var self = this;
GUESS WHAT PEOPLE. Adobe AIR security sandboxing is gnarly! One case where this bit me was in my attempts to use Google’s YouTube API Player. The player.swf tries to load another remote SWF and is immediately killed by the AIR runtime for causing a “SecuritySandboxViolation”.
What’s going on here?
There are four security sandboxes that ActionScript code can run in:
- local-with-filesystem: no net access.
- local-with-network: no file access.
- local-trusted: all good! Can only use it during development, though.
- application: total control of the user’s computer*. AIR only.
According to Adobe’s docs,
There are a number of design and implementation patterns common to web applications that are too dangerous to be combined with the local system access inherent in the AIR application sandbox…. runtime script importing of remote content has been disabled in the application sandbox.
Compile-time script importing is allowed — that’s why we’re able load the YouTube API player (henceforth “apiplayer”) by hardcoding its URL into the AIR app. But the apiplayer tries to load a third SWF, which brings down the “no remote content” hammer. The apiplayer isn’t actually in the application sandbox — it can’t access any of the AIR APIs — but let’s play along: we’ll load it into local-with-network sandbox, where there’s no restriction on remote content loading.
Is there an API for this? No.
- Create a “mediator.swf”, bundled into the AIR app package. Unfortunately, this places it in the application sandbox.
- On first run, the AIR app copies mediator.swf to the user’s Documents directory, which is perfectly kosher as far as the AIR runtime is concerned. #okay
- Use Loader to load mediator.swf, placing it into the local-with-network sandbox.
- mediator.swf loads http://www.youtube.com/apiplayer?version=3
- apiplayer now loads its tertiary SWF with no problems.
- mediator.swf, being in a different sandbox, can’t communicate with my AIR app directly, so it asks it for a YouTube URL using parentSandboxBridge
- mediator.swf then passes the URL to the youtube API player, which plays the video.
- Rube Goldberg smiles benevolently from the afterlife.
Posted by Miles on Fri, 5 Oct 2012
Apparently when you apply a 3D transformation to a DisplayObject in a Flash / AIR app, it limits the area of the stage to which bitmaps can be drawn — that is, if aDisplayObject contains a bitmap graphic and a vector object, the bitmap will be masked to within the rectangle (0,0, 4096, 4096), while the vector object will be drawn normally no matter where it is. The only fix seems to be not to apply any matrix3D transformation — you can’t touch rotationY, rotationX, rotationZ, perspectiveProjection, or anything that affects the display object’s transform.matrix3D member.
Posted by Miles on Fri, 5 Oct 2012
Have you ever wanted to control a Flash game with a gamepad? Back when I was working on Space Kitty with Zach , I thought it might be enlightening to do this, but of course Flash isn’t able to access USB devices.
However, Flash does have the Socket class, so if I could read the gamepad’s state from some other network-capable runtime, I’d be able to connect it to Flash remotely. It didn’t take long to discover the PyHID library, a free Python package that provides an interface to USB Human Interface Devices and even auto-detects probable game controllers.
Lacking documentation for my Logitech gamepad, I wrote a script to dump its live state to the terminal, then mashed buttons and watched the output until I’d reverse-engineered its output.
That done, it was trivial to serve the PyHID output to a Flash client. I’ve attached a demo if you want to try it out. Obviously, this isn’t even close to working on a webpage due to Flash’s security sandboxing and the fact that you have to run the python server locally, but it’s fun for prototyping games and could be of use in some kiosk-style application. (That said, I make no warranty as to its utility.)
Grab the demo here:
Remember, you’ll have to adjust Flash’s security sandboxing to allow the SWF to connect to the gamepad server.
Posted by Miles on Thu, 24 May 2012
This is a script that grabs a timestamped image from your MacBook webcam every 180 seconds:
while [ 1 ]
You’ll need to download isightcapture and drop it in your ~/bin directory.
If you want to convert the resulting directoryful of JPEGs into an animated gif, and you have ImageMagick installed, you can use the following invocation to do it:
convert -geometry 120x -delay 1x4 -loop 0 *.jpg animated.gif
EDIT: If you prefer the Fish shell, here’s the script in that syntax:
set day (date "+%Y-%m-%d")
set dest_dir "$HOME/Desktop/look-at-you-hacker-$day"
set timestamp (date "+%Y-%m-%d_%H@%M-%S.jpg")
Posted by Miles on Thu, 1 Jul 2010
Another little flash experiment. Mouse X = twist, Mouse Y = stretch. I also have it working with a gamepad and PyHID
via a local socket, but that's not really viable on the Web.
Posted by Miles on Sat, 27 Feb 2010