The Apple v. Flash plot thickens
An interesting security advisory appeared on Adobe’s support site this week:
The summary is as follows:
A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat. This advisory will be updated once a schedule has been determined for releasing a fix.
Now, the timing of this is mighty nice for Steve Jobs who’s under fire for not supporting Flash on the iPhone and iPad. But as someone who has to (try to) develop for Flash I can say I’m not surprised. Not by the security advisory nor by Jobs’ and Apple’s position. Flash player always crashes on me and it cranks up my CPU meters more than anything other than video conversion.
Don’t get me wrong, I love Adobe products – Photoshop, Illustrator, Acrobat – I don’t go through a day without them. There was a time when Flash was also one of my main axes. But no more. JavaScript libraries like jQuery can do many (if not most) of the things Flash has been used for up til now. Flash is a nightmare to develop in and lacks the immediacy of a true scripted environment (you have to compile the movie to see if it works).
Should Jobs have allowed Flash onto Apple’s mobile devices? From a pure market-share perspective: yes. But I can see where he’s coming from and being able to see some Flash-based sites at the cost of having your mobile device crash or lock-up isn’t a trade-off I’d really want to make for people.
Google Font API
Google added something new and slick recently – the ability to embed non-standard fonts in web pages as a web service called the Google Font API. It’s pretty easy to tweak a CSS file and your page headers to use this and there are about 15 or 16 font families to choose from ranging from fancy cursives to old-English style text. I added the following to my headers on my GonZoville site:
1 2 | <link href='http://fonts.googleapis.com/css?family=IM+Fell+English'
rel='stylesheet' type='text/css'> |
and then changed the CSS for the various headers to include:
1 | font-family: 'IM Fell English', arial, serif; |
and voila, I have nice old-world style text in my article and sidebar headers. Awesome. For headers and the like this is a great way to do something fancy and/or unique without relying on a Flash-based plugin or off-screen rendering techniques.
Engine Yard – Rails Hosting Nirvana
Most of my daylight hours are spent as CTO/lead-coder/graphics-monkey of a start-up I’ve been with for a couple of years: Dialed In. This is a Ruby On Rails application and that means we hit the usual problem with Rails of finding a good hosting service. There aren’t a whole lot of top-shelf options in this area yet and, back when we started, there were even fewer. At that time Engine Yard (“EY”) had a waiting list of a week or more to get service and we didn’t have the time, so we went with another provider who was technically as good, but could fulfill our server needs more or less same-day.
Now fast-forward a couple of years. Our provider starts to have some performance issues, one of which ends up costing us half a week of down-time to move our server image to a new physical server. Support starts to get slow and, while responsive, we get the impression that they’d rather we figure stuff out on our own. They have great technology and, if we were a large company with a full IT staff, it’d be great fun to play with.
But we’re not. We’re a small outfit where everyone does 3 or 4 or 20 jobs and messing around with complex server configurations is simply not good for business. Every hour one of our developers spends trying to configure the server is an hour they’re not spending writing code.
So we just recently moved the whole deal over to Engine Yard. In a word, I was astounded by the reception we received. For starters, their slice hosting comes with free accounts on GitHub (Git hosting), Beanstalk (SVN hosting), Lighthouse (ticket/project-management system), and New Relic (application analytics). So basically all the services we needed, or were paying for elsewhere, were now included in our basic hosting fees. Email is hosted on MailTrust – which works pretty well, even though it’s based on a Microsoft platform. But using MailTrust we can suddenly send email to people on AOL, so that’s a good thing.
