Slashdot Mirror
Adobe Opens Up AMF Spec
neutrino38 writes "Adobe has released the specification of the AMF format, the format used by Flash Remoting — the equivalent of AJAX for the Flash world. The article doesn't mention the AMFPHP project and the fact that some German and Canadian guys had reverse-engineered the format a long time ago. Adobe's action eases a long-standing legal uncertainty that slowed the uptake of AMFPHP for commercial projects. Next, we note that Adobe has not released its RTMP protocol used to contact a Flash Media server. This latter protocol is more interesting as it provides sessionful operation; media streaming; RPC both client-side and server-side using the AMF format; and shared objects among several sessions and server-side events. Fortunately, RTMP has been partially reverse-engineered by the red5 project. I suggest that the W3C should take a look at the whole Flash ecosystem as they think about upgrading the HTTP protocol."
Will the opening of AMF help Gnash http://www.gnu.org/software/gnash/ ?
In either case, here at Microsoft, we feel standards are important. And we have fun, too. Doug Mahugh, Microsoft
I don't know about the "news value" of this article, but big kudos for tying together names, links and references to a bunch of interesting-sounding projects.
This is among the worst summaries I've ever seen on slashdot, and thats saying a lot. The use of so many acronyms without any background information, combined with absolutely no reason as to why anyone should even care is a true achievement. Congrats sir for combining the worst characteristics of article submissions so that future slashdotters may have an example of a poor submission. With all that you have accomplished with this I have one complaint and do not take this as a troll. In your next submission would you please find a way to dupe another submission WHILE accomplishing all of the amazing feats stated above.
I think the invisible hand of the market has its middle finger extended
--A wise old fart named SC0RN
I suggest that the W3C should take a look at the whole Flash ecosystem as they think about upgrading the HTTP protocol.
This statement at the closure of the article is so stupid I don't even know on which angle to attack it first.
As a side note, can we PLEASE gt rid of this horrible trend of submitters adding their own "personal view" on postings? Frankly I don't give a crap. It's bad enough when the editors do it.
"take a look at the whole Flash ecosystem"?
I'm sure a whole bunch of security researchers (and "security researchers") have done so and are rubbing their hands with glee.
Just look at where Adobe took PDF - from the early relatively safe years to the javascript ridden present.
I actually use the NoScript plugin for Firefox. It blocks all javascript (so no datacollecting and cookieplacing nonsense, and no ads, since they all use javascript) and all plugins like Java and Flash by default (so certainly no flashy resourcehogging ads). You can whitelist the sites you like (for example Youtube), so you can have the best of both world: java(script) and Flash when you want it, and only when you want it. I like it a lot.
very small. Flash is far more than ads and both FLEX and even Microsofts variant silverlight will prove you both wrong.
The summary is a jumble mess, but the fact that Flex/Flash is still mostly closed source, but fills an important gap that isn't addressed by currently implemented standards, is problematic.
Take a look at this google finance page You simply can't do the type of interactive charting that they do there without Flash and Flex. Any AJAX implementation of that would be just a hack.
It could be done with AJAX techniques and SVG, which is the open standard for flash like animations, but neither major browser implements the full spec yet.
So, the larger point about needing an open standard that is actually implemented is a valid one. But I don't think the fault lies in the W3C, it is just that it is taking some time for volunteer programmers to implement the standards that they came out with in Firefox.
Exactly. Flash is more ubiquitous than anything on the web. More ubiquitous than internet explorer. It runs binaries in the host machine, not simply running the in the browser's sandbox. I don't know if it will load and run native binaries over the web (like active X) or if it has it's own sandboxed java-like pseudo code. But it's a single sourced point of failure rather than a diverse ecosystem like all the different java VMs. Plus the code is enormous. Who knows what's in there. (cringley has speculated ADOBE could leverage this ubiquity to role out all sorts of products deployable overnight just by activating them. e.g. imagine is tommorrow everyone with flash also had bit torrent, google desktop, and perhaps even some DRM system available. "flash" deployment of programs could make them instant industry standards. no more arguing over which DRM will be universal is everyone has it available.)
Some drink at the fountain of knowledge. Others just gargle.
thanks for the tip pard
I went out and got me the add-on and it is now in effect.
actually I don't want anyone running any un-authorized programs on my computer
hackers in particular, but advertisers can be pretty onerous
Um...Small question: Why do you use flashbock?
