Here’s my profile:
http://www.facebook.com/profile.php?id=615492587
Technorati tags: facebook, tim anderson
Category Archives: internet
Adobe AIR security concerns
Adobe’s Paul Robertson has a thoughtful response to my complaint about AIR security. The point I made is that any AIR application has the same access to the file system as the user. This includes local SQLite databases as well as other documents. Robertson’s response:
In order for a user to access an AIR application, he or she must first choose to install the application, including going through a security dialog that will describe whether the application was signed with a security certificate. In this way, an AIR application is comparable to any other desktop application, such as one written in C++. Since any C++ application could theoretically include the SQLite library, installing an AIR application is no different from installing any C++ application in the sense that, by doing so, a user opens himself up to possible abuses and security risks.
The security risks of desktop apps are well-known, and that’s why users have learned to be cautious about installing them. A possible concern though is that Adobe wants to make installing AIR applications really easy. Here’s the description in the docs for seamless install:
The seamless install feature lets you provide a link in a web page that lets the user install an AIR application by simply clicking the link. If the AIR runtime is not installed, the user is given the option to install it. The seamless install feature also lets users install the AIR application without downloading the AIR file to their machine.
I’ve seen how much kids love playing Flash games on the Web. Some of these games would be a natural fit for AIR: play the game from a desktop shortcut, option to save your game locally, no browser baggage. What if a lot of these games turn into AIR apps? Suddenly, instead of online Flash games being relatively safe, they become relatively risky. If users become complacent about passing the AIR install dialog, then all the bad guy needs to do is to create a whizzy game that does a background search of your computer looking for online banking passwords.
The risks will be mitigated if Adobe restricts AIR to signed applications. That’s not the case with the beta:
A further point is that despite the scary dialog, AIR apps are actually tightly locked down from a developer perspective, with no access to native code such as the operating system API, scripts, or native dynamic libraries. While that’s good in one way, it’s arguably the worst of both worlds: not secure (because of full file system access), and not extensible either.
The appearance of the words “System Access: UNRESTRICTED” in the above dialog suggests that Adobe has or is planning a richer security model. If the default were no file I/O, or file I/O isolated to the source domain of the AIR application, that would help considerably. Add compulsory application signing and it would look better still.
I’ll add that I’m most impressed with Paul Robertson’s willingness to enter into this dialog. I wish other software vendors were equally responsive. AIR is in beta so there’s time to fix problems.
Bringing paper and ebook together
There’s a buzz building about a session at the O’Reilly Tools of Change for Publishing Conference (which looks great, I wish I could have attended) from Manolis Kelaidis on his “blueBook”. Kelaidis is a designer at the Royal College of Art in London. His idea is to bring electronics to the book, rather than making books virtual. Here is the brief, from his presentation:
- Design a book consisting of sheets of paper with printed buttons (hyperlinks), which when touched allow the user to access and control digital information.
- Information accessed in this way could then be stored either locally (within the book) or remotely (PC, handheld devices, Web, other books).
- The book should have the look-and-feel of a regular book, with flipping pages and conventional binding, while technology should be non-intrusive, portable and robust.
- Manufacturing should be based on traditional bookbinding techniques minimizing complexity and costs.
Using conductive ink and embedded electronics, such a book can include multimedia (play music or video) and live links to web content or interactive discussions, perhaps in conjunction with a wireless-connected PC. Printed words become hyperlinks. The presentation is amazing and thought-provoking. See also Tim O’Reilly’s post on the subject and its comments.
Update: Presentation seems to have been removed; if it reappears I imagine it will do so here.
Technorati tags: blink, oreilly toc, ebooks, publishing.manolis kelaidis
The version problem of today: browser compatibility
David Berlind reports on a case where 35% of developer time is spent on browser compatibility issues.
It’s a huge problem, though I’m cautious about attaching too much weight to a singe anecdotal report. Of course it’s nothing new. Browser compatibility issues are as old as the Web; it was getting better, until AJAX and a new focus on the web-as-platform meant greater stress on advanced browser features. For that matter, version issues are as old as computing. Yesterday, DLL Hell. Today, web browsers.
