Some of my old friends keep asking me for tips and tutorials for flash and actionscript, so I decided to spend a few hours writing a small tutorial for a small slideshow class. The tutorial turned out to be rather long, because I wanted to go in detail and explain the "why", not just the "how".

The code is AS3 and the tutorial assumes some general knowledge of flash and actionscript 1 and 2.

Read more »

Pages: 1 · 2 · 3 · 4 · 5 · 6 · 7

I just read on Google’s official Webmaster blog that they’ve started experimenting with more advanced crawling to help them index pages inaccessible via links. Their crawler is actually filling and submitting forms from the site and check the results.

From the blog:

Specifically, when we encounter a <FORM> element on a high-quality site, we might choose to do a small number of queries using the form. For text boxes, our computers automatically choose words from the site that has the form; for select menus, check boxes, and radio buttons on the form, we choose from among the values of the HTML. Having chosen the values for each input, we generate and then try to crawl URLs that correspond to a possible query a user may have made. […] our crawl agent always adheres to robots.txt, nofollow, and noindex directives. That means that if a search form is forbidden in robots.txt, we won’t crawl any of the URLs that a form would generate. Similarly, we only retrieve GET forms and avoid forms that require any kind of user information.

The idea definitely sounds interesting, but I can’t help myself wondering how this might have unintended consequences. Why?

It all boils down to so many programmers failing to understand the differences between GET and POST and when to use one instead of the other. To many, the distinction is simply "GET is easy to test, ‘cause you can test the URL in browser; POST hides the parameters". This is not the whole picture though.

GET is intended to be used to, well, get data. A search form is a prime example: you enter a word and the server gives you back a list or results.

POST is for actions. Login is a good example, but basically any action that actually alters anything should be handled via a POST, although very often it is not.

I’ve seen plenty of cases where actions are sent via GET, query strings like ?action=delete&itemid=1131. Can you see the potential issues? Now, granted, googlebot will only crawl though public areas (they won’t touch password fields and such) so the damage should, in theory, be limited. In practice, the bot will try all possible combinations of a form’s widgets, like an automated tester but without the benefit of running in a supervised environment.

My advice? Have a look at your code and remember "if something can go wrong, it will". If you see something not quite OK, better fix it now.

Further Reading:

• HTML 2.0 Specification - Form submission

I’ve been trying to setup a VPN between our company laptops and our HQ since 2004. We use ZyWall boxes for NAT, firewall and wireless connections. They also have IPSEC VPN capabilities, which are very handy when connecting two office branches. The VPN connection between several boxes has been relatively easy and once set up, it’s mostly transparent.

At the same time, as much as I’ve tried, I never managed to setup a VPN connection between a laptop computer and one of the ZyWalls. In three years I’ve tried at least five VPN clients, including SSH Sentinel, Checkpoint SecuRemote and Green Bow. Each one had issues with ZyWall. At best, the connection interfered with other firewall and internal policies as the ZyWall VPN server does not assign IPs to the client computer; or the tunnel was being built but no packets could get through; at worst, the VPN client froze the computer.

I kept trying various setups, different client software, asked on all forums for ideas. I learned a lot about network protocols, encryption and certificatate authorities, but I still couldn’t get the VPN to work without problems. Desperately, I’ve even tried to set up a PPTP VPN on a Windows 2003 server, punch a hole in the ZyWall firewall, forward port 1723 and use the windows built-in VPN client to connect. Still, it wouldn’t work.

A few days ago, my boss said to me "hey, I just read about a zero-configuration VPN, you don’t need to set up anything". At first I laughed at the idea, but then I decided to have a closer look and prepared a test environment.

Hamachi boasts the following (from their website):

• LAN over the Internet Arrange multiple computers into their own secure network, just as if they were connected by a physical cable.
• Remote Access Remote control any machine on your network with Remote Desktop.
• Files and Network Drives Access critical files and network drives.
• Zero-configuration Works without having to adjust a firewall or router.
• Cost Effective Basic version is free to use. Premium begins at $4.95/month.

