Adobe Opens Up AMF Spec

neutrino38 writes "Adobe has released the specification of the AMF format, the format used by Flash Remoting — the equivalent of AJAX for the Flash world. The article doesn't mention the AMFPHP project and the fact that some German and Canadian guys had reverse-engineered the format a long time ago. Adobe's action eases a long-standing legal uncertainty that slowed the uptake of AMFPHP for commercial projects. Next, we note that Adobe has not released its RTMP protocol used to contact a Flash Media server. This latter protocol is more interesting as it provides sessionful operation; media streaming; RPC both client-side and server-side using the AMF format; and shared objects among several sessions and server-side events. Fortunately, RTMP has been partially reverse-engineered by the red5 project. I suggest that the W3C should take a look at the whole Flash ecosystem as they think about upgrading the HTTP protocol."

Gnash!!

[bvimo (780026)]

Will the opening of AMF help Gnash http://www.gnu.org/software/gnash/ [gnu.org] ?

Re:

[Wesley Felter (138342)]

Not really. There was already an unofficial AMF spec, so having an official spec that says the same thing makes no difference. The problem with Gnash is that they just don't have enough coders to keep up with changes in Flash Player, so they will fall farther and farther behind.

Nice summary...

[intnsred (199771)]

I don't know about the "news value" of this article, but big kudos for tying together names, links and references to a bunch of interesting-sounding projects.

Designt HTTP around FLASH? WTF?

[brunes69 (86786)]

I suggest that the W3C should take a look at the whole Flash ecosystem as they think about upgrading the HTTP protocol.

This statement at the closure of the article is so stupid I don't even know on which angle to attack it first.

As a side note, can we PLEASE gt rid of this horrible trend of submitters adding their own "personal view" on postings? Frankly I don't give a crap. It's bad enough when the editors do it.

Open Standards

[bigpat (158134)]

The summary is a jumble mess, but the fact that Flex/Flash is still mostly closed source, but fills an important gap that isn't addressed by currently implemented standards, is problematic.

Take a look at this google finance page [google.com] You simply can't do the type of interactive charting that they do there without Flash and Flex. Any AJAX implementation of that would be just a hack.

It could be done with AJAX techniques and SVG, which is the open standard for flash like animations, but neither major browser implements the full spec yet.

So, the larger point about needing an open standard that is actually implemented is a valid one. But I don't think the fault lies in the W3C, it is just that it is taking some time for volunteer programmers to implement the standards that they came out with in Firefox.

Re:

[ScrewMaster (602015)]

You simply can't do the type of interactive charting that they do there without Flash and Flex.

The Tomato firmware in my router does something very similar using Ajax. I don't know enough about Ajax to know if what he did qualifies as a hack, though.

Re:

[ozone_sniffer (778249)]

You're missing the point the parent was focusing on. The question is not whether flash is useful or not, and should be standardized or not. The question is wtf flash standardization has to do with the HTTP protocol. The summary is (miserably) trying to imply there is something which should be modified in the next version of HTTP so as to benefit the usage of flash in some (mysterious, IMO) way. Flash is a content format, HTTP a network protocol. They're as related as horses and trucks carrying horses.

Re:

[bigpat (158134)]

I didn't miss the point. I agree that this has nothing to do with http protocol, but the point I think the submitter was trying to make was close enough to being in the right ballpark that I thought it was worth pointing that out. Flash/Flex is not just a content format, it is its own proprietary client platform for writing rich internet applications... It is basically its own web browser within a web browser which, if it gains any more wider adoption, it is going to subvert the open standards nature of

Re:

[jibjibjib (889679)]

You argue that Flash has nothing to do with the design of the HTTP protocol, and say that "they're as related as horses and trucks carrying horses" as if that makes them unrelated. Have you ever even seen a truck carrying a horse? All the trucks carrying horses that I've ever seen are specifically designed to carry horses.

Re:

[SanityInAnarchy (655584)]

Any AJAX implementation of that would be just a hack.

Any Flash implementation would be by definition a hack. The difference is, as you say, there's actually an open standard for AJAX.

Re:

[bigpat (158134)]

JavaScript+Canvas

Last time I checked Canvas wasn't supported in IE and HTML 5 (which it is included as a part of) isn't out yet as a released standard. Might be a good stopgap before svg full is supported, but is it really that much easier to implement than SVG or do you give up something?

JavaScript+SVG

This would be ideal, but animations aren't yet supported, so you would have to download new svgs with AJAX for interactivity. That seems like an unfortunate hack to me. Better to have the svgs be able to dynamically update more discre

Re:

[jibjibjib (889679)]

I don't know what you're talking about when you say SVG "animations aren't yet supported." Javascript can be used to manipulate elements of an SVG image, creating animation and interactivity. I've played simple games (e.g Tetris) in Firefox which are implemented entirely with SVG and Javascript.

