Here's what happened. I had a web page with a QuickTime movie on it. Standards compliant, validates using the W3C validator, and it was tested with the latest version of IE, version 6, when it was built and it worked beautifully. Waiting for me when I get back from holiday is a forwarded message from someone in our College administration that is complaining about how our web site is broken because whenever she goes to the page, her screen goes blank and she gets "a weird error message about ActiveX." Here we go.
Seems that the new version of Internet Explorer, IE7, has a little surprise in store for anyone who was embedding QuickTime movies onto their web pages.
Basically, IE7 now allows the user to control which ActiveX controls are allowed to be created on web pages. This is a good thing, because it's' finally addressing a security mentality that's been around since the Dark Ages of the browser wars.
But it wouldn't be Microsoft if they didn't screw it up in some way. In this case, they helpfully chose certain "pre-approved" ActiveX controls to default to being on, and turned off all the other ones. That much is fine. According to Microsoft:
The new Internet Explorer 7 ActiveX Opt-In feature disables ActiveX controls on a user's machine...Controls which were used in Internet Explorer 6 before upgrading to Internet Explorer 7, along with some pre-approved controls, are not disabled.
Makes sense. Most ActiveX controls weren't designed to be web page applets, so it makes sense to pull out the non-internet ones. That was ostensibly the intention according to the Microsoft Internet Explorer Weblog. For instance, they pre-approved the Flash ActiveX control because it was clearly meant for viewing media on web pages.
Now, consider for a moment that the iPod is kicking the Zune's ass. Zune isn't even in the top ten selling MP3 players. You're Microsoft, and you want Zune/WMV to do better against iPod/QuickTime. What do you do?
That's right. Leave QuickTime off of the "pre-approved controls" so that every web page with a QuickTime movie in it doesn't work. Okay, but at least if they had it installed under IE6, it should work because of the above quote, right? Wrong. Curiously, even if you explicitly installed the QuickTIme Player as an ActiveX control under IE6, it still gets turned off anyway in IE7.
It seems to me that this is not about security. I find it more likely this is part of their pissing contest with Apple on media formats. If they were being mature about it, they'd pre-approve QuickTime controls, because, clearly, those are intended for web page media playback, and if their users installed it, that probably means they want to use it. Apple doesn't go sabotaging Windows Media Player with each new update to Safari.
Moreover, it appears, from what the woman who was trying to view our QuickTime movie described, that IE7 does not fail gracefully when it encounters the ActiveX control. You would think that when it encounters an unapproved ActiveX control, it would just leave it out of the page, and maybe alert the user to the situation and give them a simple explanation and instructions on how to enable the control.
Oh, no. Instead, it fails spectacularly. According to her, none of the page content showed up - not just the QuickTime movie. It just killed the entire page, leaving her unable to get any of the other relevant information on the page. And in typical Microsoft fashion, the error message that it displayed was the inscrutable, cryptic nonsense aimed at certified Microsoft technicians, rather than something that would be useful to normal people. This woman had no idea that the problem was with the security settings on her own computer, let alone given any idea of how to go about correcting the problem so that she could view the content.
So it looks to her like it was our fault. And it looks to my professional colleagues and upper administration that it was my fault. Thanks, Microsoft, for making me look bad. My web page worked in IE6 last month, but now it's catastrophically broken in IE7, and the stink lands on me because Microsoft doesn't have the decency to let their users know that it's IE7 lameness, not a broken web site, that is causing that big blank screen.
Perhaps not coincidentally, No More IE Hacks showed up on Digg today. If only.