So one should do wathever wife says... without thinking about alternatives?
If you want to get on the "you always argue with me" merry-go-round you're welcome to... but unless she's obviously completely off base you're far better off just doing it her way.
That's why my wife's got a Windows box, even if I think she'd be better off with a Mac.:)
You can buy smaller Windows and Linux machines. You can buy cheaper Windows machines from all the big brands.
Objection! Irrelevant!
The Mac... mini, maxi, or midi... can't be compared on a hardware feature for feature basis to a PC... headless, diskless, or fanless... running Linux or Windows. Not if you want to figure out what the Mac (mini or not) is all about.
Even throwing in the cost of Windows XP Pro, a Mac
Mini costs more than the equivalent hardware you could toss together in a Shuttle case. Yeh, it's small, but that's not the trick. If it was a slab with as much free space as a Mini-ITX stereo-rack box it'd still sell for more... and justifiably so.
Because no matter what you do with your Windows box or your Linux box, it's not running OS X. OS X has a user-friendly environemnt that puts Windows to shame (and makes Linux look like it was just dug from a crypt), a hacker friendly environment that's almost the equal of any other open-source OS... without the driver support pains, and more than enough actual commercial software that ordinary people (as opposed to geeks or gamers) actually want to use to get by.
It's not as good a game machine as Windows. It doesn't have as much commercial software as Windows, but all the hot niches are filled well enough (no Open Office for Mac native? Aww, gee, we'll have to put up with Appleworks, Office X, and iWork). If you're looking for a PC to do PC stuff, the Mac'll scratch your itch.
It doesn't have all the server hots of traditional UNIX, yet. Tape support sucks, for example. But it's more than good enough to get by. If you're looking for a UNIX box or a Linux open-source hacker platform, the Mac'll scratch your itch.
It's a land-bridge between two hostile continents, and it's a clean, comfortable, safe place to live.
Over in Windows land, crime's pretty bad, the police are on the take, and you're never quite sure that the private guard you hired from Symantec or Macafee is entirely safe to keep around. But the food's great, and more than makes up for having to rebuild your house (but always to the exact same plan) after it falls down every few months.
Over in Linux land, the police are unobtrusive and honest and you don't need many anyway because your buddies look out for you. You get used to eating rice every day, and if you want to rebuild your house the way you want nobody's going to stop you.
In Macland, we have honest police *and* houses that don't fall down. The food's plain but varied... and always good. And this is the amazng new feature... you can actually afford to live here! Isn't that revolutionary enough? Why do yuo have to come up with theories about hidden agendas, comrade?
Is this a testament to how far the Pentium Mobile architecture has come, or a sad comment on the clockspeed-pushing design of the Pentium 4?
The Pentium III has veen embarassing the Pentium 4 as long as the Pentium 4 has been shipping. This is merely another act in the continuing Greek Tragedy that is the Pentium 4.
No matter which way you want to wriggle, IE requires end user intervention to install code and run it automatically.
The HTML control has a mechanism to silently install code and run it automatically. By default, this only happens for objects in the "trusted zone", but the "trusted zone" is very loosely defined, and there have been dozens of exploits in the past where an attacker figured out a way to sneak an untrusted object into the trusted zone without user interaction, and execute it.
IN ADDITION, it is possible for the user to modify the borders of the trusted zone, *and* there are meny web applications that require the user to modify them to run normally. Thus the step of "turning things on in four different places" is minor hurdle... an user who actually uses the facility of ActiveX that you seem to find so attractive has BY NECESSITY already turned at least some of these restrictions off at some sites. For some applications, you actually have to put the remote site in your trusted zone. Which means that ANY exploit at that "trusted site" will automatically launch and run if you just visit it.
This is not an obscure theory, this is normal everyday behaviour that users absolutely have to engage in to take full advantage of a hell of a lot of ActiveX-enabled sites.
The ease of accidentally turning this on, and the breadth and depth of broad access this can potentially provide, is so far beyond any comparable mechanism shipped with any other browser that I can't believe you're honestly proposing that installing a Firefox Extension (one that doesn't exist... remember that ActiveX ships with Windows and CAN NOT BE REMOVED) is in any way comparable.
So your position is you know better than the user?
