[theora] bad news: IE9 with HTML5+h264

[Lino Mastrodomenico]

2010/3/18 Michael A. Peters <mpeters at mac.com>:
> IMHO Mozilla should go the GStreamer route.

No, they really shouldn't. Even if we somehow pretend that software
patents don't exist, supporting arbitrary media codecs on the web
using any kind of installable extensions/plugins is the wrong thing to
do for *any* browser.

Because it poses two huge security problems. First there are *a lot*
of codecs supported by these systems and, unlike Theora and Vorbis,
many of them have not been heavily reviewed for security holes. Which
means they are desperately too fragile to be thrown in the sea of the
web, which is full of sharks. It's all about not increasing the
surface of code exposed to the bad guys, unless you really really have
to.

Second problem, social engineering: the users should never be taught
that's anything less that highly suspicious for a web page to require
them to download binary code for the page to work. Think about porn
sites: "please download this HTML5 codec to view this free video!",
except that the codec contains malware.

And, yes, it's something that doesn't affect only Windows n00bs: a
friend of mine installed a third-part plugin on his Ubuntu system to
view videos on a website. When I asked him if he considered the
security implications he said that it's secure because the plugin only
runs in Firefox which is secure (obviously wrong, since Firefox cannot
prevent plugins from doing any sort of bad things, even on Linux).
This is the kind of things that should not be left in the hands of the
end users if we can avoid it.

It's not by chance that Chrome *only* supports Theora and H.264, even
if it uses FFmpeg that supports many other codecs.

ciao

-- 
Lino Mastrodomenico