This demo / source file is one which was used during the Papervision3D Workshop in Amsterdam, during the fantastic FITC Amsterdam 2008 event. These are the modified final sources for the example I did at the end of the day. Although quite simple, I think they are very useful at illustrating on how to use shaders. Download the sources here.
Yesterday Adobe announced a Security update on Flash Player 9. So, time to go back to your sources and check. As you might have noticed I wasn’t the biggest fan of the tighter security in the FP 9.0.115 update; it broke the RTMP streaming hack, breaking the ability to get bitmapdata’s from FLV streams. The word hack indicates the official status of that method, so Adobe wasn’t really to blame here. So far for the 115 update…but, as it turns out, that was just half of the story.
The upcoming April 2008 Security Update release will tighten security a bit more, and you need to check if it won’t break your running instances…here’s what you should beware of…
You use sockets or XMLSockets, regardless of the domain to which you are connecting
What’s been changed ? Quote :
“This security update will make the optional socket policy file changes introduced in Flash Player 9,0,115,0 mandatory.”
Ok, so everyone who’s using sockets….really, really needs to check.
You use addRequestHeader or URLRequest.requestHeaders in any network API call when sending or loading data cross-domain or You provide access to content on remote domains as a web service provider.
Ok, that’s alot of us too 
Apparently, it currently is possible to send malicious headers to vulnerable domains….I’d say it would be up to the recieving end to fix their security…but ok.
Ok, that’s quite a few SWF’s that I made in the far past….I’m not sure if I even still have the full code to all of them….might be an issue for some of us, actually. Quote :
“The change in default behavior may impact content that uses fscommand() and/or getURL("javascript:...") ……”
Indicating that the default setting for AllowDomain has changed and that fsCommand and javascript call security is tightened. The new default setting for AllowDomain is “SameDomain”.
You use “javascript:” through network APIs to communicate outside a SWF
A nice little quote again :
“If your content is using “javascript:” within the prohibited networking APIs, you will need to rewrite your content. Developers are encouraged to use the ExternalInterface class for JavaScript-to-ActionScript communication.”
So, getUrl and navigateToUrl will still be working, but if you where using for instance Loader.load(), you need to rewrite your code. Yes…that’s right…rewrite… Now, you should’ve been using ExternalInterface, but this is hardly encouraging…it’s called being forced…no problem for me, but if you actually did this somewhere, clear out some time to rewrite that portion of script.
The update is coming, so make sure you update your code…..I’m pretty sure that John Dowdell, Emmy Huang and Justin Everett-Church are good indicators to listen too when they are telling you to go and check this. I wonder if this is the reason why Emmy Huang is going on a long vacation…. (enjoy your vacation Emmy).
In any case, it’s good to see Adobe so concerned with the security risks implied with maintaining the nr1. webbrowser plugin. But, on a side note, with for instance the content security (not being able to load imagery from other domains without the policy files), I’m still not decided on how I feel about that. If it’s possible from within other runtime vm’s like java and javascript…why not in Flash ?
Also, I’m still hoping Adobe will concider activating the keyboard when in Fullscreen…this would really be great for gaming and advanced RIA interactivity (shortcuts and such).
Also, what will be the version no for this update ? I take it it won’t be 115….right ?
Ok, so I wanted to post this one earlier; an extremely realistic looking 3D interactive portrait of a girl….it’s kind of weird looking and a bit spooky, don’t look at her too long It’s impressive though.
So, what is this ? Well, a bit of simple research (read, firebug) led me too motionportrait.com. Unfortunately, that’s in japanese. That site has the same girl on it, as well as links to several other implementations of the technology…including this hilarious one : hige-chen (love that tune). But also, to the still very cool Rec-You campaign. I’m betting we’ll see a couple of more implementations of this in the near future.
Another thing that caught my attention today was a mail from the creator of the isometric engine ffilmation. Very nice work indeed! The name is derived from the old-skool filmation engine, used to create various gaming titles for the old 8-bit platforms. Looking forward to see progress on it. Related : also, make sure you check out the Alternativa3D engine which was previously isometric only also, but now “full 3D”..impressive stuff.
A bit late, but I didn’t see any MXNA post on this; the first beta for Gnash is out. From the release post : “Gnash is a GPL’d SWF movie player and browser plugin for Firefox, Mozilla, and Konqueror. Gnash supports many SWF v7 features and ActionScript 2 classes.“.
Gnash already made the news last year, but this time they’ve got a beta…
Honestly, I’m not really impressed. One of the goals for this release seems to be to make youtube work on it. I don’t think this means that good to the Flash community. Even if Gnash grows up (and eventually supports SWF9 / AS3), I don’t really like the idea of “another” player. In my opinion, if it becomes a broader supported version of the player, it will just cause rips in the ubiquity and cross-platform nature of Flash….something which is undeniably one of the biggest strenghts of the platform.
What Gnash might provide is a deeper insight of the workings of the Flash Player, which might eventually enable us to optimize our code for it more and more. It might also inspire Adobe to make the Flash Player available on more os’es ? Let’s hope so. Maybe someone will port it to the Iphone
A selection of current work
Stay updated via RSS.
