Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mozilla 1.4 Alpha To Have ActiveX Support

Posted by timothy on from the march-hijinx-before-april-fools dept.

quakeslut writes "According to the newly posted Mozilla Staff Minutes, Moz is set to have initial ActiveX support for the next alpha. ActiveX... be afraid... be very afraid."

66 comments

  1. Ugh by fredrikj · · Score: 3, Insightful

    I wonder, why couldn't they make this an optional plugin? I definitely don't need ActiveX for anything.

    Let's hope it'll be left out from Phoenix...

    1. Re:Ugh by Anonymous Coward · · Score: 0

      What if you want to let a website break into your machine? What do you plan to use then? Javascript's probably your second choice.

  2. For Non-Windows Systems Too? by Alethes · · Score: 1

    I don't see any clarification on the matter at the post, so I'm wondering if this feature is to be included on every platform that Mozilla supports, and if so, just how difficult it is to have ActiveX on non-Windows systems. Also, what kind of security issues are involved?

    1. Re:For Non-Windows Systems Too? by Rick+the+Red · · Score: 2, Informative
      what kind of security issues are involved?
      If you're running ActiveX, your system has no security.
      --
      If all this should have a reason, we would be the last to know.
    2. Re:For Non-Windows Systems Too? by Anonymous Coward · · Score: 0

      That article is 6.5 years old, for crying out loud. Do you have any idea how much software can change in 6.5 years?

    3. Re:For Non-Windows Systems Too? by RevAaron · · Score: 1

      I think ActiveX can rely largely on an x86 CPU and the Win32 API. I'm not positive, but I believe this is the case. I'm sure this will change with .NET- relying on the .NET bytecode rather than an actual CPU-arch. That said, there has to be some ActiveX components that must use VB6 bytecode or something- I know IE5 for Mac OS supports ActiveX, even though I don't think anywhere near as extensively as on IE on a PC.

      --

      Working toward a usable PDA environment in the spirit of Newton OS: Dynapad
    4. Re:For Non-Windows Systems Too? by Rick+the+Red · · Score: 2, Interesting
      Please provide references to back up your assumption that ActiveX has become more secure over the last 6.5 years. It still allows the execution of any program on your machine, including a program downloaded without your knowledge -- that's the point of ActiveX. It is, by design, insecure. Java, on the other hand, at lease runs in a "sandbox" within your browser, and while potentially dangerous it's not as potentially dangerous as ActiveX.

      I allow neither Java nor ActiveX and I'm able to surf the Web just fine. I don't see why Mozilla thinks they need it, and they'd damn well better give us a way to disable it.

      --
      If all this should have a reason, we would be the last to know.
    5. Re:For Non-Windows Systems Too? by dimator · · Score: 1

      I thought this was funny:

      Microsoft's product manager for Internet security John Browne said he recommends that users not download any ActiveX controls that are not digitally signed, though he acknowledged that this practice is not yet widely observed.

      "When PCs started out, people were putting floppy disks on their refrigerators with a magnet, stapling disks together, and not backing up files," Browne said. "Gradually, people caught on. They adopted [other] practices, and the same thing will happen on the Internet."

      What a shitty argument. The repercussions of stapling a floppy pale in comparison to today's networked world, where 0wning one machine is all a hacker needs to 0wn others, launch other attacks, DOS, etc.

      --
      python -c "x='python -c %sx=%s; print x%%(chr(34),repr(x),chr(34))%s'; print x%(chr(34),repr(x),chr(34))"
    6. Re:For Non-Windows Systems Too? by RzUpAnmsCwrds · · Score: 1

      " including a program downloaded without your knowledge"

      Only if you have messed up settings. If you keep the defaults, your are warned and given the choice to run/not run signed ActiveX controls. Non-signed code is not run and you aren't prompted.

      The problem is that too many people don't read the warning and just click "yes".

    7. Re:For Non-Windows Systems Too? by jilles · · Score: 1

      So how come that these people who worried about activex security are downloading and installing unsigned mozilla extensions? It's not like there is any security for mozilla extensions. The only reason this kind of issue is not yet surfacing on mozilla is because it doesn't have enough users yet.