What’s the solution? All use the same browser? Not realistic. The browser developers could fix the incompatibilities? It’s happening to some degree, but even if Microsoft came out with a 100% FireFox-compatible IE8 tomorrow, there’s still a big legacy problem. My web site stats for this month:
IE7 24%
IE6 22%
IE5 4%
FireFox 2.x 22%
FireFox 1.x 3%
Opera 3.9%
Safari 2.3%
etc
Interesting that the FireFox folk seem to upgrade more quickly than those on IE – but even so, there are a lot of older browsers still in use. I suspect a lot of those IE6 users are corporates with conservative upgrade policies.
Another idea is to use AJAX libraries that hide the incompatibilities. That makes a lot of sense, though if you stress the libraries you might still find compatibility issues.
Finally, you can bypass the browser and use some other runtime, most likely Java or Flash. Unfortunately this doesn’t remove all version issues, but at least it means you are mainly dealing with one vendor’s evolving platform (Sun or Adobe). Silverlight could help as well, though its “cross-platform” only means Windows or Intel Mac at the moment, which is not broad enough.
This will be an important factor in the RIA (Rich Internet Application) wars.
Why doesn’t Adobe’s AIR dev guide mention SQLite?
I’ve been trying out the Adobe AIR (formerly Apollo) SDK. It’s a confusing business. There are two varieties of AIR apps, Flex, or HTML. The HTML kind is essentially a browser app that runs in WebKit, as wrapped by the AIR runtime, instead of in the browser, while the Flex kind compiles Adobe’s MXML into a Flash SWF which again runs within AIR. The AIR SDK only supports HTML AIR apps, so for the full experience you also need the Flex 3 beta SDK.
But I digress. I have a long-standing interest in SQLite so one of the first things I looked for was how Adobe is using this in AIR. It is there: it’s mentioned in the press release, which emphasizes that AIR has some of that open source fairy dust:
Key elements of Adobe AIR are open source, including the WebKit HTML engine, the ActionScript™ Virtual Machine (Tamarin project) and SQLite local database functionality.
However, you wouldn’t know it from the docs. The word SQLite does not appear in either the Flex or the HTML developer guides. Here’s how it introduces the “local SQL databases” section:
Adobe Integrated Runtime (AIR) includes the capability of creating and working with local SQL databases. The runtime includes a SQL database engine with support for many standard SQL features.
The SQLite library itself appears to be compiled into the main AIR runtime library, Adobe AIR.dll.
Why do I mention this? A few reasons.
First, it stinks. Let me emphasize: Adobe is entirely within its rights in not crediting SQLite in its docs. The main author of SQLite, Dr D Richard Hipp, has disclaimed copyright. So it is not illegal, but it is discourteous. By contrast, here’s how the Google Gears docs introduce the database module:
The Database module provides browser-local relational data storage to your JavaScript web application. Google Gears uses the open source SQLite database system.
Second, it’s unhelpful. As a developer familiar with SQLite, I want to see an explanation of how Adobe’s build of SQLite differs from what I am used to – what is added, what if anything is taken away. I also need to know how easily I can access the same database from both AIR and from another application, using the standard SQLite library.
Third, I’m increasingly sceptical of Adobe’s claim that it is somehow “aligning” its API in AIR with that in Gears. Here’s what Michele Turner, Adobe’s VP of developer relations, told me:
Adobe, Google, Mozilla and others will be working to align the APIs used to access local database storage for offline applications, so this functionality will be consistent for developers both in the browser and via Apollo on the desktop.
Perhaps, but there’s really no sign of this in the current beta. The AIR database API and the Gears API are totally different. The full text search extension which is part of Gears seems to be missing in AIR. Another key difference is that unlike Gears, AIR makes no attempt to isolate databases based on the origin of the application. In AIR, a SQLite database may be anywhere in the file system, and it’s equally available to any AIR application – a big hole in the AIR sandbox.
