It exists. Unfortunately, it is nasty to use. Commands are long and it makes heavy use of COM (So much for.NET). I have no doubt that it will be heavily exploited by virii and phishers. So I don't think bash is in any danger of being replaced.
I'm guessing that Moraelin is pro-union here. I'm also guessing that he doesn't have a high regard for "Nerds". I'm also guessing he doesn't consider himself a nerd. I'm wondering why he's reading Slashdot, "News for Nerds", then. I find the irony overwhelming.
I did GUI test automation, for Atrial defibrilator control software, in Rexx. Rexx was very cool at the time but was hard to extend. I would never go back to it now. It is primitive compared to modern scripting languages, like Python. I would say that the only way it would become popular is if OS/2 made a startling come back. There is about as much chance of that as Microsoft going out of business next month.
Air is wasted on some people. Duh, George. Yes it was a joke. Most people would be able to infer that it was a joke. Why don't you try interacting with people, some time. Have a nice day.
Selling software is not the only way to make money with software. The company, I currently, work for uses a piece of software that does conversions on data and the data is sold. The software never leaves the building. We could include GPL code in this piece of software and not have to release the source code. There are plenty of internal company applications that never leave the corporation, that could make use of GPL libraries without fear of having to releasing their code.
XPI is sandboxed by the API. If the API doesn't allow it, it can't do it. ActiveX has full access to the Win32 API. There's a big difference here. I also never related "Safe for scripting" and XPI. "Safe for Scripting" is another ActiveX idiom and has nothing to do with XPI. You keep calling me a lier, among other things, but when I ask you for a specific instance all I get is "YOUR WRONG, expletive". Your simply a waste of electrons.
Summary of conversation so far:
Nutscrape: YOUR WRONG, YOUR WRONG, YOUR WRONG, YOUR WRONG. Expletive.
Stormcoder: How am I wrong?
Nutscrape:...?!?
Nutscrape: YOUR WRONG, YOUR WRONG, YOUR WRONG, YOUR WRONG. Expletive.
Embed as in the embed tag or the object tag. That is how ActiveX objects are typically loaded in Webpages. The equivalent can be done in Javascript as well. Even if the control is not installed, the code is still downloaded.
What makes all the difference is the point that you keep glossing over. The security zones. Microsoft has built in a feature that would be considered a bug in the other browsers. The function to be able to bypass all security restrictions. This would even be a problem if ActiveX ran in a sandbox. In other browsers, a bug could (has), happened that allowed the bypass of security but Microsoft has built this feature in to the browser and since Microsoft uses the browser component in all its products, it not only breaks the security of IE but all of its products. Microsoft can't simply turn this feature off as if it were a bug. It would require a complete redesign. Notice that the other browsers don't implement this feature. There is a reason for this. This is the number one reason that makes XPI not like ActiveX.
There is a difference between installing and downloading. If you check your cache the control will be there. And just because you happened to be prompted in some cases doesn't mean you're prompted in all cases. For instance, if the control is downloaded from a site listed in your trusted zone then you won't get a prompt for the installation. The problem comes with the fact that it is relatively easy to trick IE into thinking the control came from a trusted site. This is how a lot of spyware gets installed. The individual will visit the wrong site and an ActiveX will be silently installed.
Since you are so all knowing. Tell us exactly how ActiveX works and then tell us exactly how XPI works and then contrast them for us.
If I have my facts wrong tell us which facts? I have IE set to default and I view a page with an ActiveX control embedded in it, what happens? Tell us how you embed an XPI in a page? Where am I wrong? Saying your wrong and I'm right doesn't make it so. Lets see some specifics.
This is actually a very nice illustration of the difference between XPI and ActiveX. Notice that you have to explicitly click on a link to download an XPI. This is not the case with ActiveX. Typically, ActiveX controls are embedded into the page and are automatically downloaded. Since the control is automatically downloaded, all you have to do is trick the browser into thinking that the control is coming from a trusted site. This has been done and will continue to be done because of the concept of a trusted zone. There is no such thing as a trusted zone in Mozilla so you can't elevate an XPI's priviledges that way. You actually have to find a bug, verses exploiting an existing feature.
Ah, low end Slashdotter; Uses insults instead of their brain.
XPI's are not "Auto-installing", they prompt you. You have to download them explicitly. ActiveX controls are embedded in the page and download automatically. Mozilla has no concept of zones so you can't trick it into thinking the code comes from a privileged zone. There is a difference between a possible bug in Mozilla vs. an intentional feature built into IE. You speculate that one day there may be a bug that allows XPI's to be installed without a prompt vs. Microsoft designing that "feature" into the system. The design of IE is fundamentally flawed where your talking about a possible bug that would be, relatively, easy to resolve. XPI's are limited to what functionality is exposed to them in the browser, another words sandboxed, where ActiveX can call ANY API function call. You can do some damage with an XPI but nothing like an ActiveX control. By the way, IE has nothing equivalent to XPI's, they are not controls, they're not tool bars, etc.
I'm a fan of Firefox because I have seen first hand the damage that can be caused by IE. I have many clients that I have had to clean up the mess that IE caused for them. I used to run IE and Opera and way back in the day Mosaic. I remember running the first beta of Netscape Navigator. In short, I have a lot of experience running web browsers. I'm not a fan boy. I know what works, I know a good design when I see one. For now, Firefox is the browser I recommend to my clients. That could change if something comes along that's better.
Spewing bile and insults won't make your argument any better.
But what makes the entire ActiveX fiasco truly horrendous is that a malicious ActiveX wont give you a prompt. If there is a prompt at least there is a good chance to avoid it. It is very difficult to build a fool proof mechanism because fools are so ingenious. There will be users who bypass safety mechanisms no matter what you do.
Boy I wish I had mod points. Clueless people going on about things they don't know anything about.
ActiveX is native code, essentially, specially modified DLL's that run unsandboxed with the same permissions as the parent process. This opens up all kinds of fun things you can do to someones system. On top of this interesting feature there are IE zones, which give different default execution permissions. For instance, the Internet zone causes a prompt to be shown when an unsafe ActiveX control is trying to execute. Unfortunately it is relatively easy to trick IE into thinking an ActiveX control is coming from a trusted zone, which doesn't prompt before executing an unsafe ActiveX control. And another problem is that many ActiveX controls are marked safe, but are in actuallity, unsafe.
So how is the above similar to XPI? You always get a prompt from XPI files. Even if an XPI is signed you get a prompt. What's similar?
I just saw this posting made the google news front page. Since when did/. count as an official news source. The link leads directly to the comments page. Color me impressed.
You can turn anything into a mess of spagetti code, even Python. DHTML doesn't have to be a mess. You just keep a seperation of concerns and you should be good to go. If you think that maintaining a heavy client is easier than a thin client, you haven't had to deal with rollouts to thousands of desktops before. If you want something easy to maintain you go with a thin client. You only use a heavy client if some functionality is not available in a thin client and this is becoming more true as time goes on.
So we should get rid of our freedoms and become muslim but then we'd have to pick a sect but then if we pick the wrong one (there's no right one) then we'd be back to square one. I think a couple of nukes would be easier.
As far as there being no evil people. Just because you haven't been personally introduced to one (Hello, I'm Dr Evil.) doesn't mean they don't exist. There are quite a few in the world. Saying that there is no evil just makes being evil easier.
So we should get rid of our freedoms and become muslim but then we'd have to pick a sect but then if we pick the wrong one (there's no right one) then we'd be back to square one. I think a couple of nukes would be easier.
So we should all be treated as criminals because some of us are. So why are you not in jail for murder. Some of us are murderers as well as game pirates.
Slashdot Mirror
It exists. Unfortunately, it is nasty to use. Commands are long and it makes heavy use of COM (So much for .NET). I have no doubt that it will be heavily exploited by virii and phishers. So I don't think bash is in any danger of being replaced.
I'm guessing that Moraelin is pro-union here. I'm also guessing that he doesn't have a high regard for "Nerds". I'm also guessing he doesn't consider himself a nerd. I'm wondering why he's reading Slashdot, "News for Nerds", then. I find the irony overwhelming.
I did GUI test automation, for Atrial defibrilator control software, in Rexx. Rexx was very cool at the time but was hard to extend. I would never go back to it now. It is primitive compared to modern scripting languages, like Python. I would say that the only way it would become popular is if OS/2 made a startling come back. There is about as much chance of that as Microsoft going out of business next month.
Wouldn't that be a reverse RPN calculator. RPN calculators have the arguments come first and then the function.
Air is wasted on some people. Duh, George. Yes it was a joke. Most people would be able to infer that it was a joke. Why don't you try interacting with people, some time. Have a nice day.
Wow. Some people.
What makes the location so important is that it is permanently lit, with a balmy -58 Fahrenheit (-50 C).
So if the moon has no atmosphere, where's the humidity coming from? Tripped up in their big lie, again!
sorry but you don't understand the GPL.
Selling software is not the only way to make money with software. The company, I currently, work for uses a piece of software that does conversions on data and the data is sold. The software never leaves the building. We could include GPL code in this piece of software and not have to release the source code. There are plenty of internal company applications that never leave the corporation, that could make use of GPL libraries without fear of having to releasing their code.
XPI is sandboxed by the API. If the API doesn't allow it, it can't do it. ActiveX has full access to the Win32 API. There's a big difference here. I also never related "Safe for scripting" and XPI. "Safe for Scripting" is another ActiveX idiom and has nothing to do with XPI. You keep calling me a lier, among other things, but when I ask you for a specific instance all I get is "YOUR WRONG, expletive". Your simply a waste of electrons.
...?!?
Summary of conversation so far:
Nutscrape: YOUR WRONG, YOUR WRONG, YOUR WRONG, YOUR WRONG. Expletive.
Stormcoder: How am I wrong?
Nutscrape:
Nutscrape: YOUR WRONG, YOUR WRONG, YOUR WRONG, YOUR WRONG. Expletive.
How lame.
Embed as in the embed tag or the object tag. That is how ActiveX objects are typically loaded in Webpages. The equivalent can be done in Javascript as well. Even if the control is not installed, the code is still downloaded.
What makes all the difference is the point that you keep glossing over. The security zones. Microsoft has built in a feature that would be considered a bug in the other browsers. The function to be able to bypass all security restrictions. This would even be a problem if ActiveX ran in a sandbox. In other browsers, a bug could (has), happened that allowed the bypass of security but Microsoft has built this feature in to the browser and since Microsoft uses the browser component in all its products, it not only breaks the security of IE but all of its products. Microsoft can't simply turn this feature off as if it were a bug. It would require a complete redesign. Notice that the other browsers don't implement this feature. There is a reason for this. This is the number one reason that makes XPI not like ActiveX.
You sound less angry in this post.
There is a difference between installing and downloading. If you check your cache the control will be there. And just because you happened to be prompted in some cases doesn't mean you're prompted in all cases. For instance, if the control is downloaded from a site listed in your trusted zone then you won't get a prompt for the installation. The problem comes with the fact that it is relatively easy to trick IE into thinking the control came from a trusted site. This is how a lot of spyware gets installed. The individual will visit the wrong site and an ActiveX will be silently installed.
Since you are so all knowing. Tell us exactly how ActiveX works and then tell us exactly how XPI works and then contrast them for us.
If I have my facts wrong tell us which facts? I have IE set to default and I view a page with an ActiveX control embedded in it, what happens? Tell us how you embed an XPI in a page? Where am I wrong? Saying your wrong and I'm right doesn't make it so. Lets see some specifics.
This is actually a very nice illustration of the difference between XPI and ActiveX. Notice that you have to explicitly click on a link to download an XPI. This is not the case with ActiveX. Typically, ActiveX controls are embedded into the page and are automatically downloaded. Since the control is automatically downloaded, all you have to do is trick the browser into thinking that the control is coming from a trusted site. This has been done and will continue to be done because of the concept of a trusted zone. There is no such thing as a trusted zone in Mozilla so you can't elevate an XPI's priviledges that way. You actually have to find a bug, verses exploiting an existing feature.