      --

      Jilles
    8. Re:For Non-Windows Systems Too? by adelton · · Score: 4, Informative

      And how about the buffer overrun in programs signed by Microsoft? See http://slashdot.org/articles/02/11/21/1317229.shtm l?tid=172

      Signing doesn't solve the problem because there are buggy programs that are signed. So anybody can distribute them and you will happily run it. And revocation doesn't work because nobody really does it.

      The only reasonable solution is to have an on-line repository of known checksums. And any time you'd need to run something unknown, you'd check the MD5 sum of the program against the database.

      It could be used instead of rpm -Va as well. You wouldn't need to trust the (potential modified) rpm database on your disk, you'd check against central database.

      Anybody upto building such a thing?

    9. Re:For Non-Windows Systems Too? by adelton · · Score: 1

      .NET bytecode? What kind of bytecode does .NET have? Perhaps what you meant was CLI bytecode?

      Anyway, why bother with this if you have Java, working fairly well? Yes, I hate Java/ActiveX/JavaScript/all the latest technology being used and abused in situations where simple CGI will do just fine, but sometimes its use is reasonable.

    10. Re:For Non-Windows Systems Too? by Hard_Code · · Score: 1

      Well, I had an insightful comment, but the Slashdot useful-content filter stripped it, and replaced it with:

      "It's been -60 seconds since you last successfully posted a comment"

      --

      It's 10 PM. Do you know if you're un-American?
    11. Re:For Non-Windows Systems Too? by amoe · · Score: 1

      A considerable amount of people still don't know that magnets and floppies don't go well together, and most people I know are too lazy to backup, then complain when their disk dies. (Actually, that's also a function of messy Win32 programs, but that's another issue.) Nice one, Mr Browne.

      --
      You look beautiful! Incidentally, my favourite artist is Picasso.
    12. Re:For Non-Windows Systems Too? by gmuslera · · Score: 2, Interesting

      More funny than this is that Microsoft recommends to not trust ActiveX controls signed by them. So now you can't trust unsigned and signed ActiveX controls.

    13. Re:For Non-Windows Systems Too? by RevAaron · · Score: 1

      .NET bytecode? What kind of bytecode does .NET have? Perhaps what you meant was CLI bytecode?

      Jesus man, no need to freak out. The bytecode that the .NET uses is that which the CLI VM interprets, yes. Was it that hard to understand what I meant?

      Anyway, why bother with this if you have Java, working fairly well?

      For the same reasons some people are interested in .NET as a means of development for one or multiple platforms. Many languages, interoping together, a decent API, cross-platform. You could use Java, but some people would rather program in a language they knew better already and is supported on .NET.

      --

      Working toward a usable PDA environment in the spirit of Newton OS: Dynapad
    14. Re:For Non-Windows Systems Too? by RzUpAnmsCwrds · · Score: 1

      Yeah, I remember that. Basically, Microsoft should have revoked the certificate, but they decided not to because it would break older apps. I think that that was a poor choice.

      Running an ActiveX control is just like running a regular program. The problem is that most people don't realize that.

      The obvious benefit of ActiveX is, of course, that it has low-level access to the system - and it can be optimized C/assembly code if need be. Look at Flash for an example of a control done right - it's fast and small (600K if memory serves me, which is impressive considering all that Flash can do)

      The problem is that the same control can also be used to screw your system. Gator is one example of ActiveX gone wrong.

      That's why I have ActiveX disabled. Existing controls still run fine, but sites won't prompt me to install controls (automatically denied) unless I add them to my trusted sites.

    15. Re:For Non-Windows Systems Too? by rendle · · Score: 1

      No, if you're an idiot, your system has no security.

      Intelligent people can make intelligent decisions about what they download and run; idiots will find ways to be idiots with or without ActiveX components; and uninformed dooM$sayers will post ridiculous generalisations backed up by links to ancient articles.

    16. Re:For Non-Windows Systems Too? by zootread · · Score: 1

      What browser are you using? Going back in most browsers these days will take you back to the form with whatever you had filled out restored (you don't lose your comment even if it wasn't accepted). It saves my ass all the time. I believe certain ActiveX-supporting browsers (no, not Mozilla 1.4) still don't support such simple things.

      --
      Zoot!
  3. What Next? by Apreche · · Score: 1

    .NET?

    --
    The GeekNights podcast is going strong. Listen!
    1. Re:What Next? by SoCalChris · · Score: 1

      .net is a server side technology, and theoretically you should be able to view a .net page on any browser. Of course, there are tons of stories about .net pages not rendering right in non-MS browsers....

    2. Re:What Next? by akeru · · Score: 1

      This is true, in theory. However, .NET WebForms use IE-only javascript (among other things) meaning that webpages created that way will not run on Mozilla or other browsers. It's a known problem with a number of Knowledge Base article about it. If you roll your own forms/pages/javascript in combination with .NET for server-side CGI only, you will have as much cross-browser compatibility you code in yourself.

      --

      Let's hope that there's intelligent life somewhere out in space 'Cause there's bugger-all down here on Earth.

  4. Interesting by cjpez · · Score: 1

    Looks like this has been around for a little while . . . Google!

    --
    Al Qaeda has ninjas!
    1. Re:Interesting by sweetooth · · Score: 1

      Actually most of the link in that search refer to using mozilla as an activex control (which you have been able to do for some time), not having mozilla run activex controls which is what this new development is.

  5. Great! by Anonymous Coward · · Score: 0
    Now I can run Windows Update on Mozilla on my Linux box.

    Ummmm... tell me again we need this?

    1. Re:Great! by Synic · · Score: 1

      ... because some people run Windows?
      Oh wait, I forgot. You are the center of the universe, aren't you?

    2. Re:Great! by Jahf · · Score: 2, Insightful

      Run Windows?

      Want ActiveX?

      Run friggin Explorer!

      ["We" in the following is whoever you want "us" to be ... ]

      We most definitely know that we are not the center of the Universe ... MS has proven this quite well time after time. The fact that Mozilla is doing this is PROOF that we aren't since if we had our choice, most of us would rather see ActiveX die in favor of more open choices and possibly even Java.

      I won't care if ActiveX is in Mozilla -too- much as long as it can be disabled from loading and bloating my memory footprint even further. I've lived without ActiveX for years, I don't need to change it.

      --
      It is more productive to voice thoughtful opinions (reply) than to judge (moderate) others.
    3. Re:Great! by djcapelis · · Score: 1

      You've been able to for awhile. Use wine and run IE.

      --
      I touch computers in naughty places
    4. Re:Great! by zootread · · Score: 1

      Run Windows? Want ActiveX? Run friggin Explorer!

      Though I can care less for my own purposes (doing all my browsing in Linux), I like the idea of Mozilla being a complete alternative to IE (meaning it can do everything IE can). I expect Mozilla to have an option to disable loading of the ActiveX support, and also provide a version of it compiled without ActiveX support.

      --
      Zoot!
  6. April fools! by stefanlasiewski · · Score: 1

    Oh wait, 6 days too early!

    --
    "Can of worms? The can is open... the worms are everywhere."
  7. What is activeX by PD · · Score: 1

    And why do I need it?

    --
    If tits were wings it'd be flying around.
    1. Re:What is activeX by Sabbath.sCm · · Score: 1

      You don't.

  8. Oh Well by 4of12 · · Score: 1

    I guess I'll pine away hoping for solid SVG support until, what, Moz 1.5?

    --
    "Provided by the management for your protection."
    1. Re:Oh Well by MaxwellStreet · · Score: 1

      I'll second that whine.

      When? Oh When?

      Man I wish that'd come together soon.

    2. Re:Oh Well by Anonymous Coward · · Score: 0

      What's wrong with the SVG support in mozilla right now? (not meant to be rhetorical!)

      Is it crappy?

    3. Re:Oh Well by 4of12 · · Score: 1

      Is it crappy?

      You mean as in "Does a bear in the woods?"

      Not to diminish the valiant efforts of the sparsely populated team of Moz SVG developers, but the Moz SVG viewer tends to crash more and lag in level of standards implement when compared to Adobe's SVG viewer.

      Keep looking here to find out.