This is all beta, of course, so it can change. I hope it does. Here’s my wish list:
- Proper credit for SQLite in the docs.
- Use the Gears code – full text search could be very useful – and deliver on the promise of aligning the API.
- Failing that, set out exactly how AIR’s SQLite differs from the standard build.
Apple iPhone needs Google Gears
At its developer conference Apple announced that the forthcoming iPhone will support Web 2.0 applications. In this context, “Web 2.0” means at a minimum an embedded web browser (Safari) that runs JavaScript, but that’s no big deal; we expected nothing less. It’s at least a little more than that though:
Developers can create Web 2.0 applications which look and behave just like the applications built into iPhone, and which can seamlessly access iPhone’s services, including making a phone call, sending an email and displaying a location in Google Maps.
The emphasis is mine. This implies some sort of hole in the sandbox, but web apps on the iPhone needs more than just the ability to make phone calls if they are going to be useful. They need to work offline. In fact, a mobile phone (ironically) is one environment where offline web apps will be particularly useful. Nobody is always-on when travelling; it varies from mostly on (urban travel) to mostly off (trains, planes). As a regular train traveller, I find attempting to run web apps on a mobile utterly frustrating.
Fortunately Google has come up with an answer to this with its Gears initiative. Here’s how you write a good Gears app:
- Write your app to work offline.
- Add synchronization with the server that happens transparently when connected.
This is perfect for a mobile app. Running web apps rather than local apps also bypasses one of the main obstacles to mobile development: the need to get your binaries approved by a telecom provider before they can be installed.
Now, I have no idea whether Apple plans to include Google Gears, or an equivalent, in the iPhone (I’m not at WWDC). But I do think it is a great idea, for this or any mobile device. Combine it with Flash or Silverlight and we will wonder why we ever wanted more.
Google’s new model of app development
I was fascinated by this slide shown at the recent global developer day, which I’m reproducing with Google’s permission:
The image doesn’t make sense without the caption, which I’ve used as the title of this post: The New Model of App Development. You can see the slide in context in this Register piece. Two things in particular interest me. One is the appearance of ads as an integral part of the development model. This makes sense for Google’s own development, but does it make sense for others? Given that much of the software industry is slogging away at internal business applications, that seems a stretch. It may be true for consumer apps. Ad-funded applications have not been a big success on the desktop, but we have somehow become tolerant of ads flashing round the screen when working on the Web.
Another issue is one we tried to capture in the caption for this image at the Reg. The main goal of developer day was to get developers to integrate Google services into their applications, by using Google Maps and the other APIs on show at Google code. The company is even keen to host your gadgets on its own servers. Google wants to be an indispensable building block in app development, even though it left itself out of the illustration.
How about open source? Google uses and sponsors open source software, and has posted the code for Gears, but where’s the code for Docs & Spreadsheets? Closed source is an important part of Google’s own app development model, as it is for most others.
Adobe Live in London – quick report
I attended Adobe Live yesterday. This was in two parts, an exhibition with a schedule of presentations/tutorials, and a developer day focused on Rich Internet Applications – Apollo and Flex – as well as ColdFusion 8.
I’m told that around 1800 attended, though most of these were for the main exhibition, whereas I spent almost the whole day in the developer sessions.
It was a worthwhile though low-key event and I picked up some insights into Apollo and Flex 3 as well as getting an update on ColdFusion. I’ll be reporting in more detail shortly. A couple of quick comments though.
First, this struck me as primarily a designer crowd, Flash folk interested in applications, rather than developers new to Adobe. These are just impressions so I could be wrong, but it strikes me as in interesting issue. Equally, when I went along to Microsoft’s Mix07 earlier this year my perception was that many delegates were primarily Visual Studio folk interested in web design, rather than vice versa. If I’m right, Adobe and Microsoft have inverse cultural and marketing problems here. Still, at least Adobe put on a proper developer schedule this year; it didn’t exist at last year’s London event.
