I have a long time searching for security on SQLite database, as far as I know encryption was a commercial extension for SQLite and not sure whether Adobe will implement it for AIR SQlite engine. It really a great news now Adobe AIR 1.5 support encrypted SQLite database. Thanks, Adobe AIR team.
I got a hard time to realize a team to develop a large RIA desktop application, not only myself should understand how important usability is, but also other team members even juniors and bosses.
New Feature Requests
We all understand application development change very often. It happens for every team, bosses will add new features never discussed before and marked as ‘very important’. Problem is, for a desktop application, new features usually means redesign at least some parts of UI, also can break user experience if no enough usability discussion and clearly understand what user will expect (which very often is different with the new feature defined), not only designer but also developer have to change a lot. For example, add some new feature without enough space on UI, new behavior in one component which UI should update other relative components at the same time. Not only we need time for new features, bad definition can result arguments between team members and boss, which actually conflict between what boss expect and what user expect in real application.
Designer and Usability
Designers has a good feeling of usability, problem is designers not the person produce the application, and usually designers can design single UI but not the running UI, so it quite often developers have to feedback some design problems. For me I will try to discuss thoroughly before write code, understand what designers want and what will happen in real application that can affect user experiences. Discussion of user experiences between designer and developer should be as early as possible.
Also, designer have to test application from time to time, to find usability problem early and try to fix it.
Junior Developer and Usability
Juniors usually need time to learn and get improved, thinking about usability also hard for them. Problem is user experience is about whole application not parts which experienced developers working on, without fix major usability problems, application can never give anybody good user experiences. Try to ask new developers to catch up more tasks than what they can without fix enough usability problem, is a disaster for the whole application sadly.
Shocked by Doug Mccuue’s post, I decided to have a test on obfuscation and decompiler together, to see how safe my own Flex/Air code bases.
For a long time I was impressed by SWF Encrypt, although it’s not a real encryption, should be something interest if it can obfuscate code well for me.
In AS2 days I used to use the free Flare written by Igor Kogan, it was a great tool to help to search where co-workers hide their code inside FLA files. But now I need a AS3 version it no longer support. I read a post by Lee Brimelow about Sothink decompler several months before, so I would like to give it a try.
Test
SWF Encrypt trial version let me try 25 times, I made a secure swf from my AIR swf file.
Sothink Decompiler can read my origin AIR swf file easily, include almost all assets and code packages. Unfortunately the trial version do not let me check source code.
I found code structure in Sothink quite clear and accurate matching my own code base. I decided to buy it as the price not a problem $79.
Result
From my original AIR swf file, Sothink can read almost all my code, that….hell!
From secure AIR swf file, Sothink again, read most of my code, only several properties and function names hide.
Conclusion
First, the dark side, our code is definitely not safe.
Second, I do not feel SWF Encrypt doing its own job, I hope it can at least change my property/function names so even decompilers can take out all code, still hard to understand. SWF Encrypt really hide several properties/function names, but only very few of them.
Third, I found Sothink useful. Flex framework itself is a giant code base, Sothink decompiler code give some other code we cannot see and realize in MXML files.
Update: finty is right. I forgot Flex compiler can generate source code itself.