Obviously I know better than the user, if the user is as confused about security as you are.
Last I looked, computers are tools of the users and artificially restricting them is a bad thing, not a good thing.
If you believed that, you would be in favor of making Internet Explorer and the Microsoft HTML control an optional component of the system, so that if a user wanted to configure Windows so that no application in their computer had a mechanism to install and run software behind their back. You would be in favor of eliminating the DRM component in Windows Media Player 9, because its only purpose is to artificially restrict what the user wanted to do. You would be in favor of giving the user the option of disabling the entire Active-X-based security infrastructure and replacing it with one that puts the responsibility for security in the specific application that the user chose to run, rather than a deeply embedded component that the user is not even aware of.
You believe in freedom in computing? Then why don't you believe in giving me the freedom to use Windows NT, which is at the heart a potentially VERY secure OS, without Microsoft's abominable ActiveX insecurity infrastructure on top of it?
Damn, I know that "freedom" is one of the most heavily abused words in English. I sure didn't expect to see this kind of Orwellian doublespeak popping up in defence of Internet Explorer, though.
You can trivially write a firefox plugin that once installed will happily download and run any executable content it wants to without any intervention from the user.
No kidding. News flash: you can write a trojan horse payload for any operating system. The key difference is that only Microsoft uses one as the core of their user interface... you don't have the option of not downloading and installing the Microsoft HTML control, and if you remove it you end up with an unusable operating system.
the silicon is probably huge so it will cost more than a typical NVidia/ATI product
Why do you think the silicon would be huge? We know how big a 970 core is, and that's almost certainly the biggest part of the unit besides the on-chip [S]RAM, and the GPUs don't get a "pass" there. Besides, if it's cheap enough to use in a console it's not going to be a hell of an expensive core.
It's still hard to forsee what can be vectorized, and what can't. Especially in a dynamic language.
There's some things that are easy to vectorise, and modern computers spend a lot of time doing them. Implement those algorithms for the cell, and package them up to call from applications.
I don't know anything about your arse, but this would make a hell of a GPU... and who cares how hard that is to program, you hide all that under OpenGL or DirectX...
On the contrary, it's a simpler architecture than the Pentium.
If they think you're crude, go technical. If they think you're technical, go crude. IBM is a very technical company, so they decided to get as crude as possible.
There's no cache, so no cache coherency issues, and coarse-grained memory addressing. The most complex component is the Power-PC 970 core, and it's only a controller... it could easily be half-clocked at 2.3 GHz without significantly hurting the throughput of the vector units... and IBM already has 2.3 GHz 970s in production.
There's more paarallelism in heaven and earth than are dreamed of in your philosophy...
inherent serial nature of many algorithms
The Power PC 970 isn't a slouch when it comes to serial algorithms. But in a modern computer system, like Mac OS X, there's an awful lot of stuff that's deeply vectorisable. ALL the graphics, for example.
Powermac G5: dual G5 processors with Altivec + high-end ATI GPU, running a heavily 3d-accelerated GUI based on OpenGL.
What would a cell do for this?
Powermac G6: single G5/G6 processor with a cell coprocessor driving a dumb frame buffer, with OpenGL implemented as a stream of cells, Quartz Even-More-Extreme and real-time raytracing...
Will the cell-based GPU in the Powermac G6 be labelled "ATI" or "nVidia", or will the Wheel of Life return the GPU to the core again, and it'll be running on the "1.5-way" (G6 + Cell) Power PC daughtercard?
Basing Mac OS X on UNIX worked because there wasn't anything to the old Mac OS that was worth saving, except the applications, and they were able to transit the applications to a new OS reasonably cleanly over years WHILE maintaining sales wit hthe old OS.
This is a completely different situation. The old Amiga OS was the closest thing to a real-time microkernel desktop environment that's ever been released to the general public: QNX dropped out of a retail version of Photon, and the only other candidate, OS/9 (no relation or Mac OS 9) on the Radio Shack color computer long predated anything like a desktop OS. If Amiga went that way, well, they would just be another Linux distro... and one that didn't run a lot of important Linux software because it's not an 80x86 and so it won't run binary-only packages.
