Isn’t it a perfect day to read another lambast of the Flash Player for Security Issues?

Security firms and Interested Institutes keep stumbling on security issues and vulnerabilities almost every waking hour of the day. Very recently, Google Researchers documented serious vulnerabilities in Adobe Flash SWFs. Another Flash related security issues surfaced about a week ago that the Universal Plug and Play (UPnP) interface of your Router may be highly vulnerable to use by hackers seeking to modify their settings — such as choice of DNS Server — from an external location using Flash.

Read the rest of this entry »

Adobe have today released Flash Media Server 3.

The server now ships in two editions, the Adobe Flash Media Streaming Server 3 (FMSS) is ideal if all you want to do is serve up live or on demand video while the Adobe Flash Media Interactive Server 3 (FMIS) gives you access to all features including video recording, server side Shared Objects and more.

FMSS retails at USD $995 while FMIS will set you back USD $4500.

Read the rest of this entry »

Click on a single malicious Flash file, and you risk losing control of your router, according to two researchers.  GNUCitizen.org’s Petko D. Petkov and Adrian Pastor judge the issue to be “HIGHLY SEVERE!”

 So let’s take a step back to examine the issue itself.  Between two articles, Petkov and Pastor spent about 2,300 words writing about it, and if you want to fully understand the matter, we’d recommend reading them all.

But, if the what-it-is-and-how-to-fix-it version will satisfy you, Robert McMillan summarizes, “By tricking a victim into viewing a malicious Flash file, an attacker could use UPnP to change the primary DNS (Domain Name System) server used by the router to find other computers on the Internet.  This would give the attacker a virtually undetectable way to redirect the victim to fake Web sites.”

McMillan later continues, “The attack is particularly worrisome because it is cross-platform – any operating system that supports Flash is susceptible – and because it is based on features of UPnP and Flash, not bugs that could be easily fixed by Adobe or the router vendors.”

Here’s the good news, though: as far as anyone knows, it’s just the two researchers who know anything about this method of attack.  Also – although may be side effects from doing this – Petkov and Pastor give instructions on how to turn UPnP off, and say that doing so should effectively prevent the attack.

 It’s rare that we see security researchers use bold, all-capital letters in combination with exclamation marks.  You might consider that while thinking through the issue.

I thought Flash Bashing, these days, was done only by the Internet’s semi-literates! Coming from a respectable person like James Gosling, the creator of Java is rather uncalled for. Nonetheless, it is understandable since his work somewhat relates him to JavaFX (supposedly, a competitor to the client side apps of the Flash Platform). He has all the right to be on the defensive (rather abusive) perspective towards their extremely successful competitor - Flash.

Redmond Developer News published an interview with Sun Microsystems’ James Gosling, in which they discussed JavaFX and its competition in the RIA space. Gosling shared some pointed thoughts on how he believes JavaFX compares to the Flash / Flex platform.James said, “If you look at something like Flash, when you get to the much more advanced stuff — richer interfaces, more complex network protocols, more complex APIs — it really falls short.”

Read the rest of this entry »

O’Reilly Digital Media just released an article from Colin Moock titled “ActionScript 3.0: Is It Hard or Not?“.

Here is a warning: This article is best suited for ActionScript Beginners.

I regularly hear people claim, incorrectly, that to use ActionScript 3.0, you have to know object-oriented programming, or every variable’s datatype must be declared, or everything has to be in packages and classes. In practice, none of those assertions are true. ActionScript 3.0 code can be placed on timelines, exactly as it was in ActionScript 2.0 and ActionScript 1.0. The code doesn’t have to reside in classes. Variable datatypes don’t have to be declared, even in the strict compilation mode. The language is designed to provide as much or as little structure and flexibility as the task at hand requires. If you prefer to program procedurally with functions and variables declared in frame scripts, you can continue to do so in ActionScript 3.0.

