I've got it refactored on my own local branch, but it's a big enough change
I might submit it separately. I hate to say it, but working on this really
makes my head hurt.
I've got the as3httpdlib working on my local copy. I need a bit to clean
it up -- should have it ready this evening or tomorr
On Feb 8, 2015 8:52 AM, "Alex Harui" wrote:
>
>
>
> On 2/6/15, 2:56 PM, "Nicholas Kwiatkowski" wrote:
>
> >
> >I have some time to implement the as3httpdlib this weekend if that is the
> >direction we want to go.
>
> Sounds good to me, go for it!
And some refactoring of the main mxml file would
FWIW, when I tried to implement a socket server for Flash, I ran into more
issues than with URLLoader. Although, I don’t remember any details.
On Feb 8, 2015, at 6:50 PM, Alex Harui wrote:
>
>
> On 2/6/15, 2:56 PM, "Nicholas Kwiatkowski" wrote:
>
>>
>> I have some time to implement the as3
On 2/6/15, 2:56 PM, "Nicholas Kwiatkowski" wrote:
>
>I have some time to implement the as3httpdlib this weekend if that is the
>direction we want to go.
Sounds good to me, go for it!
-Alex
Ok. Digging into this a bit more, the only time we will ever use HTTPS is
during the Installer Config download and the MD5s.
No reason why we need to be tunneling the Installer Config through HTTPS.
All it contains is localization strings for the current version. MD5 paths
(and all paths, really
On Feb 6, 2015 7:37 AM, "Alex Harui" wrote:
>
>
>
> On 2/6/15, 1:11 AM, "Tom Chiverton" wrote:
>
> >On 05/02/15 16:56, Alex Harui wrote:
> >> What do others think? IMO, for 3.2 we should just do the swap of an
AS3
> >> native HTTP implementation and not switch our urls to HTTP or add some
> >> c
On 2/6/15, 1:11 AM, "Tom Chiverton" wrote:
>On 05/02/15 16:56, Alex Harui wrote:
>> What do others think? IMO, for 3.2 we should just do the swap of an AS3
>> native HTTP implementation and not switch our urls to HTTP or add some
>> checkbox. Then we can get better data on how many problems t
On 05/02/15 16:56, Alex Harui wrote:
What do others think? IMO, for 3.2 we should just do the swap of an AS3
native HTTP implementation and not switch our urls to HTTP or add some
checkbox. Then we can get better data on how many problems that change
solved or if it introduces new issues. Not
e.org
>Cc: Paul Hastings
>Subject: Re: [Installer - FLEX-34251] Is SSK needed for load installer
>config?
>
>On Feb 4, 2015 8:09 AM, "Alex Harui" wrote:
>>
>> Another question for you guys, since I don’t have any expertise in this
>> area, would we in fact
I'd recommend against using the client to bypass the windows settings. If
we do, the we need to expose properties like Proxy Settings, and need to
deal with locations that disallow large TCP window sizes (for example,
users on AT&T DSL have to force their TCP Window size to 1440 instead of
1500 wh
Very weird. This time when I hit the link I ended up at
https://code.google.com/p/as3httpclient/
Which does show BSD, but last time I ended up at
https://code.google.com/p/as3httpclientlib/
Which shows MIT. I guess there is more than one version of AS3 Native
HTTP. Whoever works on it can pi
Weird, I see BSD instead of MIT... Maybe it shows one for the US, and
another for the world?
EdB
On Thu, Feb 5, 2015 at 4:25 PM, Alex Harui wrote:
>
>
> On 2/5/15, 12:23 AM, "Justin Mclean" wrote:
>
>>Hi,
>>
>>> Looks like it is MIT license so ok to use.
>>
>>It's BSD not MIT but that's also
On 2/5/15, 12:23 AM, "Justin Mclean" wrote:
>Hi,
>
>> Looks like it is MIT license so ok to use.
>
>It's BSD not MIT but that's also OK assuming you add it to LICENSE. [1]
Ugh. Did you find BSD somewhere? That could mean the authors didn’t
handle their IP carefully.
When I go to their site
+1 to http vs https.