Second, I found the Apollo stuff though-provoking in the light of Google’s Gears announcement as well as what Microsoft is offering with WPF. I knew that Apollo was sandboxed, but hadn’t appreciated the extent of the sandboxing. As I understand it, Apollo apps can do file i/o on the local machine, but in other respects it is locked down in a similar way to web apps running in the browser. There is no access to external libraries, OS scripting, or custom native code extensions.
That’s good from a security perspective, but it limits the extent of OS integration. So the key question: if you can’t integrate with the OS, beyond a few trivia like Start menu or Dock shortcuts, then why bother with a desktop app? Especially now that Gears has a solution to the offline problem. Maybe it is worth it just to get out of the browser window, but some at least will not see the point.
Third, I asked what if anything Adobe intends to do with Google’s open-source Gears code, but apparently I may not have the full story yet – more when I get the information.
FireFox team not sure about Google Gears adoption
During Google Developer Day I had the impression that Mozilla was right on board with Google Gears, the plug-in which which enables offline applications. Here’s Aaron Boodman and Erik Arvidsson from the Gears team:
We are releasing Gears as an open source project and we are working with Adobe, Mozilla and Opera and other industry partners to make sure that Gears is the right solution for everyone.
It seems that things are not as clear-cut as Boodman and Arvidsson imply. LinuxWorld.com quotes Mozilla’s Mike Shaver:
We’re talking to Google engineers and looking at how these two models — ours and theirs — compare. This is in the open now, and going forward we’ll see what we can learn from each other,” Shaver said. “But there’s a lot of work that’s been done already [on Firefox 3.0], and we’re not planning to throw that work away.
According to the article, Shaver is particularly doubtful about using SQLite for persisting web application data locally, and is inclined to stick with the more limited DOM Storage API already planned for FireFox 3.0.
A related point is that Adobe’s commitment to Gears is not absolute. Here’s Adobe’s Michele Turner says, quoted by David Berlind:
…For example, they’re using SQLite and we were already incorporating SQLite into Apollo. So, now we’re aligning our efforts with Google on things like the synchronous and asynchronous calls that must be made to the SQLite database in order to enable the offline capability.
My impression is that Adobe is aiming for a measure of API compatibility, but will ship its own build of SQLite rather than using one installed by Gears, with inevitable version and customization differences.
There is a world of difference between using a similar API on the one hand, and sharing common components and/or common source code on the other. It looks to me as if Apollo, FireFox and Google are going to provide three independent and isolated mechanisms for handling local storage.
Of course Gears installs into FireFox anyway, and there is nothing to stop Flash developers from using Gears.
I will quiz Adobe on this subject at tomorrow’s Adobe Live event.
Google: Don’t let your kids use Gears
More Google Gears Terms and Conditions madness. Gears is licensed under New BSD terms; yet before you can install the runtime you have to agree to onerous terms and conditions. Here’s clause 2:
2. Accepting the Terms
2.1 In order to use Google Gears, you must first agree to the Terms. You may not use Google Gears if you do not accept the Terms.
2.2 You can accept the Terms by:
(A) clicking to accept or agree to the Terms, where this option is made available to you by Google in the user interface for any Services; or
(B) by actually using Google Gears. In this case, you understand and agree that Google will treat your use of Google Gears as acceptance of the Terms from that point onwards.
2.3 You may not use Google Gears and may not accept the Terms if (a) you are not of legal age to form a binding contract with Google, or (b) you are a person barred from receiving the Services under the laws of the United States or other countries including the country in which you are resident or from which you use the Services.
I’m puzzled. If Gears is BSD licensed, how can Google insist that the mere act of using it binds me to these terms (which I dislike for other reasons too)? And 2.3 is bewildering: you may not use Google Gears apps if you are not an adult?
What if someone else installs Gears on your machine, and you then use a Gears-enabled app? How can terms like this possibly apply in such cases? Note that the agreement does not refer only to installing Gears, but specifically to using Gears.
By the way, you can download the source for Gears, and compile it if you can figure out how, without assenting to any such agreement.
I think Google is letting its legal team get out of hand.