I haven't seen any mention of search, which seems odd. Google is adding captions to every YouTube video, and nobody is interested in whether you'll be able to search the captions or not? Seems to me like it could be quite useful to search the captions of every video on YouTube.

It's true that theoretically shaders can't do much, but shader compilers are imperfect, and since GPUs have no hardware memory protection, compiler or driver bugs could easily result in read/write access to arbitrary video memory, allowing a shader to directly read/write the contents of your screen, or corrupt important data structures to exploit the kernel-mode part of the video driver and gain complete system access.

Video drivers are complex and notoriously buggy gobs of code which run partially in kernel mode and were designed for speed, not security. Allowing any random webpage to make DirectX/OpenGL calls directly (even without shaders) is a huge security concern.

The difference is that in 1-2 years WebGL will be built into your browser and enabled by default; not only on your PC but your Mac and your iPhone and your Android devices, whereas this crappy Windows-only plugin will still be a crappy Windows-only plugin.

It would be easy enough to prove that CNNIC is performing man-in-the-middle attacks. To perform a man-in-the-middle attack on (for example) gmail, CNNIC would have to send a fraudulent certificate to users. That certificate would be ironclad evidence that CNNIC can't be trusted, so all someone has to do is present one.

Yes! In fact the client does have every CA cert already loaded on its hard drive. Every browser comes with a list of CA certs that it accepts; other CA certs are simply not accepted. At no point is any CA cert downloaded over the Internet (except as part of a browser installation package, but if China were tampering with these it would have been noticed by security researchers). This is how SSL gets its resistance to man-in-the-middle attacks; it all comes from the preinstalled list of trusted root CAs.

Consider yourself educated. SSL is not vulnerable to man-in-the-middle attacks.

No, SSL is not vulnerable to man-in-the-middle attacks. The attack you describe only works as an attack on the certificate authority itself. It can only work if the Chinese government possesses the private keys of a CA which is in the default "trusted" list of the user's web browser. If the user knows which CA is compromised in this way, they can remove that CA from their trusted list and the attack will no longer work.

Do you know if any Chinese CAs come preinstalled in popular browsers? I don't think they do.

Here's a 7500x7500 (56 megapixel) image of the fractal: http://seadragon.com/view/fnr.

Quicktime runs on two platforms: OS X and Windows, and many Windows machines don't have it. It sorta runs on iPhone but the codec support and user interface is completely different. Flash runs on four platforms: OS X, Windows, Linux, and Solaris, and is commonly installed on all of them. Flash isn't as cross-platform as the web itself, but it's better than any other video plugin.

As for your "et al." Windows Media player is obviously platform specific, and there are no other widely-deployed video plugins. Also, the WMP plugin for non-IE browsers is no longer shipped with Windows as of Vista.

Not sure what you mean by that. Sure, there are differences between browsers, but they're nothing like the differences between Quicktime and Windows Media Player.

So you're seriously suggesting that instead of the video tag we should have many competing video plugins with different UIs, APIs, and supported codecs, which users should choose and install based on their preference, and then every website should support all of them to enable user choice? Now that I think about it, I guess that's actually a pretty accurate description of the way things worked before Flash video. Minus the "every website should support all of them" because that never happened.

A) You're entitled to your opinion, but you're wrong.
B) Flash can and does do all of these things; that's why the video tag is better than Flash. However, Flash does have the advantage over other video plugins because it's so widely used it's almost always already in RAM before the user visits your page, so you don't get the loading delay.
C) The reason to believe it won't is that it doesn't. Have you even tried it?
D) Complete non sequitur. I'm sorry, but the video tag doesn't feed the hungry or bring world peace either.

A quick Google search for "flash z-index" will prove you wrong. I can only assume you've never written a lot of code dealing with plugins because frustrations and limitations are everywhere. Also, the Quicktime plugin doesn't support fullscreen at all. Never has. The WMP plugin does, but the default UI doesn't even provide a button for it. You just have to know to double-click or right-click.

According to Adobe, >90% of browsers have Flash 10 with H.264 installed. >99% of browsers have Flash 9 with at least VP6, and some number in between (likely on the high end) have Flash 9 with H.264. That's only 2 codecs you need to worry about, and in reality likely only one.

You asked for it...

Playing video in an embed tag requires the user to have a platform-specific plugin installed. The user interface you get depends on the specific plugin used and can only be customized in a plugin-specific way. The Javascript API offered by the player is also plugin-specific and probably not as useful as the standard API provided by the video tag. Loading the plugin will often freeze the user's browser for several seconds and/or cause crashes. Plugins don't play nice with CSS opacity and z-order and are often buggy with respect to positioning, resizing, full-page zoom, and DOM manipulation. New advanced CSS features like transforms and animation are not likely to play nice with plugins either.

Flash took over from embed because it provided a customizable UI, consistent API, workable fullscreen mode, and reliable codec support. The video tag has the first two of these and is likely to get fullscreen support soon. Unfortunately codec support is a sticking point...

There will soon be much less need for 3D from 2D hacks, because there's a new technology coming that produces 3D pictures directly: Time-of-flight cameras. Today they are really expensive but they're going to become much cheaper very soon. This is what XBox's Project Natal is based on.

If you want browser control over animations, then take a look at WebKit's CSS Animation proposal. Instead of driving animations with opaque Javascript you can specify them declaratively in CSS, and as a side effect the browser gains control over the implementation.

The difference is VRML sucked. OpenGL doesn't suck.

If you want more detail: VRML was based on a scene graph. Scene graph APIs have proven over time to be the Wrong Way to do real-time graphics. They are complex to implement, inflexible, and slow. The alternative is immediate mode rendering APIs like OpenGL and Direct3D, which are fast, flexible, and relatively simple to implement, and have been very successful. For an analogy to 2D graphics, VRML is like SVG, while OpenGL is like the Canvas element in HTML 5.

The difference in quality you saw was due to the LCD panel, not the backlight. There's a very wide range of quality in LCD panels, and the make of the display does not necessarily indicate the quality. Manufacturers usually buy their panels from third parties, and in some cases even displays with the same model number can have different panels.

Even good LCD panels have nowhere near enough dynamic range to be properly called "HDR", let alone a 5 million to one contrast ratio.

No, it's why anyone who made cell phones for the US market had to ask permission from and pay money to Motorola until the patent expired in 1992.

I didn't mean that it would be *actually* as bright as the sun; that would obviously be dangerous :-) There's a big difference between "uncomfortable to stare at" and "as bright as the sun".

Also, though defining HDR solely in terms of contrast ratios is pedantically correct, it isn't actually useful since any emissive display that can turn off completely has an infinite contrast ratio when viewed in darkness. I wouldn't call such a display "HDR" unless its peak brightness level at least matched other common displays.