Adobe Joins Linux Foundation, Develops AIR For Linux

2muchcoffeeman writes "Adobe announced Monday that it is joining the Linux Foundation and alpha-released a Linux version of its new Adobe Internet Runtime environment, which allows Internet-enabled applications to run on Windows and Mac OS desktops, for Linux. According to Adobe, the alpha version lacks some key features that will be available in the final product and only runs with Sun Java, not GNU Java. Adobe also released an alpha of Flex Builder for Linux Monday."

How is AIR different from, say java?

[Anonymous Coward]

Not meant as a troll, but it is hard to find an objective explanation of how AIR is going to fill a huge need or bake better bread.

First things first...

[calebt3]

64-bit Flash!

Re:What is AIR

[daveime]

So how is this any different from those nasty Active-X controls that we are told not to allow ?

Internet Access + Local File I/O = inevitable 0 day exploit / virus / malware.

We've seen it in Flash, we've seen it in PDF ... how long before the first AIRsploit ?

(And before the Java fanboyz start kicking ... the sandbox only works until someone finds a way to climb out of it).

Re:Adobe Loses to SWF

[l-ascorbic]

If you install an AIR app, it can install the runtime at the same time. It's pretty transparent, and certainly better than stuff like the Java installer with Web Start. Also, if any company can build an install base it's Adobe. Look at the penetration of Flash.

Re:Adobe Loses to SWF

[2muchcoffeeman]

Meanwhile, the GNU implementation of SWF is GNASH [gnashdev.org], which just released a new version. GNASH is also not preinstalled, but it's in some ways superior to Adobe's Flash, while remaining compatible (with practically all features found in the wild, and adding the rest) - and free, including not adding DRM you don't want. And GNASH was announced to be part of the new KDE, so it will in fact be preinstalled on lots of Linux machines.

That's the first beta release after four alphas, correct? How "beta" is it?

Re:What adobe should do...

[hub]

PDF is ISO standard now. Maybe you were living on another planet. I haven't use Adobe Reader is YEARS and I still read PDF files without any glitches on Linux.

Wrong battle dude.

Re:What is AIR

[anomalous cohort]

The notion of trust is nothing new. The basic question comes down to this, do you trust the code (or coders for the code that) you are about to run or not? If you don't, then don't run the code. If you do, then go ahead and run the code.

That question may be easy to ask but not so easy to answer. Maybe you trust the organization but there could be inadvertent security vulnerabilities in the code. Or maybe you don't know much about the organization who authored or published the application. How do you decide whether or not to trust the application?

In theory, open source mitigates this trust issue because you can study the code yourself. In practice, it's not so easy. First of all, access to the source code is immaterial to people who are not coders themselves. Second, it would take a lot of time and mind to study the code for a large project. Sure, any competent programmer could study and verify for his or herself that my open source project [sourceforge.net] can be trusted because it really isn't all that big. How can you be sure that Firefox [mozilla.com] doesn't have any malicious code in it?

One approach to this problem is to run programs in what is called a sandbox [wikipedia.org]. What that means is that the program isn't written in what is called the native "machine" code. Rather, it is written in a code for a virtual machine [wikipedia.org]. Every time that code makes an API call, the virtual machine checks to see if it is permitted from a security perspective. Applications that run in a sandbox don't get a lot of permissions. It is OK to run an application that you don't completely trust within the sandbox because the virtual machine is going to deny any requests that could compromise or take advantage of your system anyway.

That is why the complaint about ActiveX. Both ActiveX controls and Java applets run in a web browser. The Java applet has to run in the sandbox (unless it is signed but it is beyond the scope of this post to introduce PKI and X.509 certificates) but the ActiveX control never runs in a sandbox.

Later iterations of this sandbox concept allow the user more control over what the program can and cannot do. In .NET, this is called Code Access Security and in J2SE, this is called Java Security Policy. Before running an application, the user can specify what API calls that the application can and cannot call. The problem here is that this specification is not easy to tweak for mere mortals. When you just double click the application icon, you are running the application with whatever policy that the publishing company specified. So, you are back to trusting that company since there is nothing that keeps them from specifying a policy that is wide open.

I have no experience in AIR so I could not tell you whether or not that virtual machine implements any kind of policy control. Perhaps someone that is knowledgeable about AIR would care to clarify here?

Not sure what to think...

[TheDarkener]

Adobe seems to want to jump on the OSS bandwagon, which might make a lot of people smile... although, ....

- Flash isn't OSS

- The Linux Flash binary-only plugin is still WAY behind the Windows version in quality and stability (remember how long we had to wait for Flash 9.x on Linux??)

- Shockwave Director isn't OSS (and isn't even ported to Linux in a binary-only format, despite the 29511 [petitiononline.com] signatures in the online petition that's been going on forever). Not a peep from Adobe on if this will ever even happen, even though revisions are still being made and it being widely used

- No intention of porting Flash to x86-64 platforms, on Linux -or- Windows (at least AFAIK)

- Just in my experience alone, COUNTLESS other buggy applications (like the other week, installing a version of Acrobat with a .0 known bug that plainly doesn't launch when executed without a fix from their website)

I agree Adobe has a LOT of momentum behind them with the Internet community. With this, however, comes great responsibility. If they want to play in the OSS playground, I think they need to share all of their toys like the others do.

Re:First things first...

[SanityInAnarchy]

How about open source flash? Or at least a Flash open standard?

Adobe seems to want Flash (and now AIR) to be the new way to develop web apps -- it almost looks like they want it to replace HTML/JavaScript. I have many problems with this, but the biggest one is that Flash is proprietary, and I don't want to go back to a proprietary Internet. I thought we got rid of that when IE stopped being the defacto standard...

Re:First things first...

[SanityInAnarchy]

And to every architecture, and to pretty much anything we want. That's why open standards exist -- or rather, why standards should be open.

Re:Flash for PPC?

[mdm-adph]

No offense to the Gnash team -- I thoroughly commend their efforts -- but I've hardly ever got any Flash to load up in it, at all. If you're using 64-bit linux, just use a 32-bit version of Firefox (heard that it works and it saves you the headache).

Re:The flash format is a trap, careful

[Mista2]

Still better effort than silverlight. Oh, yeah, MS support this in other OS's just like they do with Mono. Not! Just what I want, Adobe apps being able to execute more code on my desktop. Umm, no thanks. Developers from this platform will bring all of their Windows and OSX tricks and tips with them to Linux, and you'll never know how buggy/vulnerable it is as all of the SDK is closed. it's why I trust Apache and PHP more than IIS and .asp/.net. I know more eyeballs have looked at the code for these apps than the MS equivalents. Also eyes with no financial tie with the original authors.