October 24, 2007

Continuous Integration with Flex, FlexUnit, and Ant

I've posted a version of my slides (0.5MB PDF) that were used for my Flashforward talk and MAX talk under the titles "Automation of Flex Building and Unit Testing" and "Continuous Integration with Flex, FlexUnit, and Ant" respectively.

The demonstration files used in the talk are mostly equivalent to the tutorial and template directories that are included in Antennae.

The resources mentioned in the talk are listed below:

Tags: ant flashforward2007boston flex flexunit max2007chicago

October 24, 2007

MAX 2007: Case Study: ESRI Geospatial Application Using Adobe Flex

Rough Draft Notes

Mansour Raad

ArcWeb Services, APIs for adding GIS data to applications.

Data Visualization: GeoRSS includes lattitude, longitude, point, line. Looking to create 2D/3D map interaction. Vector data is much faster to work with (Poly 9). gwx:Map and poly9:Globe are a couple of components that make it easy to work with the data.

Mashups: Edge 305 to gather data. Created a GPX feed. Combined with photos and leveraged ESRI map data to show route and tag with photos. gpx:GPXLayer and awx:BubbleMarker were some of the components used.

Framework in general. User has full control over draw methods. Supports client side spatial searches. Showed example of circling section on map and highlighting those points within it. Uses client side RTree. Using the server select a point and call utility.getDriveTime returns geometry object with real-time 5 minute drive time radius. Has server side natural language processing to determine location. Example was "Let's get a Chicago deep dish pizza at the corner of main and elm in Boston." Determines that Chicago isn't a location.

Mentioned MIT Simile AJAX project to combine GIS data with time line visualization.

SHP file format. There is a Google code library that can read it.

Modify display with things like Graphics.curveTo with a control point.

ERS demo application. Placed barricades on map and allowed people to determine how to route around them. Used to help Minneapolis public after bridge collapsed.

Beta of APIs and services available at www.esri.com/flex

Other URLs of interest
www.arcwebservices.com
thunderheadxpler.blogspot.com

Tags: flex gis max2007chicago

October 24, 2007

MAX 2007: Best Practices for Developing with ActionScript 3.0

Rough Draft Notes

David Hassoun

Talk will focus on resources and guides, this isn't a how to.

Three main pieces: Analysis (what to do), Design (how to do it), and Implementation (creating code)

Saffron AIR UML Tool, Enterprise Architect, UML and a focus on class diagrams
Unit testing frameworks include FlexUnit and ASUnit

Coding Guidelines: Doesn't matter what you pick, but consistency is key.
Areas to consider: object creation policy, variables typing and scoping, package structure, class structure, naming conventions, code commenting, and curly braces

Not confirmed but mentioned something about declaring multiple variables on a single line as being more efficient. (ala. private var foo:String = "", bar:String = "";)

Program to interfaces.

Memory and performance. Areas to consider include: deferred instantiation, paging in data, don't load assets until needed, remove references, remove trace statements, use the mxmlc optimize flag (on by default I believe), use int as type of loop counter.
Unconfirmed but mentioned accessing static member variable in a loop is more expensive then copy value to local variable and referencing that instead.

Architecture: Create and use frameworks (reusable code blocks).: provide proven and targeted solutions and the expense of code size and potential bugs. Design patterns are repeatable solutions and should be used as needed. RSLs and modules great for sharing code and leveraging testing effort (once tested can be used again with higher confidence). Look at using -link-report and -load-externs command line options. Flex 3 is adding cached framework library. Flex Builder 3 has UI for setting up and using modules.

Best practices: code management and version control. Create code integrity, do unit testing, and continuous integration.

Tags: as3 flex max2007chicago

October 24, 2007

MAX 2007: On AIR Security

Rough Draft Notes

Lucas Adamski

AIR Threat Model
Installation
Runtime managed dialog, application signed by CA, self-signed = unsigned
Line between guaranteed harmless/automatic execution to full privilege/explicit install.
Only time user makes a decision is on the security dialog
AIR updates must be signed by the same publisher

Elevation Attacks
Remote content should not be able to discover anything about local system.
Should not be able to cross sandboxes.

Injection Attacks
JSON isn't a problem, JSON by eval() is the issue.
Smallest sandbox is a frame.
Injection Vectors: Code importing, DOM manipulation, URI schemes, Code generating functions.
Focused on protecting the user, not the developer.
Mitigations: Escaping or stripping (requires diligence). Clearly separate code and data (SQL prepared statements are a good example).

Typical Desktop Application Threats
Writable files
Credentials stored insecurely
Default passwords
Buffer and stack overflow
Upgrade/downgrade attacks (manually uninstall to downgrade)
Applications should not update without explicit user permission, no runtime importing to application content from remote servers.

AIR Security Model
Scripting languages have greater access than browser
Dynamically loading shouldn't have access
Provide loading mechanism that puts loaded data in its own sandbox
Explicit communication mechanisms
Safer cross domain data

AIR Does Not
Can't run untrustworthy applications
Prevents security mistakes
Has sandbox to guarantees security

AIR Does Provide
Full system access
Explicit installation
Signed applications

Guiding Principles
Local and remote data is like running in a browser
AIR shouldn't be natively more dangerous than other platforms
AIR shouldn't be a vehicle for attacking machines
AIR shouldn't require security guru
Develop paradigm during beta process

Flash in AIR
app-resource vs. app-storage
Application content: no asfunction, loader.loadbytes(),
Non-application content: no direct AIR API
No one: no write to app-resource, sandboxBridge

HTML Security Model
Application (desktop model) vs. Classic Sandbox (Browser like)
Application: direct air access, set innerHTML but script ignored, dynamic allowed only during load
Classic: dynamic always permitted, script for JSON are fine, no direct AIR API

Have to wait for parent Sandbox bridge before you can do anything

Cookies can be turned on/off.
SSL supported
Secure local store API, generic secure key storage (app ID and user Key)

Q: If I download a SWF into application-storage will that have fewer privileges than a SWF loaded from application-resource? Yes. Looking in the long term to provide plug-in API (not 1.0). Bridging will get you there. In general it's not prevented just discouraged.

Tags: air flex max2007chicago security

October 24, 2007

MAX 2007: Keynote

Rough Draft Notes

Kevin Lynch is giving the keynote.

Connect. Discover. Inspire.

MAX around the world. MAX the dog is in the AIR park.

Adobe Developer Connection is launching.

Connect beyond the conference with Intronetworks.

25th year anniversary of Adobe. Going to keep staying on the leading edge. Pushing technology forward.

Shantanu Narayen. Best attended MAX ever. Time is right for brand new type of application. Combine power of desktop with interactivity of the web. How to engage customers, need to keep them front and center.

5 rules for experiences.


  1. Content is king: interface can be barrier to getting at content. Think about content first.

  2. Make it personal: one size doesn't fit all. What the user wants when they want it. N70 news demo contrasted with 17 year old MMS and entertainment focus

  3. Less is (still) more. Focus on a few things and do them really well. Premier Express video editing experience demo. Simple Drag and drop experience to create timeline, add borders, captions, and edit clip length.

  4. Movement has meaning. Actions meets expectations of user. Adobe Media Player, using glide UI transitions to help the user know what is going on.

  5. Create an experience not a UI. California Tour ride site as an integrated experience example.

Take quality of digital experience to a whole new level. The Internet, Remixed.

Kevin is back:

Video:

70% of video on web is Flash. H.264 is becoming widely adopted, now in Flash player. Yahoo video: view HD content with custom UI without re-encoding. Plan to playback support iwht Adobe products. Up to 1080p, full csreen hardwrae acceleration. 480p versus 720p video comparison at full screen. Halo 3 Great job of Microsoft using Flash on their website.

Adobe Media Player: Bring in video, streaming or download. Catalog of video feeds. CBS, PBS, and long-tail content. Associate Ads with content or free stuff. Pre/post, on top, and overlay ads. Available on labs today.

FlashLite 3.0 will be available on Nokia soon. Video being brought to mobile phone. Nokia N95 with video demonstration, same CSI clip. Flash Media Server delivering video.

Websites:

United Way example being improved with Cold Fusion and Dreamweaver, presented by Ben Forta and Scott Fegette. Cold Fusion 8 is out, Dreamweaver CS3. What features could be added. Custom experience based on combining form data with custom generated PDF based on data entered. Dreamweaver CS3 Spry 1.0.6 available on labs. Using accordion framework. Apply source code formatting in CSS file. ColdFusion ships with LifeCycle Data Services. Capture bitmap data send it to the server, save as a JPG and then AJAX to include it on the page.

Applications:

Scrapblog built with Flex. Get desktop applications connected with AIR.

Giving an overview of AIR is Ed Rowe. Custom Manager by Nitobi. Sales representative to use in the field and integrates with Salesforce.com. Putting rich experience on more than one application. Dragging VCard from desktop and loading into desktop application that is syncing up to website. Beat 2 of AIR, Beta 2 of Flex 2, Dreamweaver AIR Extension, and Flash Authoring AIR Extension are now all available on Labs.

300,000 downloads of AIR runtime and 100,000 downloads of SDK. Flex is now free, best way to build RIAs.

Flex Team Heidi Willimas is talking about developer features. 4 new features.

  1. Profiler
  2. Language Intelligence
  3. Advanced Data Visualization
  4. Flex Framework Caching

Giving profiler demonstration. Jump from report to method. Refactoring of method name. Lots of styling with advanced data grid. Drag select and drill down information. Multiple column sorting.

Kevin is talking about AIR Developer Derby. Five winners.
Spaz.AIR, Ora Time Tracker, Agile Agenda, SearchCoders, Digimix. Agile Agenda is overall winner. Demonstration of application.

eBay launching their AIR application today. Bob and Cary from Disney and Frog are showing their application online. Travel agent application that is outside clutter of email and Disney branded. Frog Design was doing design work. Store offers locally. Customer management list. Drag and drop selected text from PDF. Created PDF right from application.