Just do what I do. Dont install flash. Simple.
The entire point of HTTP is to be stateless, hence why other protocols (like Adobe's) were invented. If you want a stateless protocol, use a constant TCP connection. Don't try to wedge functionality where it doesn't belong.
Flash, ActiveX, Java, et. al. render web pages executable, generally
at this point it appears that NO PLANNING has been done to secure these vehicles from spreading trojans and various un-authorized programming
am I to accept one certificate from a web site and take that as credentials for every page on that site?
this plan has been available for a while now, yet CyberCrime is flourishing. and CyberCrime generally relies on trojans: un-authorized programming.
with polymorphic virus changing their colors rapidly and 1,100 new virus appearing daily the anti-virus concept which relies on detection is now overwhelmed.
prevention is required and this means preventing un-authorized programming from running
NO SIGNATURE? NO EXECUTE.
FlashBlock like NoScript will allow you to have FLASH installed and select which media you want to allow
There has been a browser war going on for a while. It isn't the IE vs. Firefox war everyone talks about. It's about the rendering engine to use.
Apple's WebKit has succeeded beyond Apple's wildest dreams. It is officially being used at Google for its applications, it has been adopted by KDE, and the Gnome team is also about to adopt it. It is also the official rendering engine for Android. That puts WebKit on each Linux distribution and on what will soon become a major portable Internet device platform.
Adobe has been pushing Flash as the web rendering engine to rule the world, but it hasn't been doing so well. The big war for the browser isn't the desktop, but all the little devices that we will all carry around: PDAs, Phones, cameras, music players, game machines, etc. Flash needs a consumer client in order to work, and the fact that all of these devices will depend upon Adobe creating a client for each and every platform and operating system just doesn't cut it. Manufacturers don't want Adobe to rule whether their device is worthy of a Flash client.
In order for Adobe to be truly competitive in this fight, they must open up the Flash file specifications. That way, each device maker can design their own Flash player much the same way they build their own web browser according to HTTP/HTML specs.
The only question I have is how "open" is the spec? What happens if Adobe wants a new version of Flash with more features? Will it open up the new specs? Will Adobe allow me to create a program that will write to the Flash file format, or is that still closed to me? This isn't entirely unheard of. Microsoft has "open specs" for NTFS. I can give my operating system the ability to read NTFS, but not the ability to write it without first getting a license from Microsoft.
flash is gonna get ya!
Flash is useful for a lot more than just Youtube. While video is possibly the most common use for Flash (it's the only *standard* that all browser makers can agree on) it's also used for purposes like web games. I know in of itself that's not all that interesting, but it's also one of two ways of making homebrews for the Wii Internet Channel.
The AMF format has been reverse engineered before, but having it fully published should make it easier to create desktop integration programs that play Wii games using a Wiimote with the desktop as if they were on the Wii. (The WiiCade API uses a local connection which passes AMF messages through a shared memory pool.)
Javascript + Nintendo DSi = DSiCade
Adobe has been moving away from serverside development (i.e. JRun). Opening AMF will allow other app server vendors to offer AMF implementations that adhere to known specifications, rather than reversed engineered versions. Ultimately this will improve the acceptance of Flash remoting applications which will be good for Adobe.
The announcement of the opening of the AMF protocol (which is a compressed, binary stream of data, used to transfer data from a back-end server to a flash application, no different than AJAX), is actually a subset of Adobe's announcement to open-source the BazeDS project. BazeDS is a Java server that sits as middleware between your Flash/Flex app and your back-end server (Java, PHP, ColdFusion, etc). AMF is a major part of that product. To all the critics of the Flash player... Take a look at its track record. It is under a meg download, available for most platforms (Win,Mac,Linux,Symbion,etc), and has an excellent security track record (as compared browsers/plugins in the industry). It does not just take a "binary stream" and execute it -- it has a very strict sandbox enviroment that protects both the browser, and the operating system. Heck, you can't even load a Web Service without the called-domain allowing it. And while not opening up the full SWF format, Adobe has open-sourced the Flex Framework, which is used to create SWF files. Take a look at Adobe Labs : http://labs.adobe.com/ for more info on some of Adobe's open-source projects.
