Re: Working Within the System

From: Michael S. Lorrey (
Date: Sun Apr 30 2000 - 11:02:08 MDT

Martin Ling wrote:
> On Sun, Apr 30, 2000 at 09:52:08AM -0400, Michael S. Lorrey wrote:
> > >
> > > That's absolutely incorrect.
> > >
> > > ActiveX was rejected (by just about everyone, including people using MS
> > > software) primarily because it's a HUGE security problem. 'ActiveX'
> > > programs (there's nothing special about them, they're just Windows
> > > programs your machine downloads and runs) would load automatically and
> > > run with full priveledges on your machine. They could trash your hard
> > > disk, read your files, send your data to someone. ActiveX was an
> > > absolute *disaster*.
> > >
> > > It's only a secondary point It meant people producing content for the
> > > Web that was only viewable by people using Microsoft browsers on Intel-
> > > based computers.
> >
> > Wrong. So long as browsers on other OS's are made with runtime's to
> > operate these programs, it really doesn't matter what OS is browsing it.
> > I've done this with cobol programs. You can run acucobol programs on any
> > machine you want so long as you have the runtimes installed. That is a
> > failure of other browser manufacturers who refused to implement ActiveX
> > runtimes in their browsers simply because it was a Microsoft creation.
> > It is they who were being anti-competetive.
> >
> > Additionally, there is no problem with making a runtime that disallows
> > (or allows the user to disallow) certain types of system functions, just
> > as Java does. So the only security hole is due to the release of an
> > unready implementation. That is a typical Microsoft fault, premature
> > releasing things. I'm sure that many