Re:

[bigpat (158134)]

The javascript way of animations is more akin to an animated gif, it can be made to work for some things, but svg is supposed to have built in animation support which is more like flash. Firefox doesn't yet support the animation module.

Re:

[hey! (33014)]

The javascript way of animations is more akin to an animated gif

I'm not sure precisely what you mean. I've seen apps where javascript is embedded in SVG (the way it is more typically embedded in HMTL) to produce an interactive app; attaching event handlers to graphical objects produces what in effect are widgets. The combination of drawing, scripting and event handlers essentially means you have a GUI platform. Add some model for javascript to do communication and I'd say you have a pretty complete syste

Re:

[Ash-Fox (726320)]

A lot of this came up in the silverlight discussion a couple of days ago, but until html/javascript or some new standard provides for:
* Video Playback
* Audio Playback

There is a standard for playing these via the object tag [w3.org]. Unfortunately there is no standard application type or mime-type yet for audio/video capture. I'm also not aware of bitmap manipulation.

That said, there is non-standard stuff like Flash, Java and so on obviously.

I do flash/flex dev, as well as RoR. A site I did that wouldn't be doable in

Flash ecosystem...

[TheLink (130905)]

"take a look at the whole Flash ecosystem"?

I'm sure a whole bunch of security researchers (and "security researchers") have done so and are rubbing their hands with glee.

Just look at where Adobe took PDF - from the early relatively safe years to the javascript ridden present.

Flash is the web's single point of failure

[goombah99 (560566)]

Exactly. Flash is more ubiquitous than anything on the web. More ubiquitous than internet explorer. It runs binaries in the host machine, not simply running the in the browser's sandbox. I don't know if it will load and run native binaries over the web (like active X) or if it has it's own sandboxed java-like pseudo code. But it's a single sourced point of failure rather than a diverse ecosystem like all the different java VMs. Plus the code is enormous. Who knows what's in there. (cringley has speculated ADOBE could leverage this ubiquity to role out all sorts of products deployable overnight just by activating them. e.g. imagine is tommorrow everyone with flash also had bit torrent, google desktop, and perhaps even some DRM system available. "flash" deployment of programs could make them instant industry standards. no more arguing over which DRM will be universal is everyone has it available.)

Re:Flash is the web's single point of failure

[heinzkunz (1002570)]

> I don't know if it will load and run native binaries
> over the web (like active X) or if it has it's own
> sandboxed java-like pseudo code.

I don't think java uses pseudo code :)

You were probably thinking of byte code. Yes, the flash plugin runs byte code in a sandboxed virtual machine. It's not the browsers sandbox, but the flash players sandbox.

Re:

[nova_ostrich (774466)]

Flash Player doesn't run native binaries. It has it's own form of bytecode (known as ABC), much like Java, that gets JITed to native machine code. Flash Player is only about 1MB in size. Certainly not enormous when Java is much larger at about 7MB.

Anyone else find it ironic...

[TheVelvetFlamebait (986083)]

... that the guy explaining that Flash is the web's failure has a link to a YouTube video in his sig?

Re:

[TheLink (130905)]

I've proposed sandbox security templates:

https://bugs.launchpad.net/ubuntu/+bug/156693 [launchpad.net]

Basically an app will announce what sort of template sandbox it would want to be run as, and a user will decide whether it's OK or not. If OK, the OS will enforce the sandbox.

If an app claims to be a "guest game/applet" AND requests that it be run likewise, it won't be able to do much.

Whereas if an app claims to be a "guest game/applet" but actually requests "Full System Privileges" (the OS/GUI should pop up the usual warn

Re:

[99BottlesOfBeerInMyF (813746)]

I've proposed sandbox security templates

Might I suggest you champion the inclusion of SELinux by default in distros. It would at least allow security minded application designers to solve their part of the problem.

Basically an app will announce what sort of template sandbox it would want to be run as, and a user will decide whether it's OK or not. If OK, the OS will enforce the sandbox.

I think this is about 1/3 of the solution. First, if an app is going to announce itself, it might as well be specific and come with a full ACL describing what it should be doing, thus providing finer grained security and preventing some overflow style attacks. Second, since such a system does not address malware, it needs to be pai

Re:

[TheLink (130905)]

I think ubuntu and Suse have apparmor already which is similar to SELinux.

"First, if an app is going to announce itself, it might as well be specific and come with a full ACL describing what it should be doing,"

Should only do this for custom ACLs.