      --
      "Provided by the management for your protection."
    4. Re:Oh Well by dublin · · Score: 2, Insightful

      SVG is beautiful, elegant, powerful, and open. It's possible to completely define a very complex and dynamic user interface in it. And that's exactly why we'll never see it in any browsers that matter - not in IE because of the obvious threat to MS UI hegemony, and not in Netscape/Mozilla because there's just not enough interest and not enough capable programmers.

      It's sad, because SVG is probably one of the best an most important technologies of the early 21st century, but barring huge changes in the world, it will probably not be allowed to set us free.

      FWIW, I would despereately love to use SVG, but just this week decided aginst it in a new project, simply because the world is not ready for it, and Batik is the closest thing there is to a real SVG viewer, and it is certainly not really usable in the world at large. I really hope this changes, but I'm not too optimistic right now.

      --
      "The future's good and the present is nothing to sneeze at." - Roblimo's last ./ post
    5. Re:Oh Well by Anonymous Coward · · Score: 0

      Yes, I am also facing a dilemma as to whether to use it for an upcoming project. Unfortunately I really see a lot of problems if I choose to use it. Unfortunately the tools available (mainly Batik) just simply aren't mature at all. And even worse I haven't seen any changes in any SVG development in over a year (though I have not been watching SVG for Mozilla), so I can't expect any maturity any time soon. I don't see why there is a lack of interest, this is truly a brilliant technology. I wish I was capable of contributing, but unfortunately it is beyond my capabilities (at the moment anyhow).

  9. Non-Win32 support? by breon.halling · · Score: 1

    Sorry if this is a silly question, but can ActiveX actually work on anything other than Win32 systems?

    Also, there had better be a way to turn this "feature" off!

    --
    "Yeah, well, Dracula called and he's coming over tonight for you and I said okay."
    1. Re:Non-Win32 support? by RevAaron · · Score: 1

      As I answered someone else, I know IE 5 for Mac OS supports ActiveX in some limited fashion. As to why, I'm not positive- perhaps IE5 for Mac OS can run those made with VB6, compiled to VB6 bytecode, while not being able to run components written in C++ which use the Win32 API.

      --

      Working toward a usable PDA environment in the spirit of Newton OS: Dynapad
    2. Re:Non-Win32 support? by FrozedSolid · · Score: 1

      ActiveX support is only for windows, this has been in development for some time, as seen here.

      Assuming nothing is changed, the activex control support is a plugin and is thus, optional. For now....

      --
      When all freedom is outlawed only the outlaws have freedom
  10. Browser bloat by Drakon · · Score: 1

    I don't see any other problem with this, besides the fact that Mozilla is already a 12 meg download that is 49 megs in memory+47 megs in swap (on my machine, one browser window with 4 tabs, one mail window, running on w2k), and needs to slimmed down rather than bloated even more
    every other feature in mozilla can be turned off, I don't worry too much about that

    --
    Buttsex.
    1. Re:Browser bloat by jilles · · Score: 1

      I have 1 GB of low cost memory in my machine and 12 MB downloads in no time at all using my cheap dsl connection. If it was 24 MB I wouldn't even notice the difference. Mozilla is a browser project looking forward, not backwards. Removing/leaving out features to keep a handful of poorly equiped users happy is not really an option.

      --

      Jilles
  11. Microsoft Compliance by asdfx · · Score: 1

    Will they need to include the security holes to make it fully Microsoft compliant?

    1. Re:Microsoft Compliance by standsolid · · Score: 1

      what do you mean include security holes? activeX is a security hole. MS bashers aren't what they used to be

      ;p

      --
      WTPOUAWYHTTOTWPA
      What's the point of using acronyms when you have to type out the whole phrase anyways?
  12. It depends by MobyDisk · · Score: 1

    It depends on what they mean by "ActiveX" support. "ActiveX" is a Microsoft buzzword, so it is tough to figure that out. I assume they mean support for the tag that IE uses to embed COM ActiveX control in a web page by specifying the class ID.

    Does anyone really want this? Who uses Activex other than corporations that are too dumb to use Java?

    You can already get a plug-in for Mozilla that supports ActiveX. Specifically, it allows the tag so that Mozilla can run embedded ActiveX controls. I used this at work for a week so I could use Mozilla to run some proprietary web-enabled app. In the end, it was terrible because it meant my PC was no open to many of the same security flaws IE is, so I finally removed it. (And now other stuff didn't work, because both the and versions would work, so I would get weird effects on pages that tried to be cross-browser compliant)

    1. Re:It depends by macpeep · · Score: 1

      "Does anyone really want this? Who uses Activex other than corporations that are too dumb to use Java?"

