Skip navigation
Help

Flash Player

warning: Creating default object from empty value in /var/www/vhosts/sayforward.com/subdomains/recorder/httpdocs/modules/taxonomy/taxonomy.pages.inc on line 33.

An image displayed on a computer after it was successfully commandeered by Pinkie Pie during the first Pwnium competition in March.

Dan Goodin

A hacker who goes by "Pinkie Pie" has once again subverted the security of Google's Chrome browser, a feat that fetched him a $60,000 prize and resulted in a security update to fix underlying vulnerabilities.

Ars readers may recall Pinkie Pie from earlier this year, when he pierced Chrome's vaunted security defenses at the first installment of Pwnium, a Google-sponsored contest that offered $1 million in prizes to people who successfully hacked the browser. At the time a little-known reverse engineer of just 19 years, Pinkie Pie stitched together at least six different bug exploits to bypass an elaborate defense perimeter designed by an army of some of the best software engineers in the world.

At the second installment of Pwnium, which wrapped up on Tuesday at the Hack in the Box 2012 security conference in Kuala Lumpur, Pinkie Pie did it again. This time, his attack exploited two vulnerabilities. The first, against Scalable Vector Graphics functions in Chrome's WebKit browser engine, allowed him to compromise the renderer process, according to a synopsis provided by Google software engineer Chris Evans.

Read 5 remaining paragraphs | Comments

0
Your rating: None

I am no longer committed to supporting any Flash related open-source projects.

Here is why. When I started using the Flash Player it was quite easy to reach its limits. However you were able to get around those limitations with clever hacks and debatable optimization techniques. I was always keen to share my knowledge with the community and to explore all possible options to achieve best performance.

The Flash Player has been hibernating for half a decade now. The only glimpse of performance was finally a set of specialized op-codes which allow you to modify an array of bytes. In layman’s terms this means it was finally possible to do a[b] = c with an acceptable performance. So I wrote a tool which allows you to do just that and many other things. I have spent a good time of my free time trying to improve the performance of the Flash Player and contributing all my code to the community.

As a reminder: I showed some drastic performance improvements at Flash on the Beach in 2009. That was three years ago. It was not necessary to modify the Flash Player and it was not necessary to modify the ActionScript language.

The Adobe roadmap for the Flash runtimes states that Flash Player “Dolores”

  • will support ActionScript Workers
  • comes with improved performance for Apple iOS
  • and ActionScript 3 APIs to access the fast-memory op-codes

This player should be released in the second half of 2012. The “Next” Flash Player will finally include

  • modernizing the core of the Flash runtime
  • work on the VM
  • updates to the ActionScript language

This is planned for 2013 apparently. And what can we expect? Type inference, static typing as a default, and hardware-oriented numeric types. Hooray, so it will be finally possible in 2013 to write a[b] = c without having to use some weird fast-memory op-codes. If we look back to the year 2009 this makes me really sad.

With the introduction of the speed tax you will now have to license your application. No matter if you make money out of it or not. Now I think that 9% is a decent number and I can understand Adobe’s position on this. In fact it is much more friendly than the 30% Google or Apple take. However the AppStore was an invention. What is the invention here? Squeezing money out of an already existing feature, and suddenly making it unavailable after people have been relying on it for years to push the boundaries of the platform and actually innovate?

But for the hell of it, a[b] = c is not a premium feature. Nor are hardware accelerated graphics. That is what I would expect from any decent runtime.

Limiting the capabilities of a runtime — by defaulting back to software rendering for instance — will make it less attractive to use it in the first place. You are probably not interested to go through a signing progress for a small demo. So your performance might be crap, people will complain about the Flash Player taking 100% CPU because its using software rendering (YEY! 2013!), laptop fans will start to dance and you will look like a bad developer because that other guy got the same thing running with hardware acceleration. Or you could use a different technology.

Why is this bad? Because apparently this signing with a $50k threshold targets the enterprise and small developers seem to be acceptable collateral damage. However thinking about the next five to ten years: who is going to write ActionScript code if it is no longer attractive to play around with it in the first place?

We still rely on the Flash Player at audiotool.com. I am still developing for it and we will probably have to use it as long as there is no alternative. Me no longer supporting open-source tools is just me no longer spending my personal time for a platform that I would not use for private stuff. Work is of course not always about fun. But fortunately I am able to spend 90% of my time writing Scala code.

I will finish this blog post with some bad karma:

It’s also worth noting that the new Adobe license will prohibit scenarios where you’d have the first level of a game in the Flash Player, and the full experience inside the Unity Web Player. Alas, this is something you’ll need to be aware of if you were considering such a route.

You will not only pay for the features. You are also welcome to cede some of your rights.

flattr this!

0
Your rating: None

Pirate!We recently announced AIR 3.2 with Stage3D support for mobile. Some of you have asked about learning more about GPU programming, best practices and also some of you had questions regarding the BunnyMark test we had in the AIR 3.2 video.

The BunnyMark demo we showed, uses a tiny framework developed internally at Adobe (named GPUSprite). It makes use of support classes called GPUSprite/GPUSpriteLayer, which optimize rendering by allowing a large number of of sprites to be drawn in a single draw call (batching).

This means all those sprites must be able to sample their image from the same sprite sheet.  Performance is really nice.  You could extend it to multiple sprite sheets, but you will have to organize your content into layers with one layer per SpriteSheet.

All the objects on a higher layer will be rendered on top of objects on lower layers.  For a scrolling game with background, foreground, characters, effect layers and so on, it is a nice authoring solution. Of course this has way more restrictions than what Starling would allow, it actually has very limited features.

So do not consider this as a silver bullet, consider this as an example to learn how to program GPUs efficiently, or also tweak frameworks to achieve higher framerates.

You can download GPUSprite on the FP-SDK github repo.
Download the BunnyMark code (using GPUSprite).

Special thanks to Iain Lobb for the original BunnyMark.
Special thanks to Philippe Elsass for the modified BunnyMark test.

Live demo of GPUSprite below :

Get Adobe Flash player

0
Your rating: None



Adobe has published its roadmap for its Flash browser plugin and its AIR desktop application counterpart. More releases, more features, and more performance, are all planned, but on fewer platforms: Adobe is giving up entirely on supporting smartphone browsers, sticking to the core desktop platforms for its plugin—and with a big question mark when it comes to Windows 8.

The company sees Flash as having two main markets that will resist the onslaught of HTML5: game development, and premium (read: encrypted) video. To that end, the features it has planned for future updates focus on making Flash faster, with greater hardware acceleration and improved script performance, and more application-like, with keyboard input in full-screen applications, and support for middle- and right-mouse buttons.

Read the rest of this article...

Read the comments on this post

0
Your rating: None