Adobe Joins Linux Foundation, Develops AIR For Linux 171
2muchcoffeeman writes "Adobe announced Monday that it is joining the Linux Foundation and alpha-released a Linux version of its new Adobe Internet Runtime environment, which allows Internet-enabled applications to run on Windows and Mac OS desktops, for Linux. According to Adobe, the alpha version lacks some key features that will be available in the final product and only runs with Sun Java, not GNU Java. Adobe also released an alpha of Flex Builder for Linux Monday."
How is AIR different from, say java? (Score:3, Insightful)
First things first... (Score:5, Insightful)
Re:What is AIR (Score:2, Insightful)
Internet Access + Local File I/O = inevitable 0 day exploit / virus / malware.
We've seen it in Flash, we've seen it in PDF
(And before the Java fanboyz start kicking
Re:Adobe Loses to SWF (Score:4, Insightful)
Re:Adobe Loses to SWF (Score:2, Insightful)
That's the first beta release after four alphas, correct? How "beta" is it?
Re:What adobe should do... (Score:3, Insightful)
Wrong battle dude.
Re:What is AIR (Score:4, Insightful)
The notion of trust is nothing new. The basic question comes down to this, do you trust the code (or coders for the code that) you are about to run or not? If you don't, then don't run the code. If you do, then go ahead and run the code.
That question may be easy to ask but not so easy to answer. Maybe you trust the organization but there could be inadvertent security vulnerabilities in the code. Or maybe you don't know much about the organization who authored or published the application. How do you decide whether or not to trust the application?
In theory, open source mitigates this trust issue because you can study the code yourself. In practice, it's not so easy. First of all, access to the source code is immaterial to people who are not coders themselves. Second, it would take a lot of time and mind to study the code for a large project. Sure, any competent programmer could study and verify for his or herself that my open source project [sourceforge.net] can be trusted because it really isn't all that big. How can you be sure that Firefox [mozilla.com] doesn't have any malicious code in it?
One approach to this problem is to run programs in what is called a sandbox [wikipedia.org]. What that means is that the program isn't written in what is called the native "machine" code. Rather, it is written in a code for a virtual machine [wikipedia.org]. Every time that code makes an API call, the virtual machine checks to see if it is permitted from a security perspective. Applications that run in a sandbox don't get a lot of permissions. It is OK to run an application that you don't completely trust within the sandbox because the virtual machine is going to deny any requests that could compromise or take advantage of your system anyway.
That is why the complaint about ActiveX. Both ActiveX controls and Java applets run in a web browser. The Java applet has to run in the sandbox (unless it is signed but it is beyond the scope of this post to introduce PKI and X.509 certificates) but the ActiveX control never runs in a sandbox.
Later iterations of this sandbox concept allow the user more control over what the program can and cannot do. In .NET, this is called Code Access Security and in J2SE, this is called Java Security Policy. Before running an application, the user can specify what API calls that the application can and cannot call. The problem here is that this specification is not easy to tweak for mere mortals. When you just double click the application icon, you are running the application with whatever policy that the publishing company specified. So, you are back to trusting that company since there is nothing that keeps them from specifying a policy that is wide open.
I have no experience in AIR so I could not tell you whether or not that virtual machine implements any kind of policy control. Perhaps someone that is knowledgeable about AIR would care to clarify here?
Not sure what to think... (Score:3, Insightful)
- Flash isn't OSS
- The Linux Flash binary-only plugin is still WAY behind the Windows version in quality and stability (remember how long we had to wait for Flash 9.x on Linux??)
- Shockwave Director isn't OSS (and isn't even ported to Linux in a binary-only format, despite the 29511 [petitiononline.com] signatures in the online petition that's been going on forever). Not a peep from Adobe on if this will ever even happen, even though revisions are still being made and it being widely used
- No intention of porting Flash to x86-64 platforms, on Linux -or- Windows (at least AFAIK)
- Just in my experience alone, COUNTLESS other buggy applications (like the other week, installing a version of Acrobat with a
I agree Adobe has a LOT of momentum behind them with the Internet community. With this, however, comes great responsibility. If they want to play in the OSS playground, I think they need to share all of their toys like the others do.
Re:First things first... (Score:3, Insightful)
Adobe seems to want Flash (and now AIR) to be the new way to develop web apps -- it almost looks like they want it to replace HTML/JavaScript. I have many problems with this, but the biggest one is that Flash is proprietary, and I don't want to go back to a proprietary Internet. I thought we got rid of that when IE stopped being the defacto standard...
Re:First things first... (Score:4, Insightful)
Re:Flash for PPC? (Score:3, Insightful)
Re:The flash format is a trap, careful (Score:2, Insightful)