I'm amazed that this seems to have maintained almost everything that was good about AmigaDOS, including the wonderful infinitely configurable message-passing OS architecture. Until this moment I had written off AmigaOS as another doomed Linux clone. It may be doomed, but if so it's doomed with style.
Part of the *nix philosophy I believe is interoperability and choice provided by source compatability, the ability to compile software on any OS that complies with POSIX and other unix standards.
I ran the Amiga sources newsgroup for some years, and did several ports of UNIX applications to the platform. Even back in 1986 it was already a very UNIX-friendly and UNIX-compatible environment. I can't imagine that it's moved away from that since.
they need to support POSIX, X11 and other Unix source compatability standards
The first web browser I ever used was UNIX Mosaic, running on my Amiga using a local X11 server from a UNIX box running at my ISP. The text editor I used was "elvis", one of the classic "vi" clones, and porting it to AmigaDOS was almost trivial compared to what I'd had to do in other ports.
This is why we see so many different filesystems avialable on Linux for instance
The Amiga had user-written user-mode file systems, including some amazing ones like a RAM based file system that survived reboots, long before Linux existed. The Amiga API is VERY well designed for this kind of thing... and needless to say no applications had to be rewritten to make it work!
This is nothing but good news. Please do some research before dismissing this amazing OS because it's not based on Linux.
You can write a firefox plug-in that will download and execute any content you choose without the user knowing about it.
You can't write a firefox plugin that will be installed without the user being asked, no matter how you have Firefox configured. No such plugin exists, and mozilla.org CERTAINLY doesn't ship such a plugin with Firefox the way Microsoft ships ActiveX with the HTML control.
Indeed. It was obviously a criminally stupid idea seven years ago.
The amazing thing is that not only are they still putting the security in ActiveX rather than the application (inherently unsafe, inherently unfixable), but people haven't lynched them for it yet.
There is no mechanism in IE for things to download, launch and run with no end-user intervention. At a very minimum, the user has to explicitly tell IE to accept code from anywhere (in about 4 different places), then explicitly go to a website which contains the malicious code.
You contradict yourself. You say "There is no mechanism in IE for things to download, launch and run with no end-user intervention." Then you say "the user has to explicitly tell IE to accept code from anywhere (in about 4 different places)". What you said is "there is no mechanism, and it's really hard to turn on for all websites".
Well, yes, I already pointed out that it's not on by default. But the mechanism exists, no matter how hard it may seem to you to turn on, it exists. And it's easier to turn it on for "just one website"... you'd be amazed how many companies have it turned on for their own servers... or for anything that looks like them... by IP address or name, even!
Honestly, do you really have to blame the transport/install mechanism when a user explicitly tells the computer "I don't give a damn where you get then executable code from that you are about to run as root"?
That's not what the user said. The user said "I don't give a damn where any executable comes from, download it and run it and don't tell me about it". It should not be possible to say that. I don't care how convenient it is, it's just too dangerous... it should not be possible to turn that mode on, or any subset of that mode.
And there have been so many subsets of that statement taken advantage of over the past seven years that I can no conceive of the confusion of the mind that would lead someone, at this late date, to still defend it.
The point of my post is that a dumb user can grant inapproriate access to malicious code regardless if he types "su" and a password, or clicks on Tools | Internet Options | Security and slides his settings to "Meduim Low".
I'm sorry, but that's not true.
I can type "su" and run as "root" all day and all night, go anywhere on the Internet I want, but unless I *also* say "install and run this untrusted applet", explicitly, there is no mechanism for me to get owned.
Lowering your security options opens you up to a whole new level of security problems beyond that... because now all of a sudden you're not just privileged, but you won't even be asked "could I please 0wn your box"... it'll just happen before you know there's a problem there.
And you don't even have to lower your settings, if the guy with the exploit can find a way to convince the HTML control that you've done it. Once upon a time it was as easy as guessing the path to your Internet temporary files... they've fixed that one, now, but so long as there's a "low security" zone or a "trusted" zone for them to sneak into, they'll figure out a way to do it.
By your definition the only issue with ActiveX is the control over the sandbox it installs and runs under, which has nothing to do with the technology itself but with the container.
ActiveX doesn't have a sandbox. An ActiveX control runs with full local user rights and privileges, as native code. An ActiveX control can implement a sandbox (in fact, if it accepts external parameters it has to), but the only security is in whether you run it or not.
It is no different than the cute Mozilla "whitelist" system for servers
The Mozilla "whitelist" system is not actualy necessary for security. What it does is make social engineering attacks a little harder, but if it wasn't there XPI still wouldn't be the kind of security hole that ActiveX is, because there is no mechanism, anywhere, for an XPI plugin to install and run without explicit user intervention. It doesn't matter what settings you have in Firefox or Mozilla, because there is no way to say "run XPI without user intervention" as there is for ActiveX.
If you can't see why being able to run untrusted and untrustable objects unannounced, unwarned, and uncontrolled... even if that is not the default condition... is inherently insecure and deeply different from anything anyone else does, well, I'm sorry. Go and join the other ActiveX apologists who ahve repeatedly insisted over the past seven or so years that there's nothing "inherently wrong" with ActiveX, with the HTML control, with the whole sorry mess... while over and over again Microsoft's latest hotfixes, service packs, and other prophylactic measures have failed and failed miserably.
In untrusted zones....
There should be no trusted zones. None. Trust does not belong in the object or the "zone" it's in, but in the application that's responsible for introducing it to the system. Depending on "zones" is just asking for the fuckup fairy to ring her little bell and announce "you are 0wned, boy".
Other relatively simple things that could be done are [things that involve the end user explicitly requesting that remote code is downloaded and executed].
There is no mechanism in any of these things for an applet to download, launch, and run with no end-user intervention. You can't set your security settings "too low", because there are no settings that let these things happen. You can't trick someone into sneaking an application into a "trusted zone", because there's no "trusted zone".
That's the difference, and all the beabling about "stupid users" or "other applications" won't change it.
So one should do wathever wife says ... without thinking about alternatives?
:)
If you want to get on the "you always argue with me" merry-go-round you're welcome to... but unless she's obviously completely off base you're far better off just doing it her way.
That's why my wife's got a Windows box, even if I think she'd be better off with a Mac.
The whole GUI is OpenGL-based and GPU accelerated... not just one application on a few video cards...
Use OpenGL, it's a better API, works on more video cards, and works on more than just Windows boxes.
Why would you use a general purpose CPU like this for a GPU?
Um, because it's not a general purpose CPU? That's the whole reason people are complaining about what it's doing to their arses.
You can buy smaller Windows and Linux machines. You can buy cheaper Windows machines from all the big brands.
Objection! Irrelevant!
The Mac... mini, maxi, or midi... can't be compared on a hardware feature for feature basis to a PC... headless, diskless, or fanless... running Linux or Windows. Not if you want to figure out what the Mac (mini or not) is all about.
Even throwing in the cost of Windows XP Pro, a Mac
Mini costs more than the equivalent hardware you could toss together in a Shuttle case. Yeh, it's small, but that's not the trick. If it was a slab with as much free space as a Mini-ITX stereo-rack box it'd still sell for more... and justifiably so.
Because no matter what you do with your Windows box or your Linux box, it's not running OS X. OS X has a user-friendly environemnt that puts Windows to shame (and makes Linux look like it was just dug from a crypt), a hacker friendly environment that's almost the equal of any other open-source OS... without the driver support pains, and more than enough actual commercial software that ordinary people (as opposed to geeks or gamers) actually want to use to get by.
It's not as good a game machine as Windows. It doesn't have as much commercial software as Windows, but all the hot niches are filled well enough (no Open Office for Mac native? Aww, gee, we'll have to put up with Appleworks, Office X, and iWork). If you're looking for a PC to do PC stuff, the Mac'll scratch your itch.
It doesn't have all the server hots of traditional UNIX, yet. Tape support sucks, for example. But it's more than good enough to get by. If you're looking for a UNIX box or a Linux open-source hacker platform, the Mac'll scratch your itch.
It's a land-bridge between two hostile continents, and it's a clean, comfortable, safe place to live.
Over in Windows land, crime's pretty bad, the police are on the take, and you're never quite sure that the private guard you hired from Symantec or Macafee is entirely safe to keep around. But the food's great, and more than makes up for having to rebuild your house (but always to the exact same plan) after it falls down every few months.
