On Feb 10, 2013, at 6:13 PM, Alex Harui wrote: > > > > On 2/10/13 8:00 AM, "Harbs" <gavha...@gmail.com> wrote: > >> This is degenerating into a discussion that should probably move to the user >> list, but... >> >> TLF is a must, but the whole TLF library shouldn't be more than 180-190 KB. >> >> Nothing like Datagrid is being used. I have a bunch of RichEditableText >> components that I will probably factor out. That might help... On an aside, >> it >> seems to me that the text components (even the spark ones) are pretty bloated >> and over-engineered. I'm thinking of making some lightweight components for >> my >> own purposes. Does anyone else see a need for lightweight versions? >> >> The only two mx components being used is ColorPicker and Alert. With the >> newest release, I should be able to replace those two. I do have one Canvas >> component in use because I couldn't get the behavior I needed with >> BorderContainer. Maybe I'll revisit that. The odd thing was that switching to >> "Spark only" did not bring up any errors for the Canvas component. > And the first screen of your demo app doesn't seem to use multi-line text, > so I would make sure Label is being used for all text which does not require > TLF so you can load it later.
That's a no-go. TLF is required for rendering of the text on the page… > >> >> >> On Feb 10, 2013, at 5:47 PM, Nicholas Kwiatkowski wrote: >> >>> The caching rules of RSLs and SWFs are for the most part, are the same. >>> >>> Depending on your IDE, you may be able to build a dependency tree, which >>> should help you determine where your bulk is coming from. I find that >>> certain components (mx:DataGrid, for example), add in about 250k just for >>> being there because of all the things it depends on. Some of the Spark >>> text components are equally as heavy because of their dependence on the TLF >>> stuff. If you could stop using all of the halo components, you will >>> probably be much better off as well. >>> >>> -Nick >>> >>> >>> >>> On Sun, Feb 10, 2013 at 10:41 AM, Harbs <harbs.li...@gmail.com> wrote: >>> >>>> The numbers were for release. >>>> >>>> The debug size using RSLs is about 1 MB. >>>> >>>> I'm not really sure if modules can help. There are not many modular >>>> components in the app. Maybe I can load the image browser as a module, but >>>> I don't know how much of a difference that will make. There are a number of >>>> palettes that might be candidates. I'll see what I can do on that front, >>>> but I don't have high hopes. My bigger concern is really the Flex libs >>>> which have more bulk than the whole app... Is there a good way of figuring >>>> out where the bulk is coming from? >>>> >>>> If I'm reading you right, the caching of swfs is actually more persistent >>>> than the caching of unsigned RSLs. Right? >>>> >>>> On Feb 10, 2013, at 5:19 PM, Alex Harui wrote: >>>> >>>>> The only advantage to un-signed RSLs is if you serve more than one SWF >>>> that >>>>> uses them from your domain. SWFs end up on disk in a browser cache (if >>>>> there is one and within the limitations of that cache) so then there is a >>>>> probability you won't have to download some code. >>>>> >>>>> Apache Flex will hopefully release often. The Framework RSLs were >>>>> version-specific, so releasing often further lowers your chances of any >>>>> benefit even if we did have a way to serve cross-domain RSLs. >>>>> >>>>> I suppose we could try to host RSLs at some known place, but browser >>>> cache >>>>> limitations would still apply, and you'd want a custom domain name >>>> otherwise >>>>> you'd expose yourself to cross-domain scripting. >>>>> >>>>> Are your SWF size numbers for release mode or debug mode? Using modules >>>>> carefully can lower the size of the initial load. >>>>> >>>>> >>>>> On 2/10/13 6:54 AM, "Harbs" <harbs.li...