Mobile version of IE10 won’t run Flash by default (blog.rabidgremlin.com)
Cached link since my poor server is dead: http://blog.rabidgremlin.com.nyud.net/2012/10/11/did-microsoft-just-kill-flash-ie10-wont-run-flash-unless-your-site-is-on-a-microsoft-whitelist/
63 comments
[ 3.0 ms ] story [ 108 ms ] threadEdited...
It looks like Brightcove does support mobile (at least they claim to) so what's the big deal? Can't they just deliver different content for the new IE, the same way they are presumably already doing for the other non-Flash platforms?
I'd be royally pissed if they told me it was my responsibility to get my site whitelisted with Microsoft.
Video on the web would be a lot simpler if DRM/content protection would die die die...
RTMPE was cracked years ago (the handshaking consists of little more than sending an HMAC of a magic string and the player file)[1].
It's all just obfuscation. Putting a transparent layer over the video and obfuscating the file name will achieve the same effect, that is, preventing casual downloads. That's all they've got at the moment, even with Flash "DRM".
1. http://lkcl.net/rtmp/RTMPE.txt
I do some work in the mobile space around rights protected video. Trust me, they exist. Particularly if the content you're handling isn't on public release yet.
1) You didn't buy the streaming rights
2) You can only put it on line X days after broadcasting it
3) You can only keep it online for X days
4) All data packets sent to user must be transient, encrypted and not cacheable (that's a fun one to try get right )
5) etc etc etc
A solution that you believe to be good and secure but that they haven't validated can't be used; and that validation takes significant time and money.
And you can't really force your terms on DRM unless you are Apple - even multinational cable companies (that have been distributing the same content on cable for decades) have the same problems for any IP-based transmission, even for them the content providers have all the trumps, and any changes can be negotiated (paying a lot for removing each restriction) only with the next round of content deals every 3-5 years or so.
Hasn't anyone figured out how to proxy it, or only allow a connection to the hosting server if the browser has a specific cookie, or some other way of obfuscating the video's URL?
Silverlight seems to work out for Netflix.
> Video on the web would be a lot simpler if DRM/content protection would die die die...
Let's say it did. What web standard (particularly that IE10 implements) makes it relatively easy to implement even non-protected streaming?
Silverlight doesn't run on Android or iOS either, so I don't see how it's an improvement over Flash in this regard.
http://www.geek.com/articles/news/internet-explorer-10-metro...
HTML5 (video tag), H.264, and (coming soon) DASH.
HLS streaming can be protected, you can encrypt the chunks and decrypt on the player. Ironically enough for my previous job I built a HLS prototype solution that did exactly this... in the Flash Player.
What does that have to do with anything?
If you are decrypting on the player then the decryption key must be on the clients device. What is to stop them grabbing the key from memory and ripping the stream anyway?
Apple do something similar http://developer.apple.com/library/ios/#documentation/Networ... this approach is more secure than what we de (Restrict access to the manifest file and have Flash request the current key when needed at runtime).
After all you only need one device to copy the stream and re-stream DRM free to others.
The whitelisting only applies to the "mobile" version of their browser. To that end, Microsoft's policy is markedly more Flash-friendly than what's happening on other Mobile platforms. After all, at least some Flash content will be permitted. By contrast, iOS and (as of recently) Android are effectively Flash-free platforms.
I think the fact that there's no restriction on desktop, combined with their published requirements for how to get whitelisted for mobile, make it pretty clear that this isn't really meant to be an attack on Flash. It's more an attempt to deal with the large number of websites whose Flash content is fundamentally incompatible with touchscreens because it assumes the presence of a mouse. Blocking Flash on those sites hopefully results in a better user experience because the site is theoretically degrading to a Flash-free version instead.
Far from being a Flash-killing move, in hindsight the other mobile platforms adopting a similar policy might have been the one thing that could have saved Flash for them.
Its kind of crazy to me Google doesnt include Flash with jellybean when it works just fine. I'm all for killing flash asap, I hate it... but when it works... why deprive people of that bullet point feature?
Either way, its beyond false to call Android (even jellybean) a "flash free platform". You have to download and install flash on a desktop computer, just like you have to download and install Flash on Jellybean. Still works like a dream though.
1 - http://msdn.microsoft.com/en-us/library/ie/jj193557(v=vs.85)...
It's true that it runs on desktops. But it's also true that it's primarily intended as the version of the browser that's used on touchscreen devices.
The whole kerfuffle here centers around the ambiguity of the terms in use. It is unfair to take the blog author to task over his language, only to use unclear language in return. Characterizing this as the "mobile version" of the browser is incredibly unclear, considering it's the default on the OS that will ship with desktop and laptop computers.
EDIT: Here's a little matrix I posted further down the page. I think this makes the context a little more clear.
As far as the whole "mobile/not mobile" thing goes, I think that ambiguity is totally inescapable on Windows 8. Windows 8 has an identity complex, and is full of bits of UI that were clearly designed for touchscreen devices but are also used on the desktop OS. But I don't think the fact that they're available negates the fact that they're primarily optimized for a mobile experience. It's more just a symptom of Microsoft trying (and, as illustrated by cases like this, not necessarily succeeding) to shoehorn a mobile experience and a desktop experience into the same environment.
You have to wonder how many people will never switch modes...
Here's the MS page linked from the article, since the site is currently unresponsive: http://msdn.microsoft.com/en-us/library/ie/jj193557(v=vs.85)...
Yes.
* hoyois.github.com/safariextensions/clicktoplugin/
Here is the link to the Developer guidance for websites with content for Adobe Flash Player in Windows 8: http://msdn.microsoft.com/en-us/library/ie/jj193557(v=vs.85)...
Are you running on WP? Got a cache plugin installed?
I was gonna put Varnish in front but have just never got around to it.
Server resize in progress :)
There's some confusion of terms going on in this whole discussion. Traditionally, when people hear "desktop version", they think: "the version that runs on desktop and laptop PC, as opposed to mobile devices like tablets and phones." This distinction doesn't hold for Windows 8, because the "desktop" version of IE10 isn't alone on Windows 8. Windows 8 UI will run the "mobile" version (loosely speaking) of IE10.
Based on this, we have the following:
Instead of a mortal wound from Apple or death by a thousand cuts, it seems like Flash is dying from a series of maiming injuries.
Although DRM is often cited for the main reason Flash still exists, from my experience it exists because it is still being taught at community colleges and universities to graphic design students. They enter the workforce, do something at their new job in Flash like a restaurant menu or whatever, it looks good on a desktop and so Flash persists.
I recently committed a website to a design review site. FLASH pages are not allowed any more.
These pages used to be called FLASH–award, now they are called CSS-awards, what comes next?
I was talking to a friend the other day about whether it was best investing time into getting really good at developing for the web vs native mobile/desktop.
My argument was that the big advantage of web dev was that you not only had more choice of backend tools but it was also the best way to get your apps to run on any platform including locked down ones without having to worry about app store policies etc.
His counter argument was that the browser is becoming the new target for malware etc especially as the new HTML5 APIs become more sophisticated. He thought that it might be likely that some browser APIs would become locked down by platform vendors. In other words if you want your web app to do stuff like WebGL/Local Storage etc you would need to be explicitly whitelisted by the OS or browser vendor. In which case there could be rules like "your web app cannot do xyz, your website must not have content related to abc".
Outright website blocking would seem out of the question, but perhaps things like this are the first sign of a move in that kind of direction?
This effects desktop windows 8 too not just mobile
http://twit.tv/show/security-now/373