There should be a table in here, find the line in the table that looks something like this:

#tlsmgr    fifo  -       -       n       -       1       tlsmgr

Make it look like this - note the comment is removed and fifo should be unix:

tlsmgr    unix  -       -       n       -       1       tlsmgr

Save it like the other times pressing ctrl+o, then Enter, then ctrl+x.

Ok, so at this point you can put the following into terminal and see that it works - put your email address in there twice:

printf "Subject: blah" | sendmail -f user@gmail.com user@gmail.com

Postfix is working now. good. You go back to your PHP application and test the mail() function again. If it works then you're done, but if not you panic. You start feeling really hungry. You know that Postfix is working but maybe PHP or Apache haven't gotten the message yet. ok. So you see in Console that sendmail is crashing, you open the crash report in Terminal and it tells you there's an incompatible version of libxml. It wants 10 and you have 9. You begin questioning if any of this is worth it and maybe you should just go sit in front of a tv and forget about doing anything meaningful with the rest of your life.

After almost installing XCode and registering as an apple developer so you can make and install the newest version of libxml, you wonder if maybe MAMP comes with libxml and find that yes it does. So instead of spending 2 hours upgrading the system libxml only to find it doesn't do anything you just upgrade to the latest version of MAMP (1.8 at the time of writing) and it works. What?? it works? really? yup. so what do you do now?

REJOICE! with lunch.

Some of this was scoured from random forums and blogs in the midst of complete frustration and combined into steps that actually work. A chunk however was taken from this post: http://dejan.ranisavljevic.com/2009/05/28/enable-postfix-with-relay-outbound-to-your-gmail-account-on-os-x-leopard/ so check them out.

They're actually not sure if accounts were hacked or phished, but Microsoft is saying it's not a breach of their servers... Their probably going on the assumption that if the content was from their databases the passwords would be hashed, but what about xss or some rogue browser plugin? What if there's a breach in some popular software that lets people log into msn messenger and sends off their credentials? Or those 'who blocked me' sites that lure in American Idol voters. Either way they're reporting 10,000+ accounts exposed beginning with A and B, regardless of how they got the info one can only assume they have A through Z.. the probability of getting that many credentials and all of them happen to start with the first two letters of the alphabet? ANYONE that still has an @hotmail, @live, and whatever other domains Microsoft uses must change your passwords for ALL the sites you use, starting with your hotmail account. Assume all your mail and calendar appointments have been read by the original hackers AND about 100,000 other random people by now. Someone with access to your email account can reset all your passwords, online banking, facebook, etc. and gain access to all of it while simultaneously locking you out. Now while this is almost definitely not Microsoft's fault, I can't understand why so many people still use hotmail. Like it's almost as shit as Yahoo mail, and Yahoo mail is complete shit. Maybe this is a good thing, maybe it'll prompt a wave of computer literacy so users can protect themselves from this stupidity. Furthurmore WHY hasn't anyone thought to take phishing into the non-virtual world. A bunch of guys set up next door First National Bank with a big sign out that says "Fish National Bank" then just wait around for people to hand over their financial information. People are obviously ridiculously stupid. And while we're on the subject how pretentious is First National Bank, like anyone cares you were first.

Flash 10 has 90% penetration now, so it should be a "go" to develop for it if you've been waiting to fold some of the newer features into your applications but need to serve the widest possible audience.

Now on with what's new in Flash 10.1

Global error handling: Sort of a catch all for errors so you can gracefully deal with any uncaught errors.

Microphone access: You'll be able to deal with raw audio data from a microphone input (Something I've personally been waiting for since I began programming on the Flash platform)

User interaction: Multi touch including the ability to write custom touch gestures, and accelerometer access on mobile devices

Text and globalization: Improved  the new text layout engine released in 10.0, and new APIs

Content protection: Media encryption to protect premium video content. Access 2.0

Stream enhancements: It's easier to stream with any server. Useful for mobile devices briefly losing or changing networks won't hamper buffering, and skipping to the middle of a video you won't lose what was just buffered at the beginning of the video.

Live Media: More granular control over p2p communication, using groups to enable more efficient transmission.

Other: Lots of memory enhancements on mobile and desktop. Hardware acceleration for video content - H.264 and AAC. A circular buffer for playing large videos with little memory consumption. Vectors and images get similar gpu and memory improvements. When someone puts 80 youtube videos on one page Flash 10.1 will realize it's running low on memory and replace unloaded ones with a play button.