-Mark
-Original Message-
From: omup...@gmail.com [mailto:omup...@gmail.com] On Behalf Of OmPrakash
Muppirala
Sent: Wednesday, February 04, 2015 11:11 AM
To: dev@flex.apache.org
Cc: Paul Hastings
Subject: Re: [Installer - FLEX-34251] Is SSK needed for load installer
On 2/5/2015 4:53 PM, Tom Chiverton wrote:
If people's Windows settings are incompatible with modern web sites
people as in "people who don't normally use IE". chrome reaches the config file
site just fine (ditto for firefox). as justin pointed out most developers aren't
big fans of IE, so thi
On 04/02/15 17:38, Erik de Bruin wrote:
Only if you think a man-in-the-middle attack that hijacks both the
download and the MD5 request is more likely than the bad guys having
backdoor access to the servers actually hosting those files. And given
the fact that those servers reside in the US and t
Hi,
> Looks like it is MIT license so ok to use.
It's BSD not MIT but that's also OK assuming you add it to LICENSE. [1]
Justin
1. http://www.apache.org/dev/licensing-howto.html#permissive-deps
On 2/4/15, 11:41 PM, "piotrz" wrote:
>Hi Om, Alex,
>
>So can we just use this library ? Any license objections ? Or it is too
>big
>and better write our own logic ?
Looks like it is MIT license so ok to use.
-Alex
Hi Om, Alex,
So can we just use this library ? Any license objections ? Or it is too big
and better write our own logic ?
Om,
This is right link, because I see couple of links in google:
https://code.google.com/p/as3httpclient/
Piotr
-
Apache Flex PMC
piotrzarzyck...@gmail.com
--
View
On 2/4/15, 6:12 PM, "OmPrakash Muppirala" wrote:
>On Feb 4, 2015 5:33 PM, "Alex Harui" wrote:
>>
>> Sounds reasonable.
>>
>> The AIR downloading code via URLLoader just seems sensitive. Do we know
>> if we use AIR sockets and build our own http download protocol on top if
>> it will bypass th
On Feb 4, 2015 5:33 PM, "Alex Harui" wrote:
>
> Sounds reasonable.
>
> The AIR downloading code via URLLoader just seems sensitive. Do we know
> if we use AIR sockets and build our own http download protocol on top if
> it will bypass the IE libraries underneath?
Yes, it will. I use the as3http
Sounds reasonable.
The AIR downloading code via URLLoader just seems sensitive. Do we know
if we use AIR sockets and build our own http download protocol on top if
it will bypass the IE libraries underneath?
-Alex
On 2/4/15, 11:03 AM, "Nicholas Kwiatkowski" wrote:
>An option we could use is t
An option we could use is to try https first. If it fails, present the
user to drop down to http. This should take care of all use cases, yet
still allow the user control the security level...
-Nick
On Wed, Feb 4, 2015 at 12:02 PM, Alex Harui wrote:
> In another thread, I think Tom C says we
>>> In another thread, I think Tom C says we should be using https to
>>>deliver
>>> all of our bits, which we aren’t today. What do folks think?
>>
>>-1. We are already doing MD5 checks on downloaded artifacts. I am not
>>sure what benefit https is going to add here.
>
> It looks like we curren
g issues before could give that a try and
let us know if that does indeed fix the issue.
Neil
-Original Message-
From: Erik de Bruin [mailto:e...@ixsoftware.nl]
Sent: February-04-15 9:13 AM
To: dev@flex.apache.org
Cc: Paul Hastings
Subject: Re: [Installer - FLEX-34251] Is SSK needed fo
On 2/4/15, 9:14 AM, "OmPrakash Muppirala" wrote:
>On Feb 4, 2015 9:03 AM, "Alex Harui" wrote:
>>
>> In another thread, I think Tom C says we should be using https to
>>deliver
>> all of our bits, which we aren’t today. What do folks think?
>
>-1. We are already doing MD5 checks on downloaded
On Feb 4, 2015 9:03 AM, "Alex Harui" wrote:
>
> In another thread, I think Tom C says we should be using https to deliver
> all of our bits, which we aren’t today. What do folks think?