      All IE plugins are ActiveX controls. ActiveX is very rarely, if ever, competing against Java applets. In a web browser - in IE, that is - 99% of the time, ActiveX means "plugin". Not "corporation who is too dumb to use Java".

      But then again, being so quick to call people dumb, I'm sure you are intelligent enough yourself to figure that out.

  13. wrong by falsification · · Score: 2

    That's a wrong characterization of what kind of "ActiveX support" we're going to have. What is going in will allow those who want ActiveX to run it with a plugin. You still have to install the plugin manually. Mozilla won't run ActiveX stuff unless you download additional software to let it do that. Some intranet users actually need this, so this support is a very nice addition to Mozilla.

  14. Plugin vs native ActiveX by sohp · · Score: 2, Informative

    OK, this is severly karma-whoring, but let's ask the source: Mozilla ActiveX Project.

    There have been plug-ins for Mozilla to run ActiveX controls since before 1.0, so that's not new. I believe this just means that the code for making it possible for Mozilla to be used as an ActiveX control is getting into the trunk.

    Among the interesting tidbit: CodeWeavers CrossOver Plugin 1.2 so you can host ActiveX controls in Linux now.

    Nothing hugely earth-shattering, though.

  15. Nooo.... by Hythlodaeus · · Score: 1

    I consider one of the best features of Mozilla to be its lack of support for ActiveX and other such unneccessary security risks.

    --
    For great justice.
  16. i use mozilla ... by blandthrax · · Score: 1

    to get away from things like Active X in the first place.

  17. Mozilla 1.4a does not support ActiveX by asa · · Score: 3, Informative

    Mozilla has had various bits of ActiveX supporting code available to those that want it for some time. There have been plugin wrappers that make ActiveX controls sort of work in Mozilla and Netscape. There has been a Gecko wraper that alows Mozilla's rendering engine to be embedded as an ActiveX control like MSHTML. Various Mozilla contributors have been interested in and working on this stuff for a long time. Some of this support was even available in the Communicator days. None of this is built in the default Mozilla releases and so Mozilla releases do not support ActiveX.

    --Asa

  18. Please ignore submitter by mu_wtfo · · Score: 3, Informative

    This is merely another case of Slashdot editors not even looking at what they post - this is nonsense. For information on what ActiveX work *is* happening within the Mozilla project, visit Adam Lock's (the developer of mozilla ActiveX stuff) site. Try the FAQ.

    --
    If all the world's a stage, anyone who says they want better lighting spends far too much time in a dark theatre.
  19. Not that big a deal by WeaponOfMassDestruct · · Score: 1

    This is essentially no different then implementing Java applets. This could be a good step torwards allowing Mozilla to be a viable option for organizations who use internal applications that have Active X controls.

    --
    --- We have a pool and a pond, the pond would be good for you.
  20. Wrong. by pmsyyz · · Score: 2, Interesting

    If you build Mozilla yourself you can enable Active X support. This has been around for quite a while. But Mozilla.org builds will never have it enabled by default.

    Plug-in For Hosting ActiveX Controls http://www.iol.ie/~locka/mozilla/plugin.htm

    --
    Phillip
    1. Re:Wrong. by pmsyyz · · Score: 1
      From the ActiveX plugin author's website:
      You will notice from my contact details that I work for Netscape. Be advised that these ActiveX related projects are my own personal efforts and have absolutely nothing to do with my employer. I work on them when and if I have the time.
      --
      Phillip
  21. can we have NTLM firts, please? by oliverthered · · Score: 1

    Why can't they sort out the top 10 'you product is useless if it doesn't support them' bugs instead of non-standard, virus prone, windows only [unless you wine] ActiveX?

    I'm sticking with konquror.

    --
    thank God the internet isn't a human right.
  22. Ahh, checkboxes... by pmz · · Score: 1


    Just make sure it is very well documented how to turn it off. Either a checkbox in the UI or an entry in prefs.js would suit me just fine.