Sounded too good to be true. Intrigued, I decided to read more. They use a "mediation server" to establish the connection. The mediation server assigns a private IP (e.g. 5.27.000.001) to each client, creating peer-to-peer tunnels. Basically each client computer becomes part of one big LAN via VPN. To separate all the users, one can create a password-protected "network" and various users can then join that network, if they know the password. After that, they can access the shared resources or use Remote Desktop, as in any LAN.

I tested it, and it works flawlessly. The program is incredibly small (under 1Mb) and hardly uses any resources. It’s very easy to set up - the interface has just 5 buttons, including the Close and Minimize. No more Negotiation Modes, Replay Detection settings, SA Life Time and Perfect Forward Secrecy; Hamachi is indeed zero-configuration.

On the downside, it’s not a traditional VPN. I’ve read their Security White Paper and it looks good - on paper. Still, being closed source and untraditional, I still am a little worried about security. IPSEC VPN is proven. When set up correctly, it’s secure. Hamachi is new and relatively unknown. It may prove to be an excellent piece of technology, one that simplifies and enhances access while maintaining security, but it’ll take some more time until I’m convinced. Moreover, you’re dependent on their mediation servers. If they go down (and network outages have happened), it’s bye-bye connectivity. For now, I will keep an eye on it and I’ll test it more before deploying it within our company.

Are you using Hamachi? What is your experience with it?

This post is not about Actionscript. In fact, it’s an embarrassingly simple tip for Flash artists.

Just before Christmas, I’ve asked our main graphic artist to make a simple Holiday greetings card. After two days of work (he kept complaining that he’d need a real model to pose for him), he presented me with the result.

The girl Santa was drawn in Flash, using a Wacom tablet. He told me "I wish I could bring it in Photoshop to make it look a little better". I instantly knew what he meant. He had been using strokes with varying degrees of opacities on different layers to represent shadows and highlights, but the edges were hard and unnatural. I told him - "So you’re after an airbrush effect". Airbrushes allow for very smooth lines, colors and gradients; a very simple example would be the flames painted on cars (not the vinyl decals, the real thing.)

Before and After: see how smooth the shadows and highlights are in the right-hand image

It’s actually very easy to archive similar effects in Flash. Instead of using multi-layered gradients or the "soften fill edges" command, you can simply use the bitmap effects introduced by Flash 8. Just select the areas you want to smooth out, make it a Movie Clip and apply a Gaussian Blur effect. You can go even further, by experimenting with different blending modes (for example, set the shadows to Multiply and highlights to Screen). If you don’t go overboard with effects, you can get some very nice looking graphics without putting any significant strain on the CPU.

Here’s the full version of the card:

With the new releases from Adobe, DXO Labs and Phase One, I’ve decided to put to the test some of the top RAW processors. These are:

• Adobe Photoshop Lightroom 1.3;
• DXO Pro Optics Suite 5;
• Capture One 4.

I would have wanted to also test Apple Aperture 1.5, but it wasn’t possible at this time, so, I decided to postpone that test.

These software represent the high-end segment of the RAW converters, since they are all geared (or at least marketed) as tools for professional photographers. This doesn’t mean that Bibble, Silkypix or ACDSee Pro are not capable, it’s just that they have a different market.

Of course, their features and intended uses do not overlap completely. Lightroom in particular is billed as a DAM (Digital Asset Management) software, whereas DXO has extended features in term of image geometry correction. Still, I’ve tried to judge all three of them fairly and bring the best out of each one, rather than trying to prove a point.

Interface

All three programs have similar interfaces. It would be definitely unfair to say that any of them copied the other. They all employ a dark, monochrome look that is essential in avoiding misjudging colors, and they all use collapsible side-panels.

Lightroom	Capture One	DXO

Read more »