-1. We are already doing MD5 checks on downloaded artifacts. I am not
sure what benefit https is going to add
In another thread, I think Tom C says we should be using https to deliver
all of our bits, which we aren’t today. What do folks think?
-Alex
On 2/4/15, 8:37 AM, "Alex Harui" wrote:
>I thought the change to http was going to be in the
>sdk-installer-config-4.0.xml file but it turns out it isn’t
I thought the change to http was going to be in the
sdk-installer-config-4.0.xml file but it turns out it isn’t. When the
artifact is coming from the mirrors, the Installer uses https to get MD5
and the apache-flex-sdk-installer-config.xml file. Should we use http to
get the MD5s as well? If so,
Yes. This is purely an SSL issue in regards to new TLS certificates (other
cyptro methods were proven to be weak, so many sites/browsers aren't
supporting them anymore).
-Nick
On Wed, Feb 4, 2015 at 11:08 AM, Alex Harui wrote:
> Another question for you guys, since I don’t have any expertise i
However, we do need to verify that hitting HTTP doesn't cause too many
redirects (possibly to HTTPS), as I seem to remember that redirects
sometimes cause trouble for AIR and not to mention that we'd be back
to square one if that would happen...
EdB
On Wed, Feb 4, 2015 at 5:12 PM, Erik de Bruin
+1 here as well, especially since that would be an 'easyfix' ;-)
EdB
On Wed, Feb 4, 2015 at 5:11 PM, OmPrakash Muppirala
wrote:
> On Feb 4, 2015 8:09 AM, "Alex Harui" wrote:
>>
>> Another question for you guys, since I don’t have any expertise in this
>> area, would we in fact skirt around th
On Feb 4, 2015 8:09 AM, "Alex Harui" wrote:
>
> Another question for you guys, since I don’t have any expertise in this
> area, would we in fact skirt around this by hitting http for more of our
> downloads instead of https?
>
+1 to hitting http by default.
Thanks,
Om
> -Alex
>
> On 2/4/15, 8:0
Another question for you guys, since I don’t have any expertise in this
area, would we in fact skirt around this by hitting http for more of our
downloads instead of https?
-Alex
On 2/4/15, 8:05 AM, "Paul Hastings" wrote:
>On 2/4/2015 10:52 PM, Nicholas Kwiatkowski wrote:
>> Anything Vista+/Mac
On 2/4/2015 10:52 PM, Nicholas Kwiatkowski wrote:
Anything Vista+/Mac OS10.4+ has TLS turned on by default. It was made
available in XP, if you turned it on.
1.0 was on by default, 1.1 & 1.2 (guess the culprit here) weren't.
On 2/4/2015 10:30 PM, Tom Chiverton wrote:
TLS 1.x is fast becoming mandatory for SSL connections. This page
http://blogs.msdn.com/b/kaushal/archive/2011/10/02/support-for-ssl-tls-protocols-on-windows.aspx
has a chart showing TLS support by O/S, and indicates Windows 7 should
support it, I assum
Anything Vista+/Mac OS10.4+ has TLS turned on by default. It was made
available in XP, if you turned it on.
-Nick
On Wed, Feb 4, 2015 at 10:30 AM, Tom Chiverton wrote:
> On 04/02/15 15:23, Alex Harui wrote:
>
>> I wonder if on Windows, the Installer should pop an alert when finding a
>> downlo
On 04/02/15 15:23, Alex Harui wrote:
I wonder if on Windows, the Installer should pop an alert when finding a
download error and suggest that folks use Internet Explorer to hit the
failing download.
At the very least, it'll provide an immediate data point if they report
it, and may aid people
Hi Paul,
Thanks for finding that.
I wonder if on Windows, the Installer should pop an alert when finding a
download error and suggest that folks use Internet Explorer to hit the
failing download.
Thoughts?
-Alex
On 2/4/15, 1:08 AM, "Erik de Bruin" wrote:
>Please continue discussion on this is
The IE 'internet options' are actually the Windows internet options,
it's a left over from when IE was illegally tied to Windows.
The question is what are the default settings there - if the defaults
are for those options to be on we don't need to worry ?
Tom
On 04/02/15 09:08, Erik de Bruin
40 matches
Mail list logo