
Now Chrome disables Quicktime plugin by default - bonaldi
http://code.google.com/p/chromium/issues/detail?id=78768
======
blocke
As someone who uses Chrome under Mac, Windows and Linux I applaud this move.

The Quicktime plugin on Windows is HORRID. It is a prime example of how to
make a user experience complete shit. And to be honest I'd prefer the Mac
version not pull it in automatically either. Weither it's the crashing, slow
startup times, bazaar buffering behavior or taking over way too many MIME
types I hate it.

I strongly prefer that Chrome asked my permission before executing either the
Quicktime or Java plugins just like it prompts for popups. All are annoying,
buggy, laggy and crashy.

Both Quicktime and Java were manually disabled globally on every browser I use
and now I can feel safe leaving them on. This change makes my web browsing
experience SAFER and less frustrating.

Of course my dream is never to have to touch QuickTime or that horrid Apple
Update garbage on Windows ever again. I'm not buying a Mac for home because
Apple can't be trusted around VisualStudio.

Flash gets the pass because Adobe lets Google worry about making sure updates
are available on day 1. Odds of Google and Apple working together on
Quicktime... Haha... haha... ha.

~~~
jamaicahest
QT on Windows is horrible, but disabling it outright and requiring users to
start Chrome with a custom commandline, without warning and after an automatic
(and hidden) update? Let's just say it did not go down well at work, where we
use Chrome and QT for inhouse enterprise applications. I understand the need
to push the envelope on web standards and that needs to happen at a rapid
pace, but at least give us enterprise developers a chance to override it.
Enterprises do not develop software at breakneck speed Google, it's just not
worth it.

~~~
eli
Chrome clearly isn't made for the enterprise. IE has historically been a poor
browser, but it gives sys admins quite a bit of control over how and when
updates are applied.

~~~
mryall
Official Google Enterprise Blog: "Chrome is Ready For Business"

[http://googleenterprise.blogspot.com/2010/12/chrome-is-
ready...](http://googleenterprise.blogspot.com/2010/12/chrome-is-ready-for-
business.html)

------
WiseWeasel
It's OK because proprietary plugins like QuickTime are a threat to the open
web, and should be eliminated according to Steve Jobs (who I always turn to
for moral guidance on the use of open vs. proprietary systems): "... we
strongly believe that all standards pertaining to the web should be open."

<http://www.apple.com/hotnews/thoughts-on-flash/>

~~~
danilocampos
He's definitely correct in this. Good thing Chrome also disables Flash by
default.

Between this and the Honeycomb source I just checked out through git, Google
has really hooked me up with the mad openness.

edit: Really, though, this is a bullshit argument that's been cooked up. These
are two companies trying to preserve their ability to make money. That's it.
The thing I admire about Apple, though, is that they're not making any bones
about it. They go with what works better for them, and, as they see it, what
works better for users. No silly holy wars or sanctimonious proclamations.

I trust the guy who is honest about his self-interest a whole lot more than
phony altruists.

~~~
ootachi
But QuickTime _doesn't_ work better for users. The technology is dated and
does nothing that HTML5 doesn't do better. In fact, Flash is actually far
better for consumers than QuickTime; at least it's updated regularly, unlike
QT.

This cuts both ways. Why doesn't Apple discontinue and disable the QuickTime
plugin, if they really have the users' interests at heart?

~~~
cooldeal
And not to mention the annoying way the updater tries to sneak in Safari and
other Apple software. <http://i.imgur.com/oq0i2.png>

It was far worse earlier
[http://www.dslreports.com/r0/download/1289538~04d191d10d05df...](http://www.dslreports.com/r0/download/1289538~04d191d10d05dfdb6369e49206336f96/apple_updater.jpg)

Just as a thought exercise: Can't Apple be sued for monopoly abuse? They have
a monopoly on portable music players, for which you need iTunes to load music
on, and then they default to installing Safari trying to leverage their
monopoly in music players to win over the browser market.

~~~
dailyrorschach
I'm sorry, how do they have a monopoly on portable music players? They have a
very popular player, of which they are the sole manufacturer, and require you
to use their software.

The free market has plenty of alternatives, though not as good if you ask me,
if you do not like their solution you are free to purchase another. There's
nothing monopolistic about having a hugely successful product.

~~~
metageek
I don't think "monopoly" requires 100% market share. Apple has over 75% market
share, which may be enough to qualify.

~~~
Wientje
You're allowed to have a monopoly, you're not allowed to abuse it. If Apple
ordered mp3hardware stores to stop selling other brands or Apple would raise
it prizes, that would be abuse.

~~~
cooldeal
If that's the only metric, then why was Microsoft censured for bundling IE
with Windows?

~~~
wtallis
They leveraged one monopoly to create another instead of trying to promote IE
on its merits, and implemented IE with insider knowledge of how Windows works,
and did various other things like coercing OEMs. Those are the things that got
them in trouble, not simply having the OS monopoly.

------
bonaldi
(Bit of context: the Quicktime plugin now has to be enabled on every site you
want to use it with; there's no global way around it. Comes in wake of
Google's dumping of h.264, which Quicktime handles natively).

