OpenID31 items tagged “flash”
Running C and Python Code on The Web. Adobe are working on a toolchain to compile C code to target the Tamarin VM in Flash. This will allow existing C code (from CPython to Quake) to execute in a safe sandbox in the browser. 
4th July 2008, 8:26 am
Poking new holes with Flash Crossdomain Policy File. This is an old article from 2006 which describes the crossdomain.xml hidden in a GIF exploit I referred to in an earlier post (scroll down to the appendix for an example). As far as I know the Flash Player’s crossdomain.xml parser has been tightened up since. 1st July 2008, 4:12 pm
Using the patent application as a guide, Apple appears to be making room on the iPhone for flash memory, which means an end to Apple’s standoff with Adobe (ADBE) that’s kept iPhones from easily viewing a plethora of Internet videos.
— Ben Charny 
6th June 2008, 9:08 pm
Scaring people with fullScreen. Unsurprisingly, you can work around the “Press Esc to exit full screen mode” message in Flash by distracting the user with lots of similar looking visual noise. This opens up opportunities for cunning phishing attacks that simulate the chrome of the entire operating system. EDIT: Comments point out that text entry via the keyboard is still disabled, limiting the damage somewhat. 
2nd June 2008, 10:18 pm
Obscure bugs revisited: IE, HTTPS and plugins. Filed for future reference: IE breaks mysteriously if you serve it up plugin content (e.g. Flash) over HTTPS with a no-cache header—it deletes the file from cache before the plugin software gets a chance to open it. 
30th May 2008, 9:54 am
Crossdomain.xml Invites Cross-site Mayhem. A useful reminder that crossdomain.xml files should be treated with extreme caution. Allowing access from * makes it impossible to protect your site against CSRF attacks, and even allowing from a “circle of trust” of domains can be fatal if just one of those domains has an XSS hole. 15th May 2008, 8:06 am
Adobe and Industry Leaders Establish Open Screen Project (via) Talk about burying the lede... the real story is that Adobe are going to drop the license restriction that prevents other people from implementing SWF players. They’re also publishing the AMF and Flash Cast protocols and removing licensing fees for Flash Player on devices. 
1st May 2008, 9:43 am
XSS Vulnerabilities in Common Shockwave Flash Files. Is the word “shockwave” still relevant to Flash? Regardless, it turns out Flash can be a serious vector for XSS attacks, and many commonly used components have recently fixed holes (and hence should be updated ASAP). 6th January 2008, 9:35 am
BBC iPlayer now supports streaming Flash for Mac and Linux. Absolutely fantastic—it Just Works, you hit the homepage and you can be watching video in seconds. No need to even sign up for an account. I imagine IP ranges are used to block access from outside the UK. 
14th December 2007, 12:36 pm
VectorMagic. Neat online tool (with a Flex frontend) for tracing bitmap images in to vectors, based on research at the Stanford AI lab. 28th October 2007, 11:46 am
Halo 3 Site Demonstrates Flaws in SilverLight. The Halo 3 “interactive manual” is like a throwback to Flash in the late 90s—“skip intro”, pointless transitions, text you can’t select or enlarge, links that aren’t links—all wrapped up in an ugly blob (only this time it’s XML instead of binary data). 27th September 2007, 2:38 pm
gefingerpoken. Michal Migurski shows how to implement the algorithm for two-finger deforming drag using affine transformation matrices in Flash. 24th September 2007, 8:50 am
H.264 support coming to the Flash player. It looks like this is a response to the higher video quality offered by Silverlight. I wonder if YouTube knew about this when they started transcoding their videos to H.264 for the Apple TV and iPhone. 21st August 2007, 8:28 am
Brendan Eich: New Projects. Exciting new projects from Mozilla. ActionMonkey is joined by IronMonkey (IronPython/IronRuby on Tamarin) and ScreamingMonkey (Tamarin for IE). Upgrading IE’s JavaScript using the Flash Player as a vector is a game-changing idea. 26th July 2007, 8:05 pm
SWFUpload. Fantastic Flash widget for handling multiple file uploads with progress indicators; degrades gracefully to a regular HTML upload field. 16th May 2007, 4:12 pm
The web can eat toolchain bait like this for breakfast.
— Mike Shaver 11th May 2007, 3:43 pm
Poly9 FreeEarth (via) Seriously sexy embedable 3D Flash globe, with a JavaScript API. 10th May 2007, 9:17 pm
Dell to Offer Ubuntu. That right there is why I find Flex more interesting than Silverlight. 1st May 2007, 6:39 pm
Adobe open sources Flex. Ted Leung says that this might indicate the possibility of Adobe open sourcing Flash itself in the future. 26th April 2007, 11:24 am
SoundManager 2. JavaScript sound API, using a bridge to Flash. 16th April 2007, 4:47 pm
Modest Maps. Flash draggable maps library, BSD-licensed. Use it with tiles from OpenStreetMap / NASA / Google / Yahoo! etc or run it against your own tile set. 23rd March 2007, 3:41 pm
Flash vs. Ajax: It’s time to expand your toolbox. Dan Webb offers his smart, pragmatic take on the Flash vs. Ajax permathread. 20th March 2007, 9:49 am
Adobe wants to be the Microsoft of the Web. The base platform technology for RIAs is too important to be controlled or designed by any single party. 2nd March 2007, 1:01 pm
swf Image Replacement. Really neat idea: unobtrusively replace an inline image with a SWF, then apply effects like rotation, rounded corners and drop-shadowns. Shame it suffers from Flash-Of-Unstyled-Content. 27th February 2007, 7:51 pm
Flash MP3 Player. Nice little embeddable MP3 player, with support for single files or Atom/XSPF/RSS playlists. 25th February 2007, 2:13 am
TagMaps. The toolkit behind the new YRB World Explorer, available to developers as a reusable Flash component. 19th January 2007, 10:01 am
How the myspace SWF hack worked. If Flash is a vector for XSS, is this the end of Flash badges? 17th July 2006, 6:04 pm
Fjax: Just say no
To my utter amazement, a decent amount of buzz appears to be building around a new “technology” called Fjax—much of it centred around this interview on Webmonkey, but also benefiting from a mention on the O’Reilly Radar and of course the obligatory Digg story. [... 879 words]
Learning Flash for programmers?
I’ve decided it’s about time I learnt some Flash, mainly because of the exciting opportunities posed by the Flash-JavaScript bridge. It’s become pretty obvious now that Flash is the most practical option for dealing with audio and video on the Web, and the bridge means that anything Flash can do is now available to JavaScript as well. Google Finance and the Yahoo! JS-Flash Maps API are just two recent examples of why this stuff is worth knowing more about. [... 138 words]
Yahoo!’s new twist on mapping APIs
One of the most exciting things I’ve seen at Yahoo! since starting here has finally been made public: the new Yahoo Maps. The map application itself differs from many other recent map sites in being rendered entirely in Flash. This leaves far more scope for interface niceties, but doesn’t it reduce the scope for hacking that made things like Google Maps so much fun? [... 623 words]
Flickr without the Flash
One of my favourite panels at SxSW this year was the Flash vs. HTML Game Show, in which a team of HTML/JavaScript gurus took on a team of Flash gurus showing off pre-prepared solutions to tasks set for the panel. One of the challenges was to come up with enhancements to Flickr using the team’s assigned technology. [... 353 words]