Most apps should be able to fall under a more manageable set of template ACLs that users can recognize.

Custom system ACLs could be signed by the OS vendor, so no prompts to the user - stuff just runs.

Custom 3rd party ACLs could be signed by a verifier that certifie

News doesn't' surprise me

[qazwart (261667)]

There has been a browser war going on for a while. It isn't the IE vs. Firefox war everyone talks about. It's about the rendering engine to use.

Apple's WebKit has succeeded beyond Apple's wildest dreams. It is officially being used at Google for its applications, it has been adopted by KDE, and the Gnome team is also about to adopt it. It is also the official rendering engine for Android. That puts WebKit on each Linux distribution and on what will soon become a major portable Internet device platform.

Adobe has been pushing Flash as the web rendering engine to rule the world, but it hasn't been doing so well. The big war for the browser isn't the desktop, but all the little devices that we will all carry around: PDAs, Phones, cameras, music players, game machines, etc. Flash needs a consumer client in order to work, and the fact that all of these devices will depend upon Adobe creating a client for each and every platform and operating system just doesn't cut it. Manufacturers don't want Adobe to rule whether their device is worthy of a Flash client.

In order for Adobe to be truly competitive in this fight, they must open up the Flash file specifications. That way, each device maker can design their own Flash player much the same way they build their own web browser according to HTTP/HTML specs.

The only question I have is how "open" is the spec? What happens if Adobe wants a new version of Flash with more features? Will it open up the new specs? Will Adobe allow me to create a program that will write to the Flash file format, or is that still closed to me? This isn't entirely unheard of. Microsoft has "open specs" for NTFS. I can give my operating system the ability to read NTFS, but not the ability to write it without first getting a license from Microsoft.

Re:

[BrentH (1154987)]

Apple's Webkit adopted by KDE? Big ups for the Mac Propaganda department... It's was the Konqueror guys who did the heavy lifting. Although Apple did indeed improve it even further, the KDE-team had to pry very hard to get some results back from the deal.

Good idea

[the eric conspiracy (20178)]

Adobe has been moving away from serverside development (i.e. JRun). Opening AMF will allow other app server vendors to offer AMF implementations that adhere to known specifications, rather than reversed engineered versions. Ultimately this will improve the acceptance of Flash remoting applications which will be good for Adobe.

This is apart of a larger "openening" of Flash

[quetwo (1203948)]

The announcement of the opening of the AMF protocol (which is a compressed, binary stream of data, used to transfer data from a back-end server to a flash application, no different than AJAX), is actually a subset of Adobe's announcement to open-source the BazeDS project. BazeDS is a Java server that sits as middleware between your Flash/Flex app and your back-end server (Java, PHP, ColdFusion, etc). AMF is a major part of that product. To all the critics of the Flash player... Take a look at its track record. It is under a meg download, available for most platforms (Win,Mac,Linux,Symbion,etc), and has an excellent security track record (as compared browsers/plugins in the industry). It does not just take a "binary stream" and execute it -- it has a very strict sandbox enviroment that protects both the browser, and the operating system. Heck, you can't even load a Web Service without the called-domain allowing it. And while not opening up the full SWF format, Adobe has open-sourced the Flex Framework, which is used to create SWF files. Take a look at Adobe Labs : http://labs.adobe.com/ [adobe.com] for more info on some of Adobe's open-source projects.

Re:

[SanityInAnarchy (655584)]

And while not opening up the full SWF format

Why haven't they?

And more importantly, can we please stop taking Flash seriously until they do?

Being "closed" is part of Flash's attraction.

[argent (18001)]

The Flash sandbox seems to be pretty good, yes. That's about as far as it goes.

Flash is barely "available for Linux": there's a Linux port that's only for i32, only for gecko-based browsers, and I doubt it'll work if you're not right up-to-the-minute up-to-date with a pretty vanilla distro. And of course it's not available for other free UNIX platforms or non-x86 hardware. That's because far from being "open", it's a closed binary blob.

But more than not being open source, it's not an open format. The fact t

Re:

[Ash-Fox (726320)]

only for gecko-based browsers

It works in Konqueror and Opera just fine too.

Flash for Linux requirements?

[argent (18001)]

Got a definitive link for it? Because the one I found listed a handful of gecko-based browsers as requirements, and it would be nice to get everyone on the same page.

Re:

[Raenex (947668)]

Take a look at its track record.

For years Linux was stuck with an old and buggy version of Flash.

Flash client is still closed

[mi (197448)]

I suggest that the W3C should take a look at the whole Flash ecosystem as they think about upgrading the HTTP protocol.

