Slashdot Mirror

← Back to Stories (view on slashdot.org)

Brian Hook on the ActiveX Experience

Posted by Hemos on from the poorly-made-and-maintained dept.

Obiwan Kenobi writes "Brian Hook of id software fame got around to developing on ActiveX and found some minor grievances, particularly in the security department. To quote: "I've been doing some ActiveX coding on the side for a couple days, stuff I'm not familiar with, and I'm just flat out _appalled_ at how bad that entire API and design is. I can make an OCX that basically formats your hard drive, stick it on a Web page with a tag, and if your security settings are set low enough, you'll start formatting your hard drive the minute you visit my Web page.""

3 of 523 comments (clear)

  1. Vapor design by Spy+der+Mann · · Score: 5, Insightful

    I think this could be considered as a proof of how ActiveX was vapor-designed by Microsoft to compete with original Netscape's plugins.

    1. Examine more or less how competition works
    2. Quick! Make a prototype and flat-out obvious bugs
    (Missing step: redesign well taking into account security considerations)
    3. Overhype
    4. Profit!

    So now we're stuck with an obsolete plugin model, which Microsoft neglects to fix because this would break backwards compatibility.

    THE END.

  2. Re:Gee, that's news... by sepluv · · Score: 5, Insightful

    And what may I ask makes a signed active-X control any less dangerous than an unsigned one?

    --
    Joe Llywelyn Griffith Blakesley
    [This post is in the public domain (copyright-free) unless otherwise stated]
  3. Re:Nothing new. by brunogirin · · Score: 5, Insightful
    I think you're missing the context here. First, this is a personal entry on a site that is read by very few users, it wasn't meant to be "news". Second, Brian, who had never done anything with ActiveX, decides to try the technology "on the side". He has heard all the horror stories about ActiveX but actually *using* the technology makes him realise that all the horror is real and, slightly amazed by his discovery, posts on that site. He is just expressing his dismay at the fact that all the horror stories about ActiveX are not myth but reality. Everyone of us does this: experiment to see for oneself and then share one's experiment with others. The findings might be old news for some but are not without interest.

    In practice, I find this article very interesting for what it is: the findings of someone who is a recognised programmer into a field he has no knowledge about; and that prove that all the ghastly rumours about ActiveX are true, not hype. Now whether it should be on /. is another question.