Read the rest of this entry »

Or maybe I should say pseudo-stream… but hey, at least the headline got you to read the post

I’m sure that by now you all know about this popular PHP approach to serving FLV videos progressively, but with the added benefit of being able to seek to any part of the video more or less immediately - something that traditional progressive delivery is not capable of.

The PHP approach (which in the meantime has been ported to many other server side languages such as ASP and ColdFusion) is targeted squarely at FLV delivery, a format which may lose a bit of its popularity over the coming months as H.264 support for Flash video becomes more widely available.

But fear not, because the clever guys from code-shop have alread been busy developing a H.264 pseudo streaming plugin for Lighty, a very light weight and performant webserver.

The plugin allows Lighty to serve up H.264 encoded video content in an almost identical way to the ‘old school’ PHP method.

The implementation as a webserver plugin is also much more efficient than the script based approach (which itself is not bad at all).

You can check out a demo here.

Comments

…and this one even works on my Mac!

After having received heavy criticism for rolling out a download based video player which only worked on Windows, the BBC have now teamed up with Adobe and launched the beta version of their new Flash and FMS powered streaming video player, niftly names iPlayer (has Apple sued them yet?).

No longer need UK based viewers miss recent episodes of The Mighty Boosh or Spooks, as virtually all BBC programs are archived and available online for up to 7 days after they have aired.
Read the rest of this entry »

My main development machine is a Wintel iMac running Leopard and Windows XP, the latter of which is normally fired up in Parallels (rarely in Bootcamp).

The main downside of this setup in my opinion was the fact that the FMS applications directory resided on the XP virtual machine which meant that every time I had to make a change to a server side script I had to either edit it directly in XP or (as I prefer) make my changes in OSX but then had to copy the file over to the FMS applications directory in XP. So I thought to myself ‘wouldn’t it be nice if I could somehow map my OSX development directory to FMS and use that folder as the main applications directory for my FMS apps?’. I knew that folders can be shared between OSX and XP (the former being the host OS and the latter the guest OS) but I had little hope it would actually work. Well guess what, it worked and it was really easy to set up.

Read the rest of this entry »

Good morning Flashers. It’s official: Flash Media Server 3 will be released in and it will improve pricing dramatically (yay!).

New Server Editions
This has been a long time coming and it marks a huge step forward for FMS as a platform. There will be no more bandwidth or connection limitations (instead it’s all you can eat so to speak) and there will be two server editions which simplify the whole offering greatly: Adobe Flash Media Streaming Server and Adobe Flash Media Interactive Server. A free developer edition is also available.

As you may have guessed, Flash Media Streaming Server will allow you to - wait for it - stream video (both live and on-demand) while Flash Media Interactive Server basically presents the current feature set of FMS2 (and then some more), the swiss army knife of media servers which supports not only streaming but also has scripting capabilities, server side remote objects, and everything you are used to to date. This means that Flash Media Streaming Server (FMSS) is basically a stripped down version of the Flash Media Interactive Server, and it will cost less too (and pricing was a major sore point to date). This makes sense, because so far you had to pay for all features even if all you wanted to do was push video.
Read the rest of this entry »

Yahoo is upgrading the Yahoo Widgets platform to be compatible with Flash and HTML widget development.

“Flash opens the door to all sorts of rich experiences” said Yahoo director of product management Scott Derringer.

Version 4.5 was announced yesterday and supports actionscript as well as Flex. eWeek reports:

Other new features from Yahoo for developers include the ability to create more engaging desktop widgets by using new rich-media capabilities, including video. Developers also can now download their desktop widgets from any Web page with one to two clicks via the new in-page installer badges. Developers’ widgets also can now be discovered by more users via the Yahoo Widget Gallery, which features a new search engine optimization capability, Derringer said.

Yahoo also revamped its widget offerings for consumers. The company is making it easier for users to discover and download desktop widgets that deliver content and services from the Yahoo Widget Gallery.

Apart from that, a new security model has been put in place as well as a full W3C-compliant DOM allowing for easier JavaScript development.

The New York Times has more on Yahoo Widget Engine 4.5.