Frankly, I can't believe this. Slashdot, which gave Sun so much crap for making Java source code available under a wrong kind of license, is front page-advocating wider adoption of software, for which no source code is available at all ...

Re:Flash client is still closed

[pembo13 (770295)]

I was pretty sure it was just the submitter, and not the Slashdot consensus.

Re:

[mi (197448)]

In my humble opinion a way to grow is opening up the code that people can improve.

Forget improving. I'd like to be able to simply compile a native version for my FreeBSD/amd64 system. As things stand, there is not even a version for Windows/x64!

Something tells me, Slashdot's outrage about Microsoft's anti-competitiveness back then had little to do with the fate of Netscape. All Microsoft had to do to appease most people here, was to release a Linux version of IE.

I'm Confused

[dwillden (521345)]

What does Adobe have to do with Bowling? http://www.amf.com/corporate/index.htm/ [amf.com]

Re:

[jibjibjib (889679)]

Your comment would be funny and possibly even insightful if the submitter had used the acronym "AMF" without giving any background or explaining what it is. In this submission, the author describes what AMF is ("the format used by Flash Remoting -- the equivalent of AJAX for the Flash world.") and links to an article with more details about it, so I don't see the point of pretending to be confused about it.

Re:

[ameoba (173803)]

I was expecting something to do with these [drinksmixer.com]...

W3C should take a better look at Flash

[heinzkunz (1002570)]

Mod be down, but I kind of agree with the OPs point that the W3C should take a better look at Flash. Not to update the HTTP protocol of course - neither Flash nor the W3C have interest in changing that. But things like access to the bitmap data of images or a flexible component model are very useful for us programmers. Without advancements, we will forever be stuck with half baked web apps, and the W3C better look at what flash does right.

Regarding the RTMP

[heinzkunz (1002570)]

Next, we note that Adobe has not released its RTMP protocol

Adobe recently announced [adobe.com] to make it's messaging server open source. This includes the RTMP, of course.

Re:

[cheater512 (783349)]

Um...Small question: Why do you use flashbock?

Just do what I do. Dont install flash. Simple.

Re:

[Grampaw Willie (631616)]

FlashBlock like NoScript will allow you to have FLASH installed and select which media you want to allow

Re:

[cheater512 (783349)]

The GP's point was that its all rubbish.

Re:flash is for ads - so I block it

[jibjibjib (889679)]

Why use adblock? Why not just turn off images? [/sarcasm]

Seriously, there are uses for Flash apart from ads. Many websites use it for embedded audio, video, instant messaging, simple image editing, games, and basically any interactive functionality which would be too slow and hackish to implement using AJAX.

Re:

[AKAImBatman (238306)]

I dont' care about yousless tube junk

Flash is useful for a lot more than just Youtube. While video is possibly the most common use for Flash (it's the only *standard* that all browser makers can agree on) it's also used for purposes like web games. I know in of itself that's not all that interesting, but it's also one of two ways of making homebrews [wiicade.com] for the Wii Internet Channel.

The AMF format has been reverse engineered before, but having it fully published should make it easier to create desktop integratio

Re:

[b100dian (771163)]

This (good) news only proves that Silverlight and JavaFX did something: kicked the ass of the dominant RIA player to open up, first the Flex 3 SDK, now the AMF protocol and who knows, in 2 years the VM too? (aka Flash Player)
This is a good thing(tm): a de facto standard becoming open;)

Re:

[greg1104 (461138)]

I thought the submission was quite good. If you don't have the background to follow all the acronyms or understand the implications without having them spoon-fed to you, perhaps you should switch to a site whose motto is more like "News for not-quite-nerds?"

Re:

[totally bogus dude (1040246)]

I also thought it was pretty good. If you don't understand it, chances are it's probably not interesting to you, so just ignore it. You might also note that this is on developers.slashdot.org, so it's pretty much blindingly obvious who the target demographic is. Not every developer (nor even every web developer) is going to care about it, but a lot of the draw of sites like slashdot is that it allows you to keep abreast of news in areas related to your field of interest, but not quite close enough to your c

Re:

[gbjbaanb (229885)]

Actually, it is *the* worse summary. Its a sad day when even the submitter doesn't RTFA:

Summary:

The article doesn't mention the AMFPHP project...

Article:

.... said Wade Arnold with AMFPHP. "Working with Adobe, we can create a common programming model that enables RIA developers to extend the reach of their applications across different server technologies in a compatible and consistent approach. The AMFPHP project is ecstatic to be able to work directly with Adobe in order to better leverage the AMF protocol in LAMP applications."

Re:

[gbjbaanb (229885)]

Probably by sending some cookie data with every request.

Hmm. just like how HTTP Sessions work :-)