@gmail.com> wrote: >>>>> >>>>>> Okay. Like you said this sucks. >>>>>> >>>>>> I'm looking to moving from Flex 4.5 to 4.9 in the next few weeks. I just >>>>>> changed my compile settings to merge instead of using RSLs and the app >>>> went >>>>>> from a little over 600 KB to 1.4 MB. :-( >>>>>> >>>>>> I clearly have a lot of work to do removing dependency on a lot of >>>> classes and >>>>>> getting rid of dependency on mx components (I have a very few in use, >>>> but the >>>>>> ones that I'm using will be hard to replace with Spark.) >>>>>> >>>>>> I'm still not sure why Flash can't cache third party signed RSLs, but >>>> there's >>>>>> not much to be gained by kvetching about it. I doubt they'll add that >>>> as a >>>>>> feature to FlashŠ >>>>>> >>>>>> Harbs >>>>>> >>>>>> On Feb 10, 2013, at 4:37 PM, Nicholas Kwiatkowski wrote: >>>>>> >>>>>>> When I say signed, I'm meaning signed by Adobe. There really is >>>>>>> little benefit to sign an RSL with our certificates, as they are in >>>> the web >>>>>>> of trust of the Flash Player. >>>>>>> >>>>>>> From what I've been told, unless it is signed by Adobe, it is not in >>>>>>> the persistent cache, so it is not cached on disk, period. This is >>>>>>> regardless of the domain that it is on. >>>>>>> >>>>>>> This came up VERY early on (maybe even at the Tech Summit -- I don't >>>> know, >>>>>>> I wasn't there), and Adobe was pretty straight forward that this was >>>> going >>>>>>> to be the case. Questions came up about having them sign it, but they >>>> did >>>>>>> not want to dedicated the resources to do it. Looking back, it would >>>> have >>>>>>> been a pain to have to submit our releases to Adobe for their complete >>>>>>> review before we could do anything -- potentially holding back our >>>> releases >>>>>>> weeks or months. >>>>>>> >>>>>>> It was seen as a majority of the Flex work was moving to mobile. On >>>> AIR >>>>>>> with mobile, there is no concept of RSLs (everything is embedded >>>> within the >>>>>>> final executable), so it was seen as less of an issue. >>>>>>> >>>>>>> -Nick >>>>>>> >>>>>>> On Sun, Feb 10, 2013 at 9:27 AM, Harbs <harbs.li...@gmail.com> wrote: >>>>>>> >>>>>>>> Bah! So they're totally useless. >>>>>>>> >>>>>>>> swfs are also cached by the browser for that session. Correct? >>>>>>>> >>>>>>>> Is there any logic to not caching RSLs for the domain that loaded >>>> them? >>>>>>>> >>>>>>>>> Only signed RSLs are cached on disk. >>>>>>>> >>>>>>>> Signed meaning signed by Adobe. Right? There's no way to sign a RSL >>>> with >>>>>>>> an SSL or code signing certificate. Is there? >>>>>>>> >>>>>>>> On Feb 10, 2013, at 4:19 PM, Nicholas Kwiatkowski wrote: >>>>>>>> >>>>>>>>> They are downloaded once per domain, per session. If you visit >>>> domain >>>>>>>>> x.comtwice in a session (as defined by your browser), then it will >>>>>>>>> stay in >>>>>>>>> memory. If you close your session (typically by closing your >>>> browser), >>>>>>>>> then it will be cleared from memory. >>>>>>>>> >>>>>>>>> Only signed RSLs are cached on disk. >>>>>>>>> >>>>>>>>> -Nick >>>>>>>>> >>>>>>>>> On Sun, Feb 10, 2013 at 9:01 AM, Harbs <harbs.li...@gmail.com> >>>> wrote: >>>>>>>>> >>>>>>>>>> I apparently missed this. Yes. It does suck. Are RSLs reloaded every >>>>>>>> time >>>>>>>>>> for a specific domain, or is it just a cross-domain issue? >>>>>>>>>> >>>>>>>>>> If I use RSLs for Flex 4.9 and I update my main app, do the RSLs get >>>>>>>>>> downloaded every time, or will the RSLs from my domain be reused? Is >>>>>>>> there >>>>>>>>>> any point in using RSLs at all? >>>>>>>>>> >>>>>>>>>> On Feb 10, 2013, at 3:56 PM, Nicholas Kwiatkowski wrote: >>>>>>>>>> >>>>>>>>>>> Adobe has (had?) a pretty good explanation on their Flash >>>> Whitepaper. >>>>>>>> It >>>>>>>>>>> boils down to this : >>>>>>>>>>> - They are no longer in control of Flex >>>>>>>>>>> - They are no longer doing security reviews of the source code >>>>>>>>>>> - They have to sign the Flex package with their security >>>> certificate in >>>>>>>>>>> order for it to be stored in the Flash RSL Cache >>>>>>>>>>> - They won't sign it anymore because they would be responsible for >>>> any >>>>>>>>>>> security issues that may come out of it. >>>>>>>>>>> >>>>>>>>>>> Yes, it sucks, but unfortunately, we have to live with it. >>>>>>>>>>> >>>>>>>>>>> -Nick >>>>>>>>>>> >>>>>>>>>>> On Sun, Feb 10, 2013 at 8:49 AM, christofer.d...@c-ware.de < >>>>>>>>>>> christofer.d...@c-ware.de> wrote: >>>>>>>>>>> >>>>>>>>>>>> I have to admit, that I don't quite understand what the inability >>>> to >>>>>>>>>>>> create signed rsls has to do with the usage of rsls themselves. >>>>>>>>>>>> >>>>>>>>>>>> The problem is that the Flashplayer is able to install rsls that >>>> are >>>>>>>>>>>> signed by Adobe. Usually the Adobe FDK rsls were also available in >>>>>>>>>> signed >>>>>>>>>>>> versions (swz files). These were dynamically loaded the first time >>>>>>>> they >>>>>>>>>>>> were needed and installed by the Flashplayer. The second time the >>>> libs >>>>>>>>>> were >>>>>>>>>>>> needed the installed versions were used reducing the download time >>>>>>>>>>>> dramatically. Now the problem is that Adobe won't sign Apache >>>> SWCs as >>>>>>>>>> they >>>>>>>>>>>> are no longer in charge of the libs code (Understandable). Giving >>>>>>>>>> Apache a >>>>>>>>>>>> key to be able to also create signed RSLs would eventually open >>>>>>>> serious >>>>>>>>>>>> security problems because a signed manipulated swz would be used >>>> by >>>>>>>>>> every >>>>>>>>>>>> other website using the same version of a given lib. >>>>>>>>>>>> >>>>>>>>>>>> Coming back to the RSLs ... The difference between a signed and an >>>>>>>>>>>> unsigned RSL is just, that the unsigned rsl is loaded on every >>>> visit >>>>>>>> of >>>>>>>>>> a >>>>>>>>>>>> user. As far as I know there is no other difference. So I don't >>>> quite >>>>>>>>>>>> understand why the lack of availability of signed rsls should >>>> have any >>>>>>>>>>>> effect on built applications and the default linking type. >>>>>>>>>>>> >>>>>>>>>>>> Chris >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -----Ursprüngliche Nachricht----- >>>>>>>>>>>> Von: Harbs [mailto:harbs.li...@gmail.com] >>>>>>>>>>>> Gesendet: Sonntag, 10. Februar 2013 14:19 >>>>>>>>>>>> An: dev@flex.apache.org >>>>>>>>>>>> Betreff: RSLs and signing >>>>>>>>>>>> >>>>>>>>>>>> I did not realize that Apache Flex does not use RSLs by default. >>>>>>>>>>>> >>>>>>>>>>>> What's the story with signing? Is that an issue with cross-domain >>>>>>>>>>>> security? Is there any way to get an Apache signature approved for >>>>>>>>>> Flash? >>>>>>>>>>>> >>>>>>>>>>>> Either way, I'd imagine I'd want RSLs for the simple reason that >>>>>>>>>> updating >>>>>>>>>>>> apps should result in a smaller download. >>>>>>>>>>>> >>>>>>>>>>>> Harbs >>>>>>>>>>>> >>>>>>>>>>>> On Feb 9, 2013, at 9:00 AM, Alex Harui wrote: >>>>>>>>>>>> >>>>>>>>>>>>> The default setting for Apache Flex is to not use RSLs because >>>> Adobe >>>>>>>>>>>>> cannot sign the Apache Flex RSLs. That's probably why your SWF >>>> is >>>>>>>>>>>> bigger. >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> On 2/8/13 10:31 PM, "grimmwerks" <gr...@grimmwerks.com> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>> Hey all - long time listener first time caller. >>>>>>>>>>>>> >>>>>>>>>>>>> I've taken a project that was originally 4.6 and I flipped it to >>>>>>>> 4.9; >>>>>>>>>>>>> comparing the same code on two computers - when I build with >>>> the 4.6 >>>>>>>>>>>>> sdk I get a swf of 304k (with all the other extraneous libraries >>>>>>>> such >>>>>>>>>>>>> as osmf, mx, sparkspins, etc) -- whereas with 4.9 the main sf is >>>>>>>>>>>>> 1.1mb -- that's a huge difference with no other changes in code >>>> no? >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Garry Schafer >>>>>>>>>>>>> grimmwerks >>>>>>>>>>>>> gr...@grimmwerks.com >>>>>>>>>>>>> portfolio: www.grimmwerks.com/ >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> Alex Harui >>>>>>>>>>>>> Flex SDK Team >>>>>>>>>>>>> Adobe Systems, Inc. >>>>>>>>>>>>> http://blogs.adobe.com/aharui >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>> >>>>>>>> >>>>>> >>>>> >>>>> -- >>>>> Alex Harui >>>>> Flex SDK Team >>>>> Adobe Systems, Inc. >>>>> http://blogs.adobe.com/aharui >>>>> >>>> >>>> >> > > -- > Alex Harui > Flex SDK Team > Adobe Systems, Inc. > http://blogs.adobe.com/aharui >
