Brandon Sterne from Mozilla recently published interesting proposal which could hopefully make web a bit safer place for regular Joe. Proposed Site Security Policy framework would allow sites to describe how content in their pages should behave. For instance you could filter valid sources of JavaScript on the page, request targets (preventing page content from making outbound communication to other sites) or valid request sources. Even log security alerts. Current proof-of-concept Firefox extension only handles policy defined trough HTTP headers. That could potentially bring more traffic on high load sites, than for example crossdomain.xml which Flash loads from so call "well known location" (like favicon.ico or robots.txt) and which can be cached.

This is by no means ultimate protection, or server protection of any kind. It still can be avoided by malicious users but it could potentially bring an thin layer (but still a layer) of user protection against Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF) attacks.

Idea is everything but new. Five years ago, Flash Player 7 introduced policy files used for cross-domain data loading access control (crossdomain.xml). Current Flash Player 9 went even further in new functionality introducing stuff like meta-policies and so on.

Join the discussion on mozilla.dev.security.

Cartography and satellite images never stop to impress me. Ingenious usage of it to be more precise. I freaked out first time I saw Goggles, and today I found this - Gamequakes Driving Simulator. It's a really nice and fast implementation of Google Maps API for Flash. But I think Goggles got it better with an airplane.

btw, click here and put this in background while you are playing to understand the full potential of this post title. :) Not!

A week ago we released sutra.hr news site.

It is a news-like social site where users as well as professional journalists write and submit stories related to anything happening in Croatia and World. Population can comment on the stories, as well as rate the story and any comment. Behind this simple idea is a myriad of issues that had to be solved. Embedding video, image galleries, users interaction, messaging system, administration and front-end administration, and whole backend (our beloved Vudu) enabling journalists and site admins to run the site smoothly.

Front end administration of comments enable admins to solve problems on the spot.

Big innovations were made in the Vudu backend allowing journalists to write articles, send them to proofreading and additional editing without any fears that the production line will be broken or that the article will suffer some damage on the way. As soon as someone enters into article, it locks and can be edited by only 1 person at the time. This prevents that changes that were made by one person get overridden by someone else. With tons more featured added to the Vudu, the little menace can now handle complex news portals with ease.

Just a small shot of Vudu powering the backend.

Frontend also received some pretty smart items raising the standards to the new high. One of the biggest innovations, that we so far could not find anywhere on the web, is the "Reply & Alpha™" commenting system. Most of the sites enable users to add linear comments to the article. Since Sutra.hr is pretty heavy on user comments, we had to allow users to communicate with more meaning, so we enabled Reply to an individual comment. By itself this also is nothing too new, Digg introduced Reply on comments a few weeks ago as well, however, due to Croatian temper (hot hot hot) we had to limit the depth of replying otherwise flame wars could go on forever. So, we came up with an idea to start making each depth more and more transparent in order to discourage users in endless flaming. Resulting, users say what they have to say on the second or third depth level, seeing that the more they prolong, the less visible and less noticeable their comment is. Users figured out this, and it is working really well so far.

Going, going, going, gone on the level 7 with HTML/CSS, not Photoshop

In the next updates we will introduce more cool stuff to the commenting, one of the biggest being the ability for users to make zero-level comment branches with all of it's replies "sticky", so that the whole branch appears to a user on the top of first page of comments. Basically, users don't have to dig through pages of comments to find conversation that they follow, instead they can just pop it up to first place. Nifty stuff, eh?

We will keep you updated, since this is growing into one kick ass project.

I spent couple of hours trying to figure this one out, so at the end of my thorny journey I decided to share this with all of you.

I have a lot of old standalone projector AS2 Flash 8 projects. Each one begins with fscommands that switch player to fullscreen and setup rest of the stuff.

fscommand("allowscale","false");
fscommand("fullscreen", "true");
fscommand("trapallkeys", "true"); 
fscommand ("showmenu", "false");

escKey = {};
escKey.onKeyDown = function(){
    if(Key.getCode() == Key.ESCAPE){
        fscommand("quit", "");
    }
};
Key.addListener(escKey);
fscommand("trapallkeys", "true");

fscommand("trapallkeys", "true");

was causing problems. After commenting that line out everything worked fine... except capturing of key events - a major factor to my game.

But, BEHOLD! Few hours later, a magical combination of TRUE, true, and false, FALSEs, finally worked out:

fscommand("allowscale","FALSE");
fscommand("fullscreen", "TRUE");
fscommand ("showmenu", "false");
fscommand("trapallkeys", "true"); 

Why is this happening, I don't, but I am glad I made it work. More people reported similar problems with fscommand in Flash 9:

• FSCommand and getURL Bug in Flash Player 9 - Northcode Inc.
• FSCommand EXEC is Broken in Flash CS3 - Northcode Inc.

I remember BuzzWord back some time ago when it was in early beta. It was shiny and you could write text and make it bold. But, when Adobe acquired Virtual Ubiquity last October, the project gained significant momentum. Behold the Adobe’s Online Office Suite - Acrobat.com. To make a full circle around the web and back, Adobe released Acrobat 9 which is now more than just internet aware with full support for Flash! (Good God.. we all need new hardware now!).

I don't use online office apps and I never will but I do not underestimate the great potential in them. Google, Microsoft, Adobe... All high rollers have a suite of their own and each has a benefit of their own. Google did brilliant job with their own xhtml/css/javascript tools, and now Adobe with their Flash RIA counterpart. But if I would have to choose, I would definitely choose Google, if not for speed, then for their abnormal server network.