Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

(Bit of context: the Quicktime plugin now has to be enabled on every site you want to use it with; there's no global way around it. Comes in wake of Google's dumping of h.264, which Quicktime handles natively).


The ratio between legitimate uses of the quicktime plugin that aren't otherwise covered by chrome, and attempts to exploit the cavalcade of bugs that are regularly developed for it must be quite low indeed. I have no problem believing this is due to security concerns, and I applaud them for making the move. Blindly running plugins that have a history like QT is very poor behavior. Hopefully they will be flagging oracle java for similar treatment soon.

To be clear, you simply have to manually enable QT for a domain you want it to run. All plugins should be set to run this way - "do you trust this domain?". It would cut down on 90% of drive by exploitations where the user never even sees the malicious iframe and has no idea that they visited the domain hosting the exploit code.


Wait, is this true for OS X as well? I could understand this for Windows, but Quicktime on OS X is great (especially with Perian...)

Hopefully this isn't true for the OS X version of Chrome. Otherwise, I'll be switching back to Safari...


It is true for OS X, in the latest dev builds, at least.

(I first got bugged by it clicking on the Pow video link at http://pow.cx/ -- when a Mac browser won't play a straight .mov file for political reasons it could be time to change.)


I wouldn't be shocked if Quicktime is as high in crash statistics as Flash used to be, and that's why they disabled it. It's a horrible plugin.


On Windows – but disabling it on OS X is just wrong.


Surely you're not implying that Google is pushing out Quicktime because they don't want h264 support provided by 3rd parties.

That's ridiculous, especially since all versions of Chrome shipping still have h264 support. That would be a bit horse before the carriage.


What all versions of Chrome? Chrome auto-updates so the vast majority if not all of them are on the latest version (or newer beta versions) which is Chrome 10. And Chrome 10 doesn't have h.264 support built-in anymore.


This pretty much means I am going to have to delete Chrome from all the machines and either use IE / Safari, put Safari on the Windows boxes, or go with Firefox (and hope they don't pull the same stunt). H.264 is used for teaching material and I would like to use one browser on both platforms. No, I will not login to every new account and setup specific sites to set as "safe".


that isn't correct. try out e.g. http://msnvidweb.vo.msecnd.net/o3/IE9%20Demo/ToyStory_HTML5....

works fine in chrome, won't load in firefox. as expected.


Surely you can understand why I would disagree. Aside from my mis-speaking, thanks a bunch guys for all the downvotes. I definitely deserved it for that awful, terrible post. Really appreciate it.

http://i.min.us/imDSpu.png

Note, the screenshot is Chrome 12 playing h264 video on Vimeo. I've done nothing to cause this to work.

Oh, yes, it's -3, please continue piling on the downvotes without bothering to verify the information you're voting based on. Pile it on, what a terrible comment for me to have made. To imply that we shouldn't errantly speculate? To suggest that it's irrational to assume they're riping it out because of h264 seeing as Chrome 12 plays it just fine for me? Good work guys.


> That would be a bit horse before the carriage.

So, the way it's supposed to be?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: