If you wanna to get conspiratorial, these changes aren't really about "security". They're designed to nudge companies with legacy VB6/VC controls into redeveloping with Silverlight.
The digital signatures really only prevents one form of social engineering attack, it's not a sandbox/permission model like Java. And the big reason that ActiveX has such a terrible reputation is that the prompts could easily be bypassed in early versions (3/4).
Vista Protected mode does provide a sandbox, but I think you can break out of it with a UAC prompt. Which would be easy to social engineer around.
Actually, I'm not. If you look at that Firefox plug-in I linked above, it uses a site whitelist which makes it considerably more secure than IE. Just because IE has/had poor ActiveX security doesn't mean another browser would have the same policies.
Look at the posts in this thread. Everyone's convinced that "ActiveX==BAD" while they probably have 50 Firefox add-ins and plug-ins installed. They're the basically the same damn thing, so I'll maintain this is almost entirely a perception issue (which exists for valid, but historical reasons).
But yet every single modern browser has a way of running 3rd party binary 'plug-ins' or 'add-on' because its too damn useful. Therefore the only real distinction here between browsers that support ActiveX and browsers that don't is marketing.
Either browser could easily support ActiveX on Windows if they wanted to. The main reason they don't is for marketing reasons (because it's perceived to be insecure).
Aside from that ActiveX is actually a documented Open Group standard, and there are (were) 3rd party implementations.
Every Internet Explorer "plug-in" uses ActiveX. This includes Silverlight, Java, Flash and so on. AFAIK there's no plans for that to change, if you want to extend the browser, you need to use ActiveX.
What TheNetAvenger is saying is that Microsoft has been discouraging developers from writing custom controls. Part of this is making them more and more difficult to install. In most cases these controls were only used for custom UIs and things that did not require full unsandboxed system access. So they would be better off using AJAX/Silverlight/Flash/Java.
most people will NOT be able to receive more than one or two channels for free, many homes will not get any channels at all
Your anecdote for mine - Here channels that used to be half-fuzz come in crystal clear on DTV. Plus there's a whole bunch of extra PBS stations on the digital band. DTV is a huge improvement over analog for me. (And, its silly to handwave about "most people" based on two datapoints. Get some real statistics to back you up.)
I think the bigger risk for the networks is that the "TV in every room" people won't buy converters for all their sets and therefore will not soak up as much advertising.
As I recall, "CIO" was popularized by the dot-com companies, and immediately thereafter, since they needed as many C**s on staff as possible to get their VC funding, decided that a CTO was needed too, even though their business was selling pimento loaves on the e-web.
Sort of. Traditionally IT reported into the CFO.
However once the internet came about, there were all sorts of applications needed that weren't related to finance/accounting. So most major businesses (not just the dotcoms) created a CIO position at that point.
"Image PDFs" are required for certain workflows. The people who need them could care less if irrelevant poster #1001089 thinks they're horrible or not.
And they actually have a have a text layer for OCR or searchabity which Google understands.
Some developers don't do that because their customers don't ask for it. Follow the money. If payment for the site was based on how usable it was, you'd see usable sites.
Having been in the trenches with this stuff....
First of all, usability is a very specialized skillset, which the average designer maybe understands about 10% of. And it is actually kinda hard to make a HTML site with really terrible usability. You almost have to fight the browser every step (turn off back button, use iframes, and so on).
I really think that Flash gives one too much freedom and is simply too powerful of a tool for the average designer. Certainly, I've met some really good Flash guys, but that's maybe like 10% of the total. So, ok, the problem isn't Flash, it's just almost everyone who uses it.
Second, "the customer" is typically a 30-something female marketing person, and these issues are simply too nitty-gritty and technical. Start talking about bookmarking or keyboard accessiblity, and watch everyone's eyes glaze over. This kind of basic UI functionality will never get written into the specs.
Unfortunately, "Google Can't Index It" has been my easiest push-back against Flash monstrosities. And now I'm going to have to deal with a flash-monkey saying google can, even though he can't understand the problem with a 25MB SWF file.
You're ignoring how eqch got market share - Firefox earned theirs with, gasp, innovation (and reliability and speed and...) - IE got their market share with default installation from the monopolist.
People forget that one time, years ago, IE was the browser with "reliability and speed and..." sex appeal, while Netscape was the bloated/slow/buggy/nonstandard POS.
Certainly being slammed down people's throats helped their marketshare, but there was actually considerable voluntary user adoption of IE aside from that.
Slashdot Mirror
If you look at how Firefox has implemented whitelisting add-ons, its just another dialog box/infobar to click-through.
Unfortunately multiple confirm actions is what passes for "security" in modern browsers.
If you wanna to get conspiratorial, these changes aren't really about "security". They're designed to nudge companies with legacy VB6/VC controls into redeveloping with Silverlight.
The digital signatures really only prevents one form of social engineering attack, it's not a sandbox/permission model like Java. And the big reason that ActiveX has such a terrible reputation is that the prompts could easily be bypassed in early versions (3/4).
Vista Protected mode does provide a sandbox, but I think you can break out of it with a UAC prompt. Which would be easy to social engineer around.
Well, that's good to hear!
And FWIW, you could configure IE to whitelist javascripts on a site basis by using 'zones'.
Actually, I'm not. If you look at that Firefox plug-in I linked above, it uses a site whitelist which makes it considerably more secure than IE. Just because IE has/had poor ActiveX security doesn't mean another browser would have the same policies.
Look at the posts in this thread. Everyone's convinced that "ActiveX==BAD" while they probably have 50 Firefox add-ins and plug-ins installed. They're the basically the same damn thing, so I'll maintain this is almost entirely a perception issue (which exists for valid, but historical reasons).
It isn't.