Over in Linux land, the police are unobtrusive and honest and you don't need many anyway because your buddies look out for you. You get used to eating rice every day, and if you want to rebuild your house the way you want nobody's going to stop you.
In Macland, we have honest police *and* houses that don't fall down. The food's plain but varied... and always good. And this is the amazng new feature... you can actually afford to live here! Isn't that revolutionary enough? Why do yuo have to come up with theories about hidden agendas, comrade?
Is this a testament to how far the Pentium Mobile architecture has come, or a sad comment on the clockspeed-pushing design of the Pentium 4?
The Pentium III has veen embarassing the Pentium 4 as long as the Pentium 4 has been shipping. This is merely another act in the continuing Greek Tragedy that is the Pentium 4.
No matter which way you want to wriggle, IE requires end user intervention to install code and run it automatically.
The HTML control has a mechanism to silently install code and run it automatically. By default, this only happens for objects in the "trusted zone", but the "trusted zone" is very loosely defined, and there have been dozens of exploits in the past where an attacker figured out a way to sneak an untrusted object into the trusted zone without user interaction, and execute it.
IN ADDITION, it is possible for the user to modify the borders of the trusted zone, *and* there are meny web applications that require the user to modify them to run normally. Thus the step of "turning things on in four different places" is minor hurdle... an user who actually uses the facility of ActiveX that you seem to find so attractive has BY NECESSITY already turned at least some of these restrictions off at some sites. For some applications, you actually have to put the remote site in your trusted zone. Which means that ANY exploit at that "trusted site" will automatically launch and run if you just visit it.
This is not an obscure theory, this is normal everyday behaviour that users absolutely have to engage in to take full advantage of a hell of a lot of ActiveX-enabled sites.
The ease of accidentally turning this on, and the breadth and depth of broad access this can potentially provide, is so far beyond any comparable mechanism shipped with any other browser that I can't believe you're honestly proposing that installing a Firefox Extension (one that doesn't exist... remember that ActiveX ships with Windows and CAN NOT BE REMOVED) is in any way comparable.
So your position is you know better than the user?
Obviously I know better than the user, if the user is as confused about security as you are.
Last I looked, computers are tools of the users and artificially restricting them is a bad thing, not a good thing.
If you believed that, you would be in favor of making Internet Explorer and the Microsoft HTML control an optional component of the system, so that if a user wanted to configure Windows so that no application in their computer had a mechanism to install and run software behind their back. You would be in favor of eliminating the DRM component in Windows Media Player 9, because its only purpose is to artificially restrict what the user wanted to do. You would be in favor of giving the user the option of disabling the entire Active-X-based security infrastructure and replacing it with one that puts the responsibility for security in the specific application that the user chose to run, rather than a deeply embedded component that the user is not even aware of.
You believe in freedom in computing? Then why don't you believe in giving me the freedom to use Windows NT, which is at the heart a potentially VERY secure OS, without Microsoft's abominable ActiveX insecurity infrastructure on top of it?
Damn, I know that "freedom" is one of the most heavily abused words in English. I sure didn't expect to see this kind of Orwellian doublespeak popping up in defence of Internet Explorer, though.
You can trivially write a firefox plugin that once installed will happily download and run any executable content it wants to without any intervention from the user.
No kidding. News flash: you can write a trojan horse payload for any operating system. The key difference is that only Microsoft uses one as the core of their user interface... you don't have the option of not downloading and installing the Microsoft HTML control, and if you remove it you end up with an unusable operating system.
the silicon is probably huge so it will cost more than a typical NVidia/ATI product
Why do you think the silicon would be huge? We know how big a 970 core is, and that's almost certainly the biggest part of the unit besides the on-chip [S]RAM, and the GPUs don't get a "pass" there. Besides, if it's cheap enough to use in a console it's not going to be a hell of an expensive core.
It's still hard to forsee what can be vectorized, and what can't. Especially in a dynamic language.
There's some things that are easy to vectorise, and modern computers spend a lot of time doing them. Implement those algorithms for the cell, and package them up to call from applications.
The algorithms needed to make the Itanium go fast are still being figured out.
The algorithms needed to vectorise operations are well known and in wide use in every GPU in the world.
If the first generation simply speeds up OpenGL and DirectX, it'll have a solid market as a GPU.