Read this for a detailed breakdown of new features.

 

First check out the Open Screen Project. Finally we're about to see Flash playable on a much wider variety of devices including Android based smart phones. With Flash as ubiquitous as open source web technologies html/javascript, it will be the platform that becomes mainstream. The idea "develop once, works everywhere" is key here. It's already free to develop flex applications, since Adobe released the Flex sdk as open source, I can use php with AMF, and they're continuing to open up their protocols and file formats. Being a Flex developer is a good place to be at the moment and 2010 is going to mean the proliferation of Flash across devices. It's already had like 95%+ penetration across browsers to create a uniform web experience, this is just the next logical step. So that's Full flash player on mobile devices. They've "revealed" Flash Player 10.1, the "first consistent runtime release of the Open Screen Project that enables uncompromised Web browsing of expressive applications, content and high definition (HD) videos across devices." Here's the press release:

Close to 50 Open Screen Project Participants Support New Browser Runtime for Multiple Platforms LOS ANGELES — Oct. 5, 2009 — Adobe Systems Incorporated (Nasdaq:ADBE) today unveiled Adobe® Flash® Player 10.1 software for smartphones, smartbooks, netbooks, PCs and other Internet-connected devices, allowing content created using the Adobe Flash Platform to reach users wherever they are. A public developer beta of the browser-based runtime is expected to be available for Windows® Mobile, Palm® webOS and desktop operating systems including Windows, Macintosh and Linux later this year. Public betas for Google® Android™ and Symbian® OS are expected to be available in early 2010. In addition, Adobe and RIM announced a joint collaboration to bring Flash Player to Blackberry® smartphones, and Google joined close to 50 other industry players in the Open Screen Project initiative. Flash Player 10.1 is the first consistent runtime release of the Open Screen Project that enables uncompromised Web browsing of expressive applications, content and high definition (HD) videos across devices. Using the productive Web programming model of the Flash Platform, the browser-based runtime enables millions of designers and developers to reuse code and assets and reduce the cost of creating, testing and deploying content across different operating systems and browsers. Flash Player 10.1 is easily updateable across all supported platforms to ensure rapid adoption of new innovations that move the Web forward. The browser-based runtime leverages the power of the Graphics Processing Unit (GPU) for accelerated video and graphics while conserving battery life and minimizing resource utilization. New mobile-ready features that take advantage of native device capabilities include support for multi-touch, gestures, mobile input models, accelerometer and screen orientation bringing unprecedented creative control and expressiveness to the mobile browsing experience. Flash Player 10.1 will also take advantage of media delivery with HTTP streaming, including integration of content protection powered by Adobe® Flash® Access 2.0. This effort, code-named Zeri, will be an open format based on industry standards and will provide content publishers, distributors and partners the tools they need to utilize HTTP infrastructures for high-quality media delivery in Flash Player 10.1 and Adobe® AIR® 2.0 software. To learn more about Flash Player 10.1 and to see video demos visit Adobe Labs. “With Flash Player moving to new mobile platforms, users will be able to experience virtually all Flash technology based Web content and applications wherever they are,” said David Wadhwani, general manager and vice president, Platform Business Unit at Adobe. “We are excited about the broad collaboration of close to 50 industry leaders in the Open Screen Project and the ongoing collaboration with 19 out of the top 20 handset manufacturers worldwide. It will be great to see first devices ship with full Flash Player in the first half of next year.” "We are excited to join Adobe and other industry leaders in the Open Screen Project," said Sundar Pichai, vice president of Product Management at Google. "This initiative supports our common goal to move the Web forward as a platform and to spur innovation in the industry through technology such as Adobe Flash." “Adobe Flash technology provides a key experience on new Windows phones, enabling people to enjoy rich Flash based games, videos and other interactive Web content on the go,” said Stephanie Ferguson, general manager, Product Management, Microsoft Corp. “We look forward to bringing in the new capabilities of Adobe Flash Player 10.1 to the Windows phone browser when it becomes available.” “Motorola is excited to be one of the first handset manufacturers to ship Android based devices with Flash Player support early next year,” said Christy Wyatt, vice president of software applications and ecosystem at Motorola. “As the No.1 platform for video on the Web, uncompromised browsing of Flash technology based content is essential for a rich mobile experience and something users expect from Motorola today.” “As a longtime partner of Adobe, and more than 400 million Nokia phones shipped with existing Flash technology to date, we are excited to see Flash Player becoming a reality for mobile phones and other mobile devices,” said Purnima Kochikar, vice president, Forum Nokia. “Nokia is excited about full Flash Player coming to devices and we are committed to supporting Flash Player 10.1 on mobile devices in 2010.” via Adobe