    --
    Healthcare article at Kuro5hin
    1. Re:Ahh, checkboxes... by typhoonius · · Score: 0

      I'd like to see a checkbox in the Preferences box simply marked "[X] Suck".

  23. What ActiveX is by Latent+Heat · · Score: 3, Informative
    ActiveX is this brand name from Microsoft for whole bunch of things, but what most of us mean by ActiveX is those GUI widgets you can use in a Visual Basic program. Turns out you can use such a GUI widget (an ActiveX control) in almost any of the major programming languages for Windows and you can use it in a Web browser provided that browser is IE.

    An ActiveX control (widget) is nothing more than a software module that implements a raft of crufty interfaces (the interfaces are ugly on account of the legacy aspects, and few programmer know what they even are because they use the wizards in whatever development tools they are using to automatically barf out code) based on the COM specification, and an ActiveX container (such as a Visual Basic app or an IE page) is nothing more than a program that supports that raft of interfaces.

    An ActiveX control is a Good Thing because it is the closest thing to a "software IC" in the Windows GUI world -- it is amazingly cross-language in the Windows world. The new .NET languages consume and produce ActiveX controls with ease. It is not such a good thing because an ActiveX control kinda assumes it has access to the entire Windows API, so it is really locked in to Windows.

    Also, an ActiveX control on a Web page is typically a client-side thing, think Java applet only without the sandboxing, so besides MS-lockin, you completely blow security, and the MS answer to security is this lame signing business (Scouts honor, this control is secure!). But since it lacks sandboxing, it is really quite capable and powerful -- it is like running little Windows apps inside your browser.

    Part of Miguel de Icaza's deal with his Mono initiative is that he would like to see the Open Source world have something as software IC-like as the ActiveX control, and he things that his clone of .NET is the way to do it with some degree of sandboxing by using .NET widgets as the standard instead of ActiveX.

  24. ActiveX good? by ihavenovoice · · Score: 1

    How come so many people are complaining about having their browser being able to render more pages correctly?

    Haveing an implementation that's crap in IE doesn't mean it has to be in Mozilla.

  25. 80% of America still behind dial-up by yerricde · · Score: 1

    I have 1 GB of low cost memory in my machine

    Even though pricewatch.com shows $120 for a pair of 512 MB DDR SDRAM sticks, there are still issues left. Not only is Joe Sixpack afraid to open his machine's case and add RAM, but not all older machines' motherboards support 1 GB of RAM, and not all motherboards (especially in laptops) can be replaced.

    and 12 MB downloads in no time at all using my cheap dsl connection.

    A setup fee including $200,000 to relocate the family to a serviced area is not cheap.

    Removing/leaving out features to keep a handful of poorly equiped users happy

    Handful? Eighty percent of all Internet-connected households in America are behind a dial-up connection.

    --
    Will I retire or break 10K?
    1. Re:80% of America still behind dial-up by jilles · · Score: 1

      As I said mozilla is a forward looking project. If you're stuck on old hardware that in principle is your problem and not the Mozilla project's problem. Considering it is 2003, its requirements are quite reasonable. Even on my fathers old laptop with a 28k8 modem I would probably manage to download mozilla in three hours or so, which if he had 128MB or more would actually already have happened. Since he has only 16mb, he's stuck with opera 5.x (my father's pc is now 7 years old).

      As far as DSL is concerned you are indeed not lucky if you live in a remote area. Luckily local phone calls are free in the US so you can just turn the machine on and go for a really long coffee break.

      BTW. you're either paying way too much for your memory or the price has nearly doubled in three weeks. I bought my extra 512 MB of DDR333 for 75 euro which would be about 80$ I guess.

      --

      Jilles
  26. Again, please? by Anonymous Coward · · Score: 0

    fatal error; could not parse english at line 1

    1. Re:Again, please? by Anonymous Coward · · Score: 0

      rf -rf ~USA

  27. Bye Bye by floydman · · Score: 1

    Bye Bye luv, Bye Bye SECURITY,
    Hello INNNSecurity
    I think i am gonna cryhhahhyy
    Bye bye baby-tux bahhabayyyy...

    --
    The lunatic is in my head