IERI: Firefox update breaks movie playback

The new version of Firefox (currently 1.5 beta 2) has new security restrictions which prevent plugins from accessing files on the local system if the originating web page is on the Internet. This will be a big problem with IERI because the current setup requires that the movie file be local. I was able to confirm the problem by trying to view and control a movie through the utility then saving the page with the embedded movie locally and trying again.

Note: this is an existing problem with Safari. Considering the current trend in browser security I expect the other browsers will likely follow suite in the near future.

There are a couple of solutions we could consider:

• Code signing
• Creating a custom application for the IERI utility
  
• Creating an IERI "application" that consists of local html files for the shell
• hosting the movie files on our servers and streaming them

Code signing
This is probably the easiest solution to implement, but requires one of two things: a lot of money or a lot of time. Money if we were to purchase a certificate from one of the recognized authorities (such as VeriSign). A code signing certificate is expensive, even at the cheapest of providers, and has to renewed regularly. It is possible to obtain a free certificate from a provider such as CAcert, but it requires a more intense verification process whereby you actually meet with people to confirm your identity.

I know for certain that the problem can be addressed in Firefox by using signed code to modify a user setting when the movie plugin page is accessed:

try {
netscape.security.PrivilegeManager.enablePrivilege("UniversalPreferencesWrite");
navigator.preference('security.checkloaduri', false);
navigator.preference('security.checkloaduri', true);
} catch (err) {
document.write("Sorry, you can not enjoy this site because of " +err+ ".");
}

However, I'm not sure if the various browsers even support a common method of code signing ... though I'm pretty sure they do not. If this method is going to be useful it would be nice to be able to use it in more than just Firefox. Since Safari has a similar problem already any method should also be able to address the problem in this browser as well.

References confirming access restrictions for local files:

• [esqsoft.com] JavaScript Help: WINDOW Object
  
• [extensionsmirror.nl] pagePlaylist v0.7.1 for FX 1.5 Beta 1, Extension is broken.
• [jclement.ca] Firefox Weirdness

References for code signing:

• [mozilla.org] Signed Scripts in Mozilla
• [mozilla.org] JavaScript Security in Mozilla
• [docs.sun.com] Netscape Certificate Management System Administrator's Guide: Appendix F Netscape Signing Tool
• [groups.google.com] script signing 2
• [devguru.com] JavaScript METHOD: navigator::preference

Hosting & streaming movie files
This method, while probably not any less expensive than code signing, seems to be the best of the options. The main reason I say this is because it will require minimal rewriting of the utility and a minor investement in hardware infrustructure (for movie storage ... namely some large hard drives). If we really want to put some work into it we could also build a media management system on top of the storage system (something like the DAMS system at UMich).

EK seems to like this idea, so perhaps we'll investigate it a bit more.


The other two options presented are really viable. While it would provide a significant amount of flexibility in interface development, modifying mozilla to suite the needs of the utility seems a daunting prospect. And creating some kind of downloadable HTML core would likely cause more problems than is solves (mainly due to cross-site security restrictions).

No matter the solution we choose, this problem also present complications for the rewrite of the utility. The whole timecoding mechanism will need to be reworked so that this problem can be mitigated (I doubt we can avoid it completely). The rewrite may be the best time to implement one of the above options.