What rumors or conspiracies have people heard?
Only Bigfoot's orange juice and eggshell wonder diet.
I don't know anything about your arse, but this would make a hell of a GPU... and who cares how hard that is to program, you hide all that under OpenGL or DirectX...
On the contrary, it's a simpler architecture than the Pentium.
If they think you're crude, go technical.
If they think you're technical, go crude.
IBM is a very technical company,
so they decided to get as crude as possible.
There's no cache, so no cache coherency issues, and coarse-grained memory addressing. The most complex component is the Power-PC 970 core, and it's only a controller... it could easily be half-clocked at 2.3 GHz without significantly hurting the throughput of the vector units... and IBM already has 2.3 GHz 970s in production.
There's more paarallelism in heaven and earth than are dreamed of in your philosophy...
inherent serial nature of many algorithms
The Power PC 970 isn't a slouch when it comes to serial algorithms. But in a modern computer system, like Mac OS X, there's an awful lot of stuff that's deeply vectorisable. ALL the graphics, for example.
Powermac G5: dual G5 processors with Altivec + high-end ATI GPU, running a heavily 3d-accelerated GUI based on OpenGL.
What would a cell do for this?
Powermac G6: single G5/G6 processor with a cell coprocessor driving a dumb frame buffer, with OpenGL implemented as a stream of cells, Quartz Even-More-Extreme and real-time raytracing...
Will the cell-based GPU in the Powermac G6 be labelled "ATI" or "nVidia", or will the Wheel of Life return the GPU to the core again, and it'll be running on the "1.5-way" (G6 + Cell) Power PC daughtercard?
Basing Mac OS X on UNIX worked because there wasn't anything to the old Mac OS that was worth saving, except the applications, and they were able to transit the applications to a new OS reasonably cleanly over years WHILE maintaining sales wit hthe old OS.
This is a completely different situation. The old Amiga OS was the closest thing to a real-time microkernel desktop environment that's ever been released to the general public: QNX dropped out of a retail version of Photon, and the only other candidate, OS/9 (no relation or Mac OS 9) on the Radio Shack color computer long predated anything like a desktop OS. If Amiga went that way, well, they would just be another Linux distro... and one that didn't run a lot of important Linux software because it's not an 80x86 and so it won't run binary-only packages.
I'm amazed that this seems to have maintained almost everything that was good about AmigaDOS, including the wonderful infinitely configurable message-passing OS architecture. Until this moment I had written off AmigaOS as another doomed Linux clone. It may be doomed, but if so it's doomed with style.
Part of the *nix philosophy I believe is interoperability and choice provided by source compatability, the ability to compile software on any OS that complies with POSIX and other unix standards.
I ran the Amiga sources newsgroup for some years, and did several ports of UNIX applications to the platform. Even back in 1986 it was already a very UNIX-friendly and UNIX-compatible environment. I can't imagine that it's moved away from that since.
they need to support POSIX, X11 and other Unix source compatability standards
The first web browser I ever used was UNIX Mosaic, running on my Amiga using a local X11 server from a UNIX box running at my ISP. The text editor I used was "elvis", one of the classic "vi" clones, and porting it to AmigaDOS was almost trivial compared to what I'd had to do in other ports.
This is why we see so many different filesystems avialable on Linux for instance
The Amiga had user-written user-mode file systems, including some amazing ones like a RAM based file system that survived reboots, long before Linux existed. The Amiga API is VERY well designed for this kind of thing... and needless to say no applications had to be rewritten to make it work!
This is nothing but good news. Please do some research before dismissing this amazing OS because it's not based on Linux.
You can write a firefox plug-in that will download and execute any content you choose without the user knowing about it.
You can't write a firefox plugin that will be installed without the user being asked, no matter how you have Firefox configured. No such plugin exists, and mozilla.org CERTAINLY doesn't ship such a plugin with Firefox the way Microsoft ships ActiveX with the HTML control.
Indeed. It was obviously a criminally stupid idea seven years ago.
The amazing thing is that not only are they still putting the security in ActiveX rather than the application (inherently unsafe, inherently unfixable), but people haven't lynched them for it yet.
There is no mechanism in IE for things to download, launch and run with no end-user intervention. At a very minimum, the user has to explicitly tell IE to accept code from anywhere (in about 4 different places), then explicitly go to a website which contains the malicious code.