~~~
drivebyacct2
Surely you're not implying that Google is pushing out Quicktime because they
don't want h264 support provided by 3rd parties.

That's ridiculous, especially since all versions of Chrome shipping still have
h264 support. That would be a bit horse before the carriage.

~~~
nextparadigms
What all versions of Chrome? Chrome auto-updates so the vast majority if not
all of them are on the latest version (or newer beta versions) which is Chrome
10. And Chrome 10 doesn't have h.264 support built-in anymore.

~~~
protomyth
This pretty much means I am going to have to delete Chrome from all the
machines and either use IE / Safari, put Safari on the Windows boxes, or go
with Firefox (and hope they don't pull the same stunt). H.264 is used for
teaching material and I would like to use one browser on both platforms. No, I
will not login to every new account and setup specific sites to set as "safe".

------
mapgrep
Around the time this was posted to HN, Stuart Morgan of Google and the
Chromium project added a comment to the bug report that "this is a security
feature that is applied to certain specific plugins even when they are up to
date."

<http://code.google.com/p/chromium/issues/detail?id=78768#c1>

[speculation]

Maybe it's to do with this, patched in a new OS X release only a couple of
weeks ago?

"An integer overflow existed in QuickTime's handling of movie files. Viewing a
maliciously crafted movie file may lead to an unexpected application
termination or arbitrary code execution. "

<http://www.net-security.org/secworld.php?id=10770>

[/speculation]

~~~
msbarnett
And given the sheer number of exploits that leverage the Flash plugin, I'm
sure this security feature will be applied to it too any day now, right?

~~~
modeless
Chrome runs Flash in a sandbox. Quicktime is not sandboxed.

------
amattn
Maybe it's just me, but how can you embrace Flash but not Quicktime without
looking like a hypocrite?

~~~
antimatter15
QuickTime is much more closely tied with the OS than flash is and probably
nigh impossible to sandbox and ensure it's on the latest version

~~~
cube13
On OSX, I can accept this argument, because Quicktime is the primary codec...
repository(for lack of a better word) for basically everything on the OS.

However, I don't think it's the case for Windows or Linux. On those systems,
it should just be another codec/browser plugin. Playing Quicktime videos
should be the same as any other codec, so I don't really understand why it's
not possible to sandbox it like Flash.

------
oemera
Wait. Why is the user losing the most in such political desicisons? I can't
believe that. I love the Chrome browser but that's to much. I mean come on
QuickTime (on the Mac) is the least painful player.

In addition I have to say that I'm a MacBook Air user that means when I play
flash content in the chrome browser my fan is freaking out. With QuickTime
this doesnt happen and guess what I like more? Yes, playing videos without
freaking out fans.

------
peregrine
They also disable Java by default in the nighties. Lifesaver.

~~~
blocke
This. So incredibly this.

I love this damn feature and now that it's here I'm going to be impatient with
any browser that doesn't. I can now feel safe leaving Java turned on.

~~~
peregrine
The only issue with it so far and I haven't submitted a bug report yet is that
it slides the entire page down without turning on the scroll. So pages like
gmail end up losing the chat and tasks.

------
moxiemk1
Though QuickTime is only an abstraction of OS provided codecs on Macs, this
move once again brings up the question in me:

Is there _any_ valid technical reason for browsers to handle media files in
any way other than wrapping OS provided codecs?

~~~
DarkShikari
So that your browser vendor can force their philosophical decisions about file
formats on their users. That's basically it.

Security is supposedly an issue, but "clicking on a video file in your browser
to play it" is no easier than clicking "open file" in a download prompt -- if
there's a vulnerability in your media player, attackers don't need <video> to
get to it.

~~~
nitrogen
I think you may be slightly biased here :). A security exploit that requires
clicking is a lot less serious than one that happens without user
intervention. Since <video> and <object>/<embed> can play automatically, it
makes sense to limit the tags' exposure to unknown code from the operating
system's installed codecs.

------
kmfrk
Apple's gift to mankind was to ban(ish) Flash.

Facebook's was to ban(ish) QuickTime.

QuickTime feels like something that should have gone the way of the dodos,
back when RealPlayer disappeared into obscurity.

After RealPlayer, QuickTime became the worst software experience on Windows.
(iTunes comes in right after.)

~~~
calloc
How did Facebook banish QuickTime?

------
othermaciej
Chrome is currently the crashiest app on Lion seed builds (yes, even more than
browsers that have more users on Mac). Maybe it should disable itself?

------
freddier
HTML5 video won't work in Safari for Windows unless you also have Quicktime
installed.

------
yuhong
What is more desperately needed thanks to the Flash 0-day exploits flying
around is for MS to add something similar to Office. I'm sure most people
don't embed Flash in Office documents.

