Adobe onAIR London 2008 (Afternoon)

Review: onAIR London 2008 - Afternoon Sessions at onAIR London 2008, The Brewery in London, 52 Chiswell Street, London 12:15 to 17:00

Deploying and Updating AIR Applications (Serge Jespers) - Serge covered the nuts and bolts of deploying AIR applications. He demonstrated the user experience of installing signed vs unsigned applications, and the $299 dollars a year for a code signing certificate is probably worth it if you're going to develop AIR apps regularly. Next he talked about deployment, which involved a discussion of 'Install Badges' - basically flash movies embedded in a web page. The basic one will just run the installer, but there's a more advanced one available, in beta form, on Adobe Labs which adds functionality to check and see if your app is already installed, and tries an update instead of an install if so.

Adobe AIR API Overview (Daniel Dura) - Daniel took us on a potted tour of the AIR API, highlighting some of the 'cool bits'. He started off in the Window API and discussed transparency - so you can create irregularly shaped windows with custom controls - and he demonstrated that it was 'real' transparency by interacting with the desktop through the gap. He then talked about the SQLite API, which lets you achieve Google Gears type things within your app before concluding with some discussion of the integration between AIR and the native OS drag and drop mechanisms.

Extreme AIR development: From concept to TechCrunch in 5 Days (Jeremy Baines) - On to the first lightning talk, Jeremy talked about the rapid development of his AIR app, Alert Thingy, unfortunately the demo went a bit pear shaped.

Developing Secure AIR Applications (Oliver Goldman) - This was one of the more important talks of the day. All the cool apps and transparent windows are fun and shiny, but you want to be fun and shiny while not simultaneously turning your user's machine into a node in a giant spam botnet. The AIR runtime has two security domains - the one where your application code runs, the Application Security Domain, has certain 'dynamic' features, such as eval, innerHTML and <script> elements, disabled to help you avoid shooting yourself in the foot with any imported content (which runs with the loader's privileges). Loaded content, in frames or iframes or loaded by loader.load in a Flash movie, runs in a sandbox by default, the Remote Security Domain. This means it does have eval and friends enabled, but it doesn't have access to all the cool AIR desktop integration stuff. In order to give your loaded content access to those features you have to use the sandbox bridge functions to explicitly make methods available. The final point the Oliver made is that an update function should be part of your security strategy - if security holes are found in your AIR application you've got to have a reliable method for pushing the fixes out to your users, therefore 'check for updates' and associated logic should be included in your first release.

Using JavaScript Frameworks in AIR Applications (Andre Charland) - We were on to the 'short talks' now. Andre discussed how you could easily adapt most popular AJAX/Javascript libraries for us in AIR apps and discussed some of the things they were good for (keyboard shortcuts, activity indicators, window operations when chromeless, mouse hints and tooltips).

BBC News & Sport on Air (BBC) - Three guys from the BBC gave a quick overview of their corporation's history of desktop applets for easy access to website updates and contents, and how the early clients had evolved into the current/new AIR prototype application, which looked quite neat.

Google Analytics on AIR (Nicolas Lierman) - Nicolas has reverse engineered Google Analytics (though now in full co-operation with Google) to produce an AIR desktop analytics application. Quite interesting as an intellectual exercise, I didn't see any clear advantages over the web interface though, and it seems you have to have it on blue gradient background instead of a nice clean white.

Why an Ajax Guy is Excited About AIR (Dion Almaer) - Dion talked about the future of the web and how AIR and Google Gears are complementary technologies. Contrary to popular belief, Google Gears is not "all about offline" - it is a collection of small improvements to the browser API and a testing/proving ground for some HTML 5 APIs. Basically a way of making parts of tomorrow's world wide web available for web developers to use today.

AIR Conditioning (Lee Brimelow) - the day ended on a light hearted note as Lee gave a lot of amusing examples of applications you shouldn't create in AIR just because you can. My favourites were the world's smallest video player and the little app which moved the window out from under the mouse so you couldn't close it. Not much in the way of technical content, but an enjoyable way to end nonetheless.

I didn't enjoy the afternoon so much, and at the time I felt like it was a bit lightweight compared to the morning, and also that the presenters were starting to repeat stuff from earlier in the day. However, looking back in review I think my perception was mostly due to the later afternoon where the flow was lost a bit with all the shorter presentations - it maybe would have been better to spread the shorter talks out among the longer ones rather than clumping them all together like that (ie. one long and one short talk per session between coffee breaks). Still plenty of good stuff, and more free food at the end &#58;&#41; so 4.5 out of 5.

Technorati tags for this review: