Wednesday, 21 December 2011

Tackling Flash Player Security Issue

The flash player security settings is a headache for many developers who do not want users of their products to go through the ordeal of having to play with the security settings to allow a SWF object to ''communicate with an internet location'' especially when they are accessing the object locally (on hard drive, pendrive or a CD-ROM). The message will read like Flash is having to do some potentially unsafe operation and something is trying to connect to an internet location bla bla...

Users will then either have to edit the security settings to make the location from where they are accessing the SWF (hard drive, pendrive or a CD-ROM) a trusted location, or to access the adobe site and to change the settings from the panel provided on the Adobe site. If the security settings are not edited then buttons or actionsripts might not be able to run thereby creating usability problems in the applications.



 If the product that is developed will later be hosted on the web, then users will not have the issue of trusted file settings. However if the product is to be deployed on CDROM and accessed via a browser (offline browsing) then it may experience issues.

We have found a more elegant solution than having the user to manually change settings. However we need to admit it is not the best one and not necessarily acceptable to everyone. It is rather strange. 

After searching a lot on the computer, we have that the Flash player has a folder on the computer where trusted file settings can be stored. If you go through to the 
c:\windows\system32 folder, there is a folder called Macromed and inside it a folder called Flash. This is the folder where the Flash player is installed. Now to make a particular location 'trusted' manually, there is a folder called FlashPlayerTrust in the folder Flash. If the folder does not exist create a folder called FlashPlayerTrust. Then insert a text file in that folder with the locations that you want to be termed as trusted. Let us assume that the file you create is named myTrust.txt and the content you want to trust is the whole of the C: drive, the file will contain only one line of text and it is 'c:'. This means all folders and subfolders in the c: drive will become trusted. Of course you can also specify only specific locations rather than the whole of a drive. To add other locations just press enter and write in the path in your text file. 

Now the issue is how to automate this process if you are packaging your product on a CD. The solution is to include the text file on your CD and write a batch file that will copy the text file (through an xcopy command for instance) from the CD to the  
 c:\windows\system32\macromed\flash\flashplayertrust folder when the CD is autorun. If you have a 64-bit windows 7 OS, you need copy to sysWOW64 folder instead of the system32 folder.

The problem that your batch file will now face is that you will get an access denied message because of permissions to write to the system32 folder. To achieve this, you will need use a professional  autorun software like autorunpro.exe and it will work fine.

Your autorun.inf file will be as follows:
; /s parameter no longer needed for version 1.2
; Here are some sample uses for Autorunpro. It keeps processing Them in Run1..RunN order until it doesnt find one.

Now create your file supposedly called trustfile.txt 
The problem now with XCOPY is that if the directory FlashPlayerTrust does not exist, it will prompt the user whether it is a directory or a file. We do not want this to happen as we want the process to be as smooth as possible for the end user.

There is a trick to that. We use the parameter /I /Y but this will only work if there is more than 1 file being copied. 

So we create another file called trustfile2.txt.

When we use the XCOPY command, to specify both files we use the wildcard * after the word trust. So it will copy trustfile.txt and trustfile2.txt. In this way it will create the directory flashplayertrust without prompting the end-user to specify if its one or not.

Your batch file as follows (in this example we are using firefox portable):

@echo off
xcopy /I /Y trust*.txt c:\windows\system32\macromed\flash\FlashPlayerTrust
xcopy /I /Y trust*.txt c:\windows\sysWOW64\macromed\flash\FlashPlayerTrust
cd firefoxportable
firefoxportable index.html

The solution has worked and the flash player security message does not appear.

Wednesday, 14 December 2011

Is it necessary to monitor attendance in Universities?

Honestly, I do not even think its an issue. University students are adults and more and more we are enrolling students who are mature and are working professionals, and family heads etc. Yet in a University we might still find people arguing the importance to monitor attendance as if we are dealing with primary school infants (where attendance monitoring provide clues for broader social issues) and secondary school adolescents (where attendance monitoring is more to ensure that in this vulnerable age, those adolescents are safe and sound). That is all about it!

It is unreasonable to say in the 21st century, (i would even go as far as treating this absurd) that forcing a student to attend classes will maximise his chances of passing the exams. Personally if I take my own case when I was a student, if I have to agree with the belief that attendance make people pass, I will find myself in a situation where it will be more like ''fais ce que je dis mais ne fais pas ce que je fais!'' because as a University student in my undergraduate studies, I rarely attended classes and yet I passed! Afterall, why would I attend classes when all i had to do in them was to copy as fast as i can the slides which the lecturers had photocopied from books and which could easily have been distributed to students? I was wiser because I just took the notes of my friends, photocopied them and then learnt the same notes when I was in a better environment to learn!

At the same time when we think of the concept of distance education that exists for more than a century now, the concept of attendance is irrelevant. What is important is the type of pedagogical design, the way we design learning activities and get students to engage in them and most importantly is about how we empower students to become responsible of their own future. 

Look at the video below, and ask ourselves "why do we need to sit a class like in a compact farm to listen to the something of lesser quality than what can be disseminated through other media??"

When we get the lecture, interactive activities, and notes in abundance online, how will sitting in a classroom and engage in a mad race to copy faster than our peers help us to better pass the exams? May be Newton or Einstein would have been able to find a scientific explanation to that....... 

Of course the arguments above should not me mistaken as a critic for face-to-face meetings but its just absurd to take stock of the number of f2f meetings and directly relate that to pass or fail or the quality of teaching. Rather the focus should be on what is to be done to improve the quality of learning.

Thursday, 1 December 2011

Inside Job - the best documentary film I watched in 2011 so far....

It talks of the financial crisis in general about all those thieves in Wall Street who enriched themselves by destroying the financial institutions they were themselves CEO and therefore making investors lose all their money....

But the most important part of all as highlighted in the documentary, was how financial institutions corrupted Economics Professors of renowned universities to make them write false reports, papers with fake results to justify the need to deregulate the financial sector and even after the crisis the corruption is continuing to make them write and take position against proposed reforms. 

Academics are receiving as much as 150000 USD to publish one paper..

When we think that we are asked to publish in those supposedly highly reputed journals to get promotion, where our work will be reviewed by possibly corrupt academics...........The same academics were supposed to have academic freedom and agents of free inquiry, but in reality the same people were members of administration boards of financial institutions...