Ah, low end Slashdotter; Uses insults instead of their brain.
XPI's are not "Auto-installing", they prompt you. You have to download them explicitly. ActiveX controls are embedded in the page and download automatically. Mozilla has no concept of zones so you can't trick it into thinking the code comes from a privileged zone. There is a difference between a possible bug in Mozilla vs. an intentional feature built into IE. You speculate that one day there may be a bug that allows XPI's to be installed without a prompt vs. Microsoft designing that "feature" into the system. The design of IE is fundamentally flawed where your talking about a possible bug that would be, relatively, easy to resolve. XPI's are limited to what functionality is exposed to them in the browser, another words sandboxed, where ActiveX can call ANY API function call. You can do some damage with an XPI but nothing like an ActiveX control. By the way, IE has nothing equivalent to XPI's, they are not controls, they're not tool bars, etc.
I'm a fan of Firefox because I have seen first hand the damage that can be caused by IE. I have many clients that I have had to clean up the mess that IE caused for them. I used to run IE and Opera and way back in the day Mosaic. I remember running the first beta of Netscape Navigator. In short, I have a lot of experience running web browsers. I'm not a fan boy. I know what works, I know a good design when I see one. For now, Firefox is the browser I recommend to my clients. That could change if something comes along that's better.
Spewing bile and insults won't make your argument any better.
But what makes the entire ActiveX fiasco truly horrendous is that a malicious ActiveX wont give you a prompt. If there is a prompt at least there is a good chance to avoid it. It is very difficult to build a fool proof mechanism because fools are so ingenious. There will be users who bypass safety mechanisms no matter what you do.
Boy I wish I had mod points. Clueless people going on about things they don't know anything about.
ActiveX is native code, essentially, specially modified DLL's that run unsandboxed with the same permissions as the parent process. This opens up all kinds of fun things you can do to someones system. On top of this interesting feature there are IE zones, which give different default execution permissions. For instance, the Internet zone causes a prompt to be shown when an unsafe ActiveX control is trying to execute. Unfortunately it is relatively easy to trick IE into thinking an ActiveX control is coming from a trusted zone, which doesn't prompt before executing an unsafe ActiveX control. And another problem is that many ActiveX controls are marked safe, but are in actuallity, unsafe.
So how is the above similar to XPI? You always get a prompt from XPI files. Even if an XPI is signed you get a prompt. What's similar?
I just saw this posting made the google news front page. Since when did /. count as an official news source. The link leads directly to the comments page. Color me impressed.
IE6.0 exact version is 6.0.2800.1106 ... if it helps ...
You like to live on the edge, don't you?
You can turn anything into a mess of spagetti code, even Python. DHTML doesn't have to be a mess. You just keep a seperation of concerns and you should be good to go. If you think that maintaining a heavy client is easier than a thin client, you haven't had to deal with rollouts to thousands of desktops before. If you want something easy to maintain you go with a thin client. You only use a heavy client if some functionality is not available in a thin client and this is becoming more true as time goes on.
Didn't novell already buy SUSE? They'd probably have to buy Novell to get SUSE.
Open source cross platform C++ libraries include Boost, ACE, STLSoft, and Loki to name a few.
You should give Python a try as well.
It's easy to have a wrapper that does the right thing.
So we should get rid of our freedoms and become muslim but then we'd have to pick a sect but then if we pick the wrong one (there's no right one) then we'd be back to square one. I think a couple of nukes would be easier.
As far as there being no evil people. Just because you haven't been personally introduced to one (Hello, I'm Dr Evil.) doesn't mean they don't exist. There are quite a few in the world. Saying that there is no evil just makes being evil easier.
So we should get rid of our freedoms and become muslim but then we'd have to pick a sect but then if we pick the wrong one (there's no right one) then we'd be back to square one. I think a couple of nukes would be easier.
So we should all be treated as criminals because some of us are. So why are you not in jail for murder. Some of us are murderers as well as game pirates.