I just ran into some weird behaviour involving a for loop, some variables, and a bunch of anonymous functions. This is in Actionscript 3.0 using Flex SDK 3.4 and current Google Maps API(as of the date of this post&mdash I read somewhere they're rolling out a new version although it's not really relevant for this post)

So below I have a function that loops through the xml result of an http service, for each item in the result it creates a marker on a map and gives that marker a click event. When you click on a given marker I want a window to pop up with the name and description of that location, so the following is the code you'd expect to write. For simplicity sake you can keep an eye on the i:int variable which will help clarify the issue.

 
//trace(i) will always output total items in the xml result
private function processResult(event:ResultEvent):void {
 
  var total:int = event.result.data.item.length;
 
  for (var i:int = 0; i<total; i++) {
    var item:Object = event.result.data.item[i];
    //this will create the marker object
    var marker = new Marker(new LatLng(item.lat, item.lng), new MarkerOptions({fillStyle: {color: 0xEE9C21}, radius: 7, tooltip: item.name}));
 
    marker.addEventListener(MapMouseEvent.CLICK, function():void {
      //this will open an info window when the marker is clicked
      map.openInfoWindow(map.getCenter(), new InfoWindowOptions({hasTail: true, tailHeight: 5, hasShadow: true, title:item.name, contentHTML:item.description}));
      trace(i);
    	});
  map.addOverlay(marker);
  }
}
 

Now what you'll find with the above code is that no matter which placemark you click on, they will all show the same name and description. Say that there are 5 items in the xml result, tracing i will output the number 5.

If you're new to programming, yes i will be 0 during the for loop's first run. Yes having 5 items and starting at 0 means it should be 4 for the last run, but the value of i increments one last time to make the i<total condition false before it exits the loop, so essentially it uses the final value of i for all the placemarks which is 5.

I can't see any reason why this should be happening other than language or framework immaturity.

The solution; or I should say the easiest, quickest solution, is to create an external function for marker creation that is called by the for loop, which for clarity's sake will only contain the part that's required to explain the concept and make it work ie: adding an event listener to the marker, but in the real world should have all the code necessary for creating a marker - that way you'd have an independent marker creation function you could call from anywhere in the application. Below is the working code:

 
//trace(i) will output the correct index depending on the placemark clicked
private function processResult(event:ResultEvent):void {
 
  var total:int = event.result.data.item.length;
 
  for (var i:int = 0; i<total; i++) {
 
    var item:Object = event.result.data.item[i];
    var marker = new Marker(new LatLng(item.lat, item.lng), new MarkerOptions({fillStyle: {color: 0xEE9C21}, radius: 7, tooltip: item.name}));
 
    //call external function and pass variables to it
    placeMarkerAddClickEventListener(marker, item.name, item.description);
    map.addOverlay(marker);
  }
}
 
//external function
private function placeMarkerAddClickEventListener(marker:Marker, name:String, description:String):void {
 
  marker.addEventListener(MapMouseEvent.CLICK, function():void {
 
    map.openInfoWindow(map.getCenter(), new InfoWindowOptions({hasTail: true, tailHeight: 5, hasShadow: true, title:name, contentHTML:description}));
    });
}
 

If you have Adobe CS, Flex Builder, Flash Builder or otherwise use the Debugger version of Flash Player you quickly realize that a lot of sites out there don't bother with error handling in their apps and widgets.  This sucks because everywhere you go you get these error messages and all you can do is click them away and contact the developers, who if they cared would have dealt with the errors in the first place.

You can easily disable these error messages and then just re-enable them when you're debugging something. So here's how to do that:

1. Find or create a file called mm.cfg in the following folder:
   OS X: /Library/Application Support/Macromedia
   Win XP: C:\Documents and Settings\username
   Win Vista: C:\Users\username
   Linux: /home/username
2. Add the following line to the file and save it:
   SuppressDebuggerExceptionDialogs=1
3. That's it, to turn debugging back on change that value to 0