Presenting at Adobe MAX 2009

17.06.09

Filed Under: Flex, General with 1 Comment

I have finally received the confirmation for the Adobe MAX 2009 presentation, which I will be co-presenting together with a former colleague , Tom Sugden, from Adobe Professional Services

For almost a year now, I have been responsible for the architecture and delivery of Flex on Morgan Stanley Matrix, their new Single Dealer Trading Platform.

So, what are we presenting?

Presentation is called “Building Matrix – Scaling Flex for a large trading application”. We will give some insight in what it takes to architect and scale a large Flex application. With a team of more than 30 Flex developers we have been introduced to technical issues we never before had considered even existed. Some of the areas where we have spent a lot of effort has been performance, scalability, developer productivity and modularization, and we will shed some light in what we have done, and what we have achieved.

Matrix - Morgan Stanley’s new trading platform

04.06.09

Filed Under: Flex with 0 Comments

Adobe (Ben Forsaith), announces Morgan Stanley’s new Flash/Flex based trading platform. There is also a microsite that demonstrates some of the functionality Matrix

“Morgan Stanley have launched a game changing application that aims to provide their customers with the industry leading online trading environment. But don’t just take my word for it…the following micro-site provides valuable insight into what has been delivered (and has some demos too).”

SWFScan first impression

24.03.09

Filed Under: Flash, Flex, Security with 0 Comments

I got some time today to try SWFScan, and from what it claims to offer it looks promising, but does it live up to it?

The install works seamlessly, and you are up and running in minutes. You can load a file locally from disk or via an url.
swfscan_11

After the .swf file is loaded, and decompiled, you can navigate the complete package structure, and all the classes within a package. It is also possible to view the source for single classes. Quite interesting that HP has made it so easy to have a look at your own and other companies applications :)

The most interesting feature, and the whole point of SWFScan is analyzing the source to find security issues, and it lists the possible vulnerabilities in your application. A job it seems to do relatively well, considering that I have only used it for a short while and not tested it with code that i know has security issues, it works well. I managed to test it on a large application I’m working on, plus a few modules we are using, and performance for the decompile and the analysis was very good.
It is very eager on reporting issues where it is doing string comparisons, and it’s makes it feel a bit noisy, at least if your application is large, and you use words like “security”, “uid” in your methods or variables. But i would rather see them too often, then not picking up on potential issues. It also reports issues like trace() which you don’t really want in your production code.

swfscan_2

After having tested it on both Flash and Flex applications, I would say it works as expected. So far I have “only” found one big showstopper, we have a preloader in one of our Flex applications, and SWFScan is not able to decompile the classes in the whole application, only the ones used by the preloader.

SWFScan also highlights a broader issue with Flex/Flash applications, in the past decompilers haven’t really been as available as it is now, and looking at the code it produces it should give most developers a small wake-up call. It gives other people a good insight to how you code, how it is designed and also what services you are using.

This is absolutely a tool every Flex/Flash developer should have in their toolkit.

Find security vulnerabilities in Flex applications

23.03.09

Filed Under: Flash, Flex, Security with 0 Comments

HP has launched a new tool to find security vulnerabilities in Flash/Flex applications, SWFScan. Looks quite promising, this is how it does it:

Definitely worth trying, finally someone creates a tool to address Flash security.

Stubbing Flex HTTPServices

24.02.09

Filed Under: Flex with 0 Comments

On a few projects I have worked on there has been necessary to stub the Flex HttpServices. A couple of reasons has been, server side code is not ready yet or services are too unstable to support a continuous UI development.

I have seen examples where there has been spent a lot of time developing code to accommodate for this, with the only result that code base has a lot of non production code which can cause bugs and add an overhead to maintenance of the system. In my eyes that would be wrong, test/mock coding is money wasted on valuable time that should be spent on developing features.