Frankly, I can't believe this. Slashdot, which gave Sun so much crap for making Java source code available under a wrong kind of license, is front page-advocating wider adoption of software, for which no source code is available at all ...
In Soviet Washington the swamp drains you.
What does Adobe have to do with Bowling? http://www.amf.com/corporate/index.htm/
I'm too lazy to compose a creative sig.
The chick is always writing an article and always ends with a rhetorical question to her readers, so that she boths avoids the need to end up to a conclusion (because her subjects have None) and to flatter their readers and make them buy more magazines and propagate the question. Is the sex&city synrdome attacking people outside the film?
Mod be down, but I kind of agree with the OPs point that the W3C should take a better look at Flash. Not to update the HTTP protocol of course - neither Flash nor the W3C have interest in changing that. But things like access to the bitmap data of images or a flexible component model are very useful for us programmers. Without advancements, we will forever be stuck with half baked web apps, and the W3C better look at what flash does right.
I find it interesting Adobe AIR wasn't mentioned.
Am no fek Buddhist, but this is enlightenment.
Next, we note that Adobe has not released its RTMP protocol
Adobe recently announced to make it's messaging server open source. This includes the RTMP, of course.
The GP's point was that its all rubbish.
... that the guy explaining that Flash is the web's failure has a link to a YouTube video in his sig?
You know, there is a difference between trolling and pointing out the flaws in your reasoning. Just saying.
A lot of this came up in the silverlight discussion a couple of days ago, but until html/javascript or some new standard provides for:
* Video Playback
* Audio Playback
* A/V Capture thru connected devices with appropriate security
* Bitmap manipulation ala Displacement Maps, Blur, Glow, or other direct bitmap manipulation (for both video effects as well as photoshop style web apps)
there will be a place for flash (and maybe silverlight once it actually does these well).
And the comments like 'I've never found a useful flash app' are pretty disingenuous, or they didn't look too hard. YouTube wouldn't be around for in the way it is if not for flash. Plenty of people like the flash photo & video editing software built on flash.
Is flash perfect? Not saying that, just saying there are gaping holes in even the basic functionality we expect from a web experience these days.
I do flash/flex dev, as well as RoR. A site I did that wouldn't be doable in AJAX/HTML currently: http://www.pinktogether.com/
http://blog.slaingod.com
Seriously, there are uses for Flash apart from ads. Many websites use it for embedded audio, video, instant messaging, simple image editing, games, and basically any interactive functionality which would be too slow and hackish to implement using AJAX.
so why install flash just to block it with some stupid plugin?
I do not fear computers. I fear the lack of them. Isaac Asimov
Hmm, interesting definition of "standard" unlss you mean "de facto".
Also, the browser manufacturers don't agree on it - you only get flash support if Adobe deign to support your browser/arch/os combo.
The Flash sandbox seems to be pretty good, yes. That's about as far as it goes.
.swf file as easily as a .jar or a .zip or a .tar.gz, than we can talk about them being open. But don't hold your breath.
Flash is barely "available for Linux": there's a Linux port that's only for i32, only for gecko-based browsers, and I doubt it'll work if you're not right up-to-the-minute up-to-date with a pretty vanilla distro. And of course it's not available for other free UNIX platforms or non-x86 hardware. That's because far from being "open", it's a closed binary blob.
But more than not being open source, it's not an open format. The fact that you can't take a flash document, open it in regular universally available tools, pull out the components and examine them, that's kind of its selling point for a lot of people using it. If it was more open, so you could reliably take a flash document, "unpack" it into a directory tree, edit it, pack it back up again... that would make people who think obfuscation is security a lot less interested in using it.
When Adobe publishes the source code to, and maintains, a set of portable command line tools that let you hack on a
Because some flash is actually useful even if a lot of it is crap. Flashblock allows you to choose which flash applets to run.
Got a definitive link for it? Because the one I found listed a handful of gecko-based browsers as requirements, and it would be nice to get everyone on the same page.
Videos are a useful form of communication. It's unfortunate that sites like YouTube are Flash based, but until there's an alternative, Flash + NoScript works great.
why?
i want inert DATA, not active executable programs when i browse the web.
browsing the web should not require throwing away basic security precautions, nor should it require trusting every developer of every web site out there to not be either incompetent or malicious.