I've got it refactored on my own local branch, but it's a big enough change
I might submit it separately. I hate to say it, but working on this really
makes my head hurt.
I've got the as3httpdlib working on my local copy. I need a bit to clean
it up -- should have it ready this evening or
Ok. Digging into this a bit more, the only time we will ever use HTTPS is
during the Installer Config download and the MD5s.
No reason why we need to be tunneling the Installer Config through HTTPS.
All it contains is localization strings for the current version. MD5 paths
(and all paths,
On 2/6/15, 2:56 PM, Nicholas Kwiatkowski nicho...@spoon.as wrote:
I have some time to implement the as3httpdlib this weekend if that is the
direction we want to go.
Sounds good to me, go for it!
-Alex
FWIW, when I tried to implement a socket server for Flash, I ran into more
issues than with URLLoader. Although, I don’t remember any details.
On Feb 8, 2015, at 6:50 PM, Alex Harui aha...@adobe.com wrote:
On 2/6/15, 2:56 PM, Nicholas Kwiatkowski nicho...@spoon.as wrote:
I have some
On Feb 8, 2015 8:52 AM, Alex Harui aha...@adobe.com wrote:
On 2/6/15, 2:56 PM, Nicholas Kwiatkowski nicho...@spoon.as wrote:
I have some time to implement the as3httpdlib this weekend if that is the
direction we want to go.
Sounds good to me, go for it!
And some refactoring of the main
On 05/02/15 16:56, Alex Harui wrote:
What do others think? IMO, for 3.2 we should just do the swap of an AS3
native HTTP implementation and not switch our urls to HTTP or add some
checkbox. Then we can get better data on how many problems that change
solved or if it introduces new issues. Not
On 2/6/15, 1:11 AM, Tom Chiverton t...@extravision.com wrote:
On 05/02/15 16:56, Alex Harui wrote:
What do others think? IMO, for 3.2 we should just do the swap of an AS3
native HTTP implementation and not switch our urls to HTTP or add some
checkbox. Then we can get better data on how
On Feb 6, 2015 7:37 AM, Alex Harui aha...@adobe.com wrote:
On 2/6/15, 1:11 AM, Tom Chiverton t...@extravision.com wrote:
On 05/02/15 16:56, Alex Harui wrote:
What do others think? IMO, for 3.2 we should just do the swap of an
AS3
native HTTP implementation and not switch our urls to
Hi,
Looks like it is MIT license so ok to use.
It's BSD not MIT but that's also OK assuming you add it to LICENSE. [1]
Justin
1. http://www.apache.org/dev/licensing-howto.html#permissive-deps
+1 to http vs https.
-Mark
-Original Message-
From: omup...@gmail.com [mailto:omup...@gmail.com] On Behalf Of OmPrakash
Muppirala
Sent: Wednesday, February 04, 2015 11:11 AM
To: dev@flex.apache.org
Cc: Paul Hastings
Subject: Re: [Installer - FLEX-34251] Is SSK needed for load installer
Very weird. This time when I hit the link I ended up at
https://code.google.com/p/as3httpclient/
Which does show BSD, but last time I ended up at
https://code.google.com/p/as3httpclientlib/
Which shows MIT. I guess there is more than one version of AS3 Native
HTTP. Whoever works on it can
Weird, I see BSD instead of MIT... Maybe it shows one for the US, and
another for the world?
EdB
On Thu, Feb 5, 2015 at 4:25 PM, Alex Harui aha...@adobe.com wrote:
On 2/5/15, 12:23 AM, Justin Mclean jus...@classsoftware.com wrote:
Hi,
Looks like it is MIT license so ok to use.
It's BSD
On 2/5/15, 12:23 AM, Justin Mclean jus...@classsoftware.com wrote:
Hi,
Looks like it is MIT license so ok to use.
It's BSD not MIT but that's also OK assuming you add it to LICENSE. [1]
Ugh. Did you find BSD somewhere? That could mean the authors didn’t
handle their IP carefully.