... you'd be amazed how many companies have it turned on for their own servers... or for anything that looks like them... by IP address or name, even!
You contradict yourself. You say "There is no mechanism in IE for things to download, launch and run with no end-user intervention." Then you say "the user has to explicitly tell IE to accept code from anywhere (in about 4 different places)". What you said is "there is no mechanism, and it's really hard to turn on for all websites".
Well, yes, I already pointed out that it's not on by default. But the mechanism exists, no matter how hard it may seem to you to turn on, it exists. And it's easier to turn it on for "just one website"
Honestly, do you really have to blame the transport/install mechanism when a user explicitly tells the computer "I don't give a damn where you get then executable code from that you are about to run as root"?
That's not what the user said. The user said "I don't give a damn where any executable comes from, download it and run it and don't tell me about it". It should not be possible to say that. I don't care how convenient it is, it's just too dangerous... it should not be possible to turn that mode on, or any subset of that mode.
And there have been so many subsets of that statement taken advantage of over the past seven years that I can no conceive of the confusion of the mind that would lead someone, at this late date, to still defend it.
The point of my post is that a dumb user can grant inapproriate access to malicious code regardless if he types "su" and a password, or clicks on Tools | Internet Options | Security and slides his settings to "Meduim Low".
I'm sorry, but that's not true.
I can type "su" and run as "root" all day and all night, go anywhere on the Internet I want, but unless I *also* say "install and run this untrusted applet", explicitly, there is no mechanism for me to get owned.
Lowering your security options opens you up to a whole new level of security problems beyond that... because now all of a sudden you're not just privileged, but you won't even be asked "could I please 0wn your box"... it'll just happen before you know there's a problem there.
And you don't even have to lower your settings, if the guy with the exploit can find a way to convince the HTML control that you've done it. Once upon a time it was as easy as guessing the path to your Internet temporary files... they've fixed that one, now, but so long as there's a "low security" zone or a "trusted" zone for them to sneak into, they'll figure out a way to do it.
By your definition the only issue with ActiveX is the control over the sandbox it installs and runs under, which has nothing to do with the technology itself but with the container.
....
ActiveX doesn't have a sandbox. An ActiveX control runs with full local user rights and privileges, as native code. An ActiveX control can implement a sandbox (in fact, if it accepts external parameters it has to), but the only security is in whether you run it or not.
It is no different than the cute Mozilla "whitelist" system for servers
The Mozilla "whitelist" system is not actualy necessary for security. What it does is make social engineering attacks a little harder, but if it wasn't there XPI still wouldn't be the kind of security hole that ActiveX is, because there is no mechanism, anywhere, for an XPI plugin to install and run without explicit user intervention. It doesn't matter what settings you have in Firefox or Mozilla, because there is no way to say "run XPI without user intervention" as there is for ActiveX.
If you can't see why being able to run untrusted and untrustable objects unannounced, unwarned, and uncontrolled... even if that is not the default condition... is inherently insecure and deeply different from anything anyone else does, well, I'm sorry. Go and join the other ActiveX apologists who ahve repeatedly insisted over the past seven or so years that there's nothing "inherently wrong" with ActiveX, with the HTML control, with the whole sorry mess... while over and over again Microsoft's latest hotfixes, service packs, and other prophylactic measures have failed and failed miserably.
In untrusted zones
There should be no trusted zones. None. Trust does not belong in the object or the "zone" it's in, but in the application that's responsible for introducing it to the system. Depending on "zones" is just asking for the fuckup fairy to ring her little bell and announce "you are 0wned, boy".
ActiveX is simply a "better" Netscape plugin.
You seem to have misspelled "horribly horribly worse" as "better" there. Hope that helps. Have a nice day.
Other relatively simple things that could be done are [things that involve the end user explicitly requesting that remote code is downloaded and executed].
There is no mechanism in any of these things for an applet to download, launch, and run with no end-user intervention. You can't set your security settings "too low", because there are no settings that let these things happen. You can't trick someone into sneaking an application into a "trusted zone", because there's no "trusted zone".
That's the difference, and all the beabling about "stupid users" or "other applications" won't change it.