Kevin Hoyt

Ethan Malasky, from the Adobe AIR engineering team, joined on AIR Tour Europe crew for the first week of the second leg to present on security in Adobe AIR. As an engineer on the AIR team, Ethan can talk about the security model in a way few others can, often giving insight as to why specific decisions were made. Ethan also has access to the source code, and can do fun things like create custom builds with security turned off, and show you the danger of a world without the security model.

We get amazingly diverse feedback about the security model in Adobe AIR. Sometimes, developers feel that web technologies shouldn’t have such power. Sometimes, developers feel that Adobe AIR doesn’t give them enough power. Other times, the feedback is more subtle about certain aspects of how security presents itself. Regardless of your position, I think this presentation is worth a listen. The MP3 audio recording of Ethan’s presentation is available for download (21.1 Mb) and runs just a hair over 23 minutes.

Probably my favorite aspect of Ethan’s presentation is at the very end when he presents a world without the Adobe AIR security model. He does this by using a custom build of the Adobe AIR runtime, with security turned off.

Mike Chambers spent the tour building a simple Twitter client using the HTML/JavaScript workflow, called Twimple (why not, it’s the new “Hello World” of programming). Ethan ran Mike’s application once in this custom AIR runtime and was able to quickly hijack the API’s to start performing malicious acts on his computer. When run in the publicly available version of Adobe AIR with the security model in place, he could only present an alert box, and no damage was done. Food for thought.

In case you missed it, Adobe AIR 1.1 launched on Monday, June 16 as well. A big focus of Aodbe AIR 1.1 was internationalization and localization. The installation and other runtime dialogs have been translated into nine (9) different languages, giving you a broader audience for your AIR applications. Keyboard support for double-byte languages has been added. There’s also internationalization support for everything from the “name” attribute in the application descriptor file, to Capabilities.language, to context menus and the Mac menu bar. There’s a lot more in there too, and I encourage you to read the release notes.

While on the AIR Tour Europe, I give two presentations. The video recordings of those are being encoded, as is Ethan’s talk, and all the others. In my first presentation, on developing AIR applications with an HTML/JavaScript workflow, I try and show as many approaches as possible. This includes a text editor and command line, Dreamweaver CS4 (works with CS3 as well), and Aptana Studio. If you watched closely during this presentation, you would have seen that I make a subtle change to the Aptana-generated application descriptor file. This is because Aptana used to generate an AIR Beta 3 descriptor file. Well no more, as Aptana Studio now also supports AIR 1.1!

I should also mention that Serge Jespers’ presentation on updating AIR applications, should now be considerably more challenging to put into a thirty (30) minute time slot, as there’s a new AIR Update Framework available as well on Adobe Labs.

If you’re a Flex developer, you’ll no doubt be familiar with the Flex Cookbook on the Adobe Developer Center. Well, alongside the Adobe AIR 1.1 release, the Developer Center has opened the doors to the Adobe AIR Cookbook, which is already filled with great content from a variety of authors. It’s a great place to start if you’re just approaching AIR for the first time. If you consider yourself an AIR pro, then you can also submit your tips into the cookbook. Select cookbook contents will eventually be published in an O’Reilly book.

It’s never a dull moment here in the world of Adobe AIR. New content, insights from the AIR engineers, European tours, a new runtime version, additional support from vendors and the community! I’m pretty sure the AIR team doesn’t ever sleep.

This entry was posted on Tuesday, June 17th, 2008 at 5:36 pm and is filed under AIR. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.