So why not use something which already (almost) exist. When you use HTTPServices, you can point to nearly anything that gives you some kind of XML result. Pointing to a static XML file on the server should give you almost the same as pointing to a service which would serve you dynamic XML.


package com.lab49.spike
{
	import mx.core.Application;

	import mx.rpc.AsyncToken;
	import mx.rpc.http.mxml.HTTPService;

	public class StubHttpService extends HTTPService
	{
		public var stubUrl : String = "";

		private function get stub() : Boolean
		{
			var stubParam : String = String( Application.application.parameters[ "stub" ] );

			return stubParam == "true";
		}

		public override function send( param : Object  = null ) : AsyncToken
		{
			if( stub )
			{
				url = stubUrl
			}

			return super.send( param );
		}
	}
}

And when you use it, insert “stub=true” in your url, and add this to your StubHTTPService:


<spike:StubHttpService
	url="http://localhost:8080/spike/myService"
	stubUrl="xml/stub.xml"
	...
/>

Mission critical Flex application

09.02.09

Filed Under: Flex with 0 Comments

One of my previous projects were showcased on Adobe Max 2008 in San Francisco, a mission planning system for NATO AWACS, E-3A Component, presented by Peter Martin and Mansour Raad.
The application was built based on Flex, LiveCycle DataServices and Oracle, one of the main components used within Flex was the ESRI mapping api.

The presentation is available on AdobeTV.

Who said Adobe Flex couldn’t be used for critical systems? :) If Adobe wants Flex to be seen as a serious framework in the enterprise, this is the kind of projects they need to show more of.

Over a series of posts I will cover some of the experiences gathered from this and other projects I have taken part in. There is usually more to a project then just choosing a framework like Cairngorm, PureMVC or one of the many IoC containers which are popping up everywhere.

Scotch on the Rocks, day 3

09.06.08

Filed Under: Flex with 5 Comments

My second presentation at Scotch On the Rocks was Flex Client Architecture & Best Practices. The one topic in the presentation which gained most attention was probably PresentationModels. I would say there is not really any magic to how to use PresentationModels, but it is more down to what kind of logic you put there and how it relates to your services. The PresentationModel pattern is also independent of any framework you would put on top of Flex.

If you have an interest in presentation patterns, I would recommend to look at Paul Williams great presentation pattern blog series. He also has a series covering how to unit test the different patterns, which most developers should find interesting.

Scotch on the Rocks, day 2

05.06.08

Filed Under: Flex with 2 Comments

Today I had the first of two presentations I will have at Scotch on the Rocks 2008, todays topic was Modularizing Flex applications - Cairngorm & Modules. It was good to see so many Coldfusion ( and Flex ) developers being interested in how to use Flex modules and Cairngorm.

Tomorrow I will present “Flex Client Architecture & Best Practices”, where topics like PresentationModel and unit testing will be covered.

As I also announced on 360|Flex Europe in Milan, Adobe Consulting will over the next few months share some of our best practices in a series of articles. A topic could be for example “Cairngorm and Modules”. Steven Webster has posted a call for topics blog post

Cairngorm Deepdive

11.04.08

Filed Under: Flex with 0 Comments

On Wednesday I had the pleasure of presenting “Cairngorm Deepdive” at 360|Flex Europe. Thanks to
Tom and John for organizing the first 360|Flex in Europe

Presentation Cairngorm Deepdive

360|Flex Europe - Cairngorm deepdive

27.03.08

Filed Under: Flex with 0 Comments

It is now less than 2 weeks left till 360|Flex Europe kicks off in Milan, Italy. And looking at the list of topics being presented, it’s going to be a great conference!

In my presentation - Cairngorm deepdive, I’ll be covering some of the history behind the Cairngorm Microarhitecture, how to use it on large scale projects, how to handle security, and also shed some light on the future of the framework.

There is also a second presentation covering Cairngorm, Neil Webb will present Cairngorm for beginners.

If you haven’t already signed up for the conference, you can do so here

Next Page

Categories