|
|
Hello from Scotland Hi Folks, this site was mentioned in responses to my posts to the Apple Quartz Composer list. I have about twenty years software development experience. I've developed corporate applications and web sites from COBOL and 4GLs on Unisys and OS 390. More recently I've spent the last ten years doing web development and realtime networking apps with Java, Spring, Oracle, etc. I've been up to the eyeballs in the Java open source framework mess and I've pretty much had enough of it. OS X has been a major eye opener. It's the future I think. Time to get into something new and this looks like a very exciting area. So, nice to meet you all. What I've seen so far of Quartz Composer and the associated APIs has really been inspirational. Not only that but people have been very helpful in responding to my newbie questions. I get stuck but it's never long before someone lends a helping hand. Anyway enough of me rambling on.... Cheers, Max
|
Welcome to Kineme! It's a nice little community- I'm sure you will find it fun and usefulin equal measure!
a|x http://machinesdontcare.wordpress.com
Welcome indeed.
I wonder, does Quartz Composer seem like a mix of known and unknown to a fairly experienced software professional, such as yourself :-) .
Oh, and seeing as you are obviously steeped in the Java brew [albeit looking for a breath of fresh air], have you checked out the use of a signed digital certificate to support the wrapping of a Quartz Composition within a Java Applet ?
I'd heard about such an exploit but can't find the current link for the post about it.
Hi there, not sure about how to wrap a composition. Here's some info on signing applets though...
http://java.sun.com/j2se/1.4.2/docs/guide/plugin/developer_guide/rsa_sig...
Cheers, Max
The url of the exploit and some surrounding security implications is Here NaturalBirthing.info's blog
cybero... I was getting ready to jot a post on "it's not the way people describe it", but this was really well written... the best written article on this I've seen and cleared up one point for me as well.
Welcome to the forum!!!
This was all taken care of before Leopard came out (and perhaps before I even purchased my first mac...) :)
For my own clarity on this... this is why I have some "old" qtz's that rely on swf's that worked, but no longer work... that function was lopped off as part of the bug fix - or do I have that entirely wrong?
I think you're combining two issues.
The issue noted above (a simple Video Input -> billboard composition embedded into a movie) was a "security risk." -- because video input was made available, it was conceivable that a malicious composition could do bad things (encode a video frame as a huge URL, and attempt a download to "send" an image -- this would be wildly inefficient and very cumbersome, but possible). I think there were also quirks that made the frame data available to the applet (due to some QT loopholes or something?), which was a bigger risk (Java's faster, and no malicious composition necessary). Java Applets are supposed to be sandboxed from the actual system (no file system access, only able to access a small subset of URLs, etc). Providing video input to that environment is a hole in teh sandbox.
SWF in QC (via the Movie Loader) was a different issue -- QT used to have a flash player built in. However, Apple removed that functionality sometime in Tiger (?) because of some hand-waving excuses about user experience or something. I'm not sure what the real reason was, but it might have been security issues, licensing issues, implementation issues, or something else entirely (or some combination thereof).
So, while both "problems" involved QuickTime (through QC), they're rather unrelated.
(this is all off the top of my head, and might be skipping over important details)