Tweetair (sp?) (Twitter application), Snippage (make your own desktop widgets by clipping websites), Pronto! (Calendar application with Google analytics integration), Paypal (Transaction history, charts of history, showing drag and drop between AIR applications), SAP Briefing book (Synchronizing data, charting against dragged in Excel data), Digimix (Audio editing, save as WAV to disk), Pownce (Social networking application), Nick.com (puzzle, tied into web site), AOL Top 100 Videos App (Video browsing and viewing), Buzzword (Flex word processor, desktop AIR and online, documents optionally saved online, Microsoft DOC import) Adobe has acquired Buzzword company, Anthropologie (Cross media experience, print catalog, email, website, and desktop application, search by color, personalized note experience, build by Allurent),.

MTV and Adobe AIR Challenge.

Announced Facebook chat application using their API and build on AIR being worked called WaveIM (sp?)

Astro Flash player being presented by Emmy Huang and Justin Everett-Church: Advanced Text Layout Support (bidirecitonal language support). Correct word wrapping. Multiple column support. Native support for perspective transforms. All display objects can be transformed in 3D and maintain full interactivity. Rotation X, Y, and Z. Custom filters, blends, and fills. Hydra (sp?) new effects language. Toolkit available on labs today. Pixel sampling technology.

Tags: max2007chicago

October 24, 2007

MAX 2007: Keynote 2

Rough Draft Notes

Kevin Lynch

adobe.mtv.com Adobe AIR contest now open

Bruce Chizen

Financial community is like tooth drilling without novocaine. Press is fascinating. Print the words he says but surrounding it with other stuff, which isn't what I meant. As as CEO privacy is an issue. How much he makes is public. Now as a CEO there is legal risk, signing his life away.

Saturday. Dave Mathews Band concert. Back-stage pases. Talking about Adobe products.

In Keynote, sneak peaks, what developers/designers do with tools Adobe provides.

Kevin

Server, Services, and Tools

Back common server side patterns into server code and reuse there.

Steven Webster

Experience matters, that happens on the glass. Experience behind the glass. LiveCycle ES, back-end to rich experience front-end.

Mitch Fried (mfg.com) online marketplace, geographically diverse, RFQ lots of data. Real-time back end matching., 3D PDFs with policy settings.

Steven

LiveCycle on top of Java SOA. Data services (what was FDS) is one piece of LiveCycle.
LiveCycle workbench (Eclipse based). Form guide builder. Getting to scan a piece of paper and turn it into an RIA.
Rights Management and Digital Signatures. Prevent printing or emailing. Assure return of confidential information.
Process Management. Workspace ships with LiveCycle to define and work with processes.
LiveCycle is available free on devnet.

Kevin: Adobe looking to create hosted services.

Scene7 Imaging, Share, Pacifica, CoCoMo

Doug Mack: Scene7, Rich media service and automation. Single master image. Many parameters to control flow. Demo of online uniform creation. Take content for granted and just design the experience. Delivered as SaaS. Scene7 image portal. QVC demo with AIR, Scene7, and Video. Looking to be as strong with print and online.

Andrew Shebanow: SHARE, file sharing in and outside firewall. 1GB of storage. Uploaded file from desktop, virus scanned, emailed person data was shared with, thumbnailed document. Viewer is Flash Paper on steroids. Embed file into HTML page through custom control. REST APIs (upload, share, retrieve). Also have AS3 libraries. In the future more improvements with file formats and organizations.

adobe.com/go/share/ beta available now.

Danielle Deibler: Pacifica, high quality voice, messaging, and presence. Almost like HD voice. Video preview sharing. Point-to-point connection on top of Pacifica service. High quality voice, text messaging, presence, NAT and F/W traversal. Roadmap: video, p2p, air, pstn access.

Private Beta starting this month, looking for people with applications that would fit the platform, also they are hiring.

Nigel Pegg: CoCoMo, Adobe Connect, been working on new client-server platform. Client UI now in Flex, now UI component framework, have access to lower level APIs. Opening up hosting infrastructure, real-time data messaging, av streaming. , , ,

Kevin: Thermo (Designers to create RIA)

Mark Anders, Stephen Heintz: Thermo, RIA Design Tool. Creating Flex applications. Own design. In context (x, y, width, height) display. Flex framework extensions (mx:Graphic, mx:Rect). Import PSD. Options to treat layers. (mx:BitmapGraphic, mx:TextGraphic). "Convert Artwork To". List management (auto random data). State management and automatic transition creation. Visual bind of controls. Automatically repeat sample data. Thermo and Flex Builder share project definitions.

Start to be available next year.

Kevin: XD

Mike Sundermeyer: What makes a great experience. Adobe inspire experience design site.

xd.adobe.com (alpha) Case studies, design patterns, hot topics.

Kevin: Biggest Flash Device. Susan B Yacht, Captain Kirk. InteliSea.

Tags: flex max2007chicago