[theora] Seamless web video within reach
denver at ossguy.com
Tue Jul 28 15:25:26 PDT 2009
On Tue, Jul 28, 2009 at 6:16 PM, Gregory Maxwell<gmaxwell at gmail.com> wrote:
> On Tue, Jul 28, 2009 at 6:07 PM, Denver Gingerich<denver at ossguy.com> wrote:
>> I'm interested in feedback on my latest blog post, "Seamless web video
>> within reach":
> "From what I've heard, loading the Cortado applet requires the user to
> explicit allow the applet to run because it is not signed by a trusted
> CA. "
> No, if you use a completely unsigned cortado you get no permission
> request. However the applet can the only play media from the same FQDN
> as the applet itself was loaded from.
> If the applet is signed it can remote load. But this results in a
> scary warning. Signing by an official CA makes the warning less
> So you have Local Media+unsigned > CA signed > self-signed
Ok, fair enough. But to keep the simplicity of the solution I
some central FQDN that designers (through mv_embed) can refer to. So
we will need the Cortado applet to be CA-signed.
> Java works pretty widely on IE. Okay, lets say 20% it doesn't work on.
20% of 60% still gives us 12% of all Internet users that can't play
Theora. That's pretty big and not very competitive with Flash
deployment. This is the main reason I'm hoping to get the VLC ActiveX
control in better shape.
> As of so far my experience with VLC plugin has been pretty negative.
> Older versions were a pretty much guaranteed client crash and I'm not
> sure if its possible to differentiate safe vs unsafe versions easily.
> There will also never be a user-interaction free way to load the
> activeX as that would be a malware author's dream come true.
> Fortunately, as was discovered with Flash, if you nag enough
> eventually the user will click to install.
Yes, that's what I'm hoping. With CA signing, we can make the process
at least appear safe, even if the user still needs to click "Install".
More information about the theora