When I
I'd recommend against using the client to bypass the windows settings. If
we do, the we need to expose properties like Proxy Settings, and need to
deal with locations that disallow large TCP window sizes (for example,
users on ATT DSL have to force their TCP Window size to 1440 instead of
1500
Subject: Re: [Installer - FLEX-34251] Is SSK needed for load installer
config?
On Feb 4, 2015 8:09 AM, Alex Harui aha...@adobe.com wrote:
Another question for you guys, since I don’t have any expertise in this
area, would we in fact skirt around this by hitting http for more of our
downloads
On 04/02/15 17:38, Erik de Bruin wrote:
Only if you think a man-in-the-middle attack that hijacks both the
download and the MD5 request is more likely than the bad guys having
backdoor access to the servers actually hosting those files. And given
the fact that those servers reside in the US and
On 2/5/2015 4:53 PM, Tom Chiverton wrote:
If people's Windows settings are incompatible with modern web sites
people as in people who don't normally use IE. chrome reaches the config file
site just fine (ditto for firefox). as justin pointed out most developers aren't
big fans of IE, so this
Yes. This is purely an SSL issue in regards to new TLS certificates (other
cyptro methods were proven to be weak, so many sites/browsers aren't
supporting them anymore).
-Nick
On Wed, Feb 4, 2015 at 11:08 AM, Alex Harui aha...@adobe.com wrote:
Another question for you guys, since I don’t have
However, we do need to verify that hitting HTTP doesn't cause too many
redirects (possibly to HTTPS), as I seem to remember that redirects
sometimes cause trouble for AIR and not to mention that we'd be back
to square one if that would happen...
EdB
On Wed, Feb 4, 2015 at 5:12 PM, Erik de
On 2/4/15, 9:14 AM, OmPrakash Muppirala bigosma...@gmail.com wrote:
On Feb 4, 2015 9:03 AM, Alex Harui aha...@adobe.com wrote:
In another thread, I think Tom C says we should be using https to
deliver
all of our bits, which we aren’t today. What do folks think?
-1. We are already doing MD5
+1 here as well, especially since that would be an 'easyfix' ;-)
EdB
On Wed, Feb 4, 2015 at 5:11 PM, OmPrakash Muppirala
bigosma...@gmail.com wrote:
On Feb 4, 2015 8:09 AM, Alex Harui aha...@adobe.com wrote:
Another question for you guys, since I don’t have any expertise in this
area,
In another thread, I think Tom C says we should be using https to deliver
all of our bits, which we aren’t today. What do folks think?
-Alex
On 2/4/15, 8:37 AM, Alex Harui aha...@adobe.com wrote:
I thought the change to http was going to be in the
sdk-installer-config-4.0.xml file but it turns
In another thread, I think Tom C says we should be using https to
deliver
all of our bits, which we aren’t today. What do folks think?
-1. We are already doing MD5 checks on downloaded artifacts. I am not
sure what benefit https is going to add here.
It looks like we currently pull our MD5
On Feb 4, 2015 8:09 AM, Alex Harui aha...@adobe.com wrote:
Another question for you guys, since I don’t have any expertise in this
area, would we in fact skirt around this by hitting http for more of our
downloads instead of https?
+1 to hitting http by default.
Thanks,
Om
-Alex
On
Another question for you guys, since I don’t have any expertise in this
area, would we in fact skirt around this by hitting http for more of our
downloads instead of https?
-Alex
On 2/4/15, 8:05 AM, Paul Hastings paul.hasti...@gmail.com wrote:
On 2/4/2015 10:52 PM, Nicholas Kwiatkowski wrote:
On Feb 4, 2015 9:03 AM, Alex Harui aha...@adobe.com wrote:
In another thread, I think Tom C says we should be using https to deliver
all of our bits, which we aren’t today. What do folks think?
-1. We are already doing MD5 checks on downloaded artifacts. I am not
sure what benefit https is
know if that does indeed fix the issue.
Neil
-Original Message-
From: Erik de Bruin [mailto:e...@ixsoftware.nl]
Sent: February-04-15 9:13 AM
To: dev@flex.apache.org
Cc: Paul Hastings
Subject: Re: [Installer - FLEX-34251] Is SSK needed for load installer
config?
+1 here as well
Please continue discussion on this issue in this thread.
Thanks,
EdB
On Wed, Feb 4, 2015 at 10:06 AM, Erik de Bruin e...@ixsoftware.nl wrote:
Good find!
This issue matches the following JIRA issue:
https://issues.apache.org/jira/browse/FLEX-34251
Please use that to work on this bug. I
An option we could use is to try https first. If it fails, present the
user to drop down to http. This should take care of all use cases, yet
still allow the user control the security level...
-Nick
On Wed, Feb 4, 2015 at 12:02 PM, Alex Harui aha...@adobe.com wrote:
In another thread, I
Anything Vista+/Mac OS10.4+ has TLS turned on by default. It was made
available in XP, if you turned it on.
-Nick
On Wed, Feb 4, 2015 at 10:30 AM, Tom Chiverton t...@extravision.com wrote:
On 04/02/15 15:23, Alex Harui wrote:
I wonder if on Windows, the Installer should pop an alert when
On 2/4/2015 10:30 PM, Tom Chiverton wrote:
TLS 1.x is fast becoming mandatory for SSL connections. This page
http://blogs.msdn.com/b/kaushal/archive/2011/10/02/support-for-ssl-tls-protocols-on-windows.aspx
has a chart showing TLS support by O/S, and indicates Windows 7 should
support it, I
On 2/4/2015 10:52 PM, Nicholas Kwiatkowski wrote:
Anything Vista+/Mac OS10.4+ has TLS turned on by default. It was made
available in XP, if you turned it on.
1.0 was on by default, 1.1 1.2 (guess the culprit here) weren't.
Sounds reasonable.
The AIR downloading code via URLLoader just seems sensitive. Do we know
if we use AIR sockets and build our own http download protocol on top if
it will bypass the IE libraries underneath?
-Alex
On 2/4/15, 11:03 AM, Nicholas Kwiatkowski nicho...@spoon.as wrote:
An option we
On Feb 4, 2015 5:33 PM, Alex Harui aha...@adobe.com wrote:
Sounds reasonable.
The AIR downloading code via URLLoader just seems sensitive. Do we know
if we use AIR sockets and build our own http download protocol on top if
it will bypass the IE libraries underneath?
Yes, it will. I use
On 2/4/15, 11:41 PM, piotrz piotrzarzyck...@gmail.com wrote:
Hi Om, Alex,
So can we just use this library ? Any license objections ? Or it is too
big
and better write our own logic ?
Looks like it is MIT license so ok to use.
-Alex
this message in context:
http://apache-flex-development.247.n4.nabble.com/Installer-FLEX-34251-Is-SSK-needed-for-load-installer-config-was-Re-sdk-4-14-0-100-install-failures-tp44913p44955.html
Sent from the Apache Flex Development mailing list archive at Nabble.com.
On 2/4/15, 6:12 PM, OmPrakash Muppirala bigosma...@gmail.com wrote:
On Feb 4, 2015 5:33 PM, Alex Harui aha...@adobe.com wrote:
Sounds reasonable.
The AIR downloading code via URLLoader just seems sensitive. Do we know
if we use AIR sockets and build our own http download protocol on top
The IE 'internet options' are actually the Windows internet options,
it's a left over from when IE was illegally tied to Windows.
The question is what are the default settings there - if the defaults
are for those options to be on we don't need to worry ?
Tom
On 04/02/15 09:08, Erik de
Hi Paul,
Thanks for finding that.
I wonder if on Windows, the Installer should pop an alert when finding a
download error and suggest that folks use Internet Explorer to hit the
failing download.
Thoughts?
-Alex
On 2/4/15, 1:08 AM, Erik de Bruin e...@ixsoftware.nl wrote:
Please continue
On 04/02/15 15:23, Alex Harui wrote:
I wonder if on Windows, the Installer should pop an alert when finding a
download error and suggest that folks use Internet Explorer to hit the
failing download.
At the very least, it'll provide an immediate data point if they report
it, and may aid people
40 matches
Mail list logo