But yet every single modern browser has a way of running 3rd party binary 'plug-ins' or 'add-on' because its too damn useful. Therefore the only real distinction here between browsers that support ActiveX and browsers that don't is marketing.
Sorry, I've read too many posts here where basement dictators are trying to tell the world how to operate.
Yep, Acrobat can OCR em.
You could easily create a similar messagebox loop for Firefox, to try to encourage someone into installing a malware Add-On.
Unfortunately, no browser that I know of allows you to kill a javascript without taking out the whole browser.
There is an ActiveX plugin for Firefox: http://www.iol.ie/~locka/mozilla/plugin.htm
Either browser could easily support ActiveX on Windows if they wanted to. The main reason they don't is for marketing reasons (because it's perceived to be insecure).
Aside from that ActiveX is actually a documented Open Group standard, and there are (were) 3rd party implementations.
Neither are sandboxed and both run with the same privs as the browser AFAIK.
The only real difference is that Firefox comes with a whitelist which prevents random sites from installing add-ons.
Every Internet Explorer "plug-in" uses ActiveX. This includes Silverlight, Java, Flash and so on. AFAIK there's no plans for that to change, if you want to extend the browser, you need to use ActiveX.
What TheNetAvenger is saying is that Microsoft has been discouraging developers from writing custom controls. Part of this is making them more and more difficult to install. In most cases these controls were only used for custom UIs and things that did not require full unsandboxed system access. So they would be better off using AJAX/Silverlight/Flash/Java.
Flash is not a particularly "new technology".
It was being widely used for movie and design agency websites 10 years ago. It's only a couple years newer than HTML itself.
Slashdot loves to yelp "oh noes flash!", but to a significant degree it's actually less popular as a web design element than it was 5 years ago.
most people will NOT be able to receive more than one or two channels for free, many homes will not get any channels at all
Your anecdote for mine - Here channels that used to be half-fuzz come in crystal clear on DTV. Plus there's a whole bunch of extra PBS stations on the digital band. DTV is a huge improvement over analog for me. (And, its silly to handwave about "most people" based on two datapoints. Get some real statistics to back you up.)
I think the bigger risk for the networks is that the "TV in every room" people won't buy converters for all their sets and therefore will not soak up as much advertising.
The GPL requires me to do something in order to benefit from the software... teh fascists !
The AGPL is not the GPL. And this use requirement violates what used to be called "Freedom Zero" in the old GPL2 jargon.
Nice rose colored glasses, but "Love Boat" and "Laverne & Shirley" were hardly the pinnacle of popular entertainment.
The best network programming is probably as good or better than ever. But there's 1000x more filler content and it's mostly terrible.
Also, the OMFG crowd didn't come about until sometime in the mid 90s.
Since we're dating ourselves, he's more or less quoting the 1982 song "Valley Girl".
As I recall, "CIO" was popularized by the dot-com companies, and immediately thereafter, since they needed as many C**s on staff as possible to get their VC funding, decided that a CTO was needed too, even though their business was selling pimento loaves on the e-web.
Sort of. Traditionally IT reported into the CFO.
However once the internet came about, there were all sorts of applications needed that weren't related to finance/accounting. So most major businesses (not just the dotcoms) created a CIO position at that point.
Yup, nearly every AJAX tutorial I've seen says (1) Write the static version first, then (2) Integrate AJAX.
Flash is the just the opposite, where someone has to go back and add the accessibility bits after the fact.
"Image PDFs" are required for certain workflows. The people who need them could care less if irrelevant poster #1001089 thinks they're horrible or not.
And they actually have a have a text layer for OCR or searchabity which Google understands.
Some developers don't do that because their customers don't ask for it. Follow the money. If payment for the site was based on how usable it was, you'd see usable sites.
Having been in the trenches with this stuff....
First of all, usability is a very specialized skillset, which the average designer maybe understands about 10% of. And it is actually kinda hard to make a HTML site with really terrible usability. You almost have to fight the browser every step (turn off back button, use iframes, and so on).
I really think that Flash gives one too much freedom and is simply too powerful of a tool for the average designer. Certainly, I've met some really good Flash guys, but that's maybe like 10% of the total. So, ok, the problem isn't Flash, it's just almost everyone who uses it.
Second, "the customer" is typically a 30-something female marketing person, and these issues are simply too nitty-gritty and technical. Start talking about bookmarking or keyboard accessiblity, and watch everyone's eyes glaze over. This kind of basic UI functionality will never get written into the specs.
Unfortunately, "Google Can't Index It" has been my easiest push-back against Flash monstrosities. And now I'm going to have to deal with a flash-monkey saying google can, even though he can't understand the problem with a 25MB SWF file.
In order to upload you have to send the data in one big POST request and there's no way, via HTTP
Speaking of which, encoded POSTs are a retarded way to send files. It would be nice if browsers supported binary PUT uploads.
Gates is still chairman of the board and the largest stockholder.
Yup, when NT 3.x went titsup, it would sometimes display a !OS2 error. Pretty funny.
I would say:
The kernel came from Cutler
The networking and filesystems came from OS/2
And the application libraries came from the Windows group.
Yeah, but I'm talking more about Dick who surfs during his lunch break and uses whatever browser his IT manager tells him to use.
Harry has already gotten his IE7 through Windows Update. The IE6 holdouts are mostly corporate and maybe people with poorly pirated versions of XP.
You're ignoring how eqch got market share - Firefox earned theirs with, gasp, innovation (and reliability and speed and ...) - IE got their market share with default installation from the monopolist.
People forget that one time, years ago, IE was the browser with "reliability and speed and ..." sex appeal, while Netscape was the bloated/slow/buggy/nonstandard POS.
Certainly being slammed down people's throats helped their marketshare, but there was actually considerable voluntary user adoption of IE aside from that.