Bingo. Facebook is a reasonably good service, but all it doesn't take much to launch a competitor. Sooner or later another site will become the next Facebook and Facebook will become the next MySpace. Personally I think the biggest threat comes from mobile, all it would take is for a few of the mobile providers to get together and launch a service aimed at teenagers (who are not as invested in FaceBook) and in a few years FB is the old-persons network.

FaceBooks only saving grace is that the mobile providers all hate each other and couldn't provide an appealing service if their lives depended on it (which, somehow it doesn't - I've never worked that out).

Yes, but not for this reason.

Filmgoing Public

This goes for all social networks (including Slashdot) but I will use Facebook as an example:

You do not have a FaceBook page.

No you don't.

Facebook has a page on you, which you update for them for free. You are a product that Facebook produces for its customers. The customers of Facebook are the advertisers, not you. This is not necessarily a bad deal for you. You get to show people Facebook's page about you, and derive pleasure from interacting with Facebook's pages about your friends. All for free.

But don't get upset when Facebook decides to improve things for its customers, because they can (and should) put them first. Facebook owes you nothing.

Regulating social networks seems like an exercise in frustration. What counts as a social network? Does my blog count? Do I need to let users download all their comments in an "industry standard format"? Do MMO's count? Can I download my +5 firesword?

Sometimes I wish Slashdot would let me download my mod points in an open format and use them on another web site. I have some Facebook posts in mind that need down-modding.

That NASA link is 50 times as interesting as this lame story. Thanks.

Exactly right. I have noticed a huge upswing of probing behavior in my Wordpress site logs, all targeting timthumb in various common themes. Wordpress is easy to install (and easy to upgrade) but requires ongoing upkeep as vulnerabilities are found and patched. Too many people just install it and let it rot.

With Roulette you don't need to predict very well to get an edge on the house. Even you if can fairly consistently guess which quarter of the wheel the ball will land in, you can shift the odds well into your favor over the long run. That's what the "cheaters" with electronic aids were doing.

That's great, but what are websites supposed to do? Start serving up PNGs (or whatever modern equivalent) and hope that users have the correct plugin? Or do they stick with something not quite as good that they know will work? That is why having a small list of supported codecs is important (leaving aside the fact that many users simply cannot install additional software).

Nobody cares about Matroska files except for pirates (which is a shame, because it has nice features). Neither Windows or MacOSX are interested in supporting every single codec under the sun. You can install additional codecs for both Windows and Quicktime if you want to, but if you are distributing files it is better to just use an industry standard like h264. This is exactly my point.

I don't really have anything to add except to say the Netflix and similar products will never use the standard video tag to stream video, since it doesn't offer the flexibility and DRM that they need. Netflix isn't really a web-based product anyway, all the heavy lifting is done outside of the browser.

Video codecs and fonts are similar in that they are both complex binary formats whose readers have until recently not been exposed to the cesspit of exploits known as the internet. Both font rendering code (on all OS's) and base video codecs have had patches to fix security holes (mainly buffer overflows) in recent years. Mozilla does not want to be in a position where they know there is an exploitable hole in a video codec that the vendor won't quickly fix (which has happened in the past).

What are they supposed to do in that situation, disable the feature? Ship a product they know is insecure? At least with their own codecs, they know they can always ship an update immediately if a problem is found.

On your second point, I am not sure it is Firefox's job to be all things to all people. It is a web browser, not a security console. If you want a web enabled security console then you would use a web-ready video codec. Besides, Firefox still supports plugins for additional behavior if you really need something non-standard. You could even make a plugin that forwarded everything onto gstreamer (or DirectX, or Quicktime) if you really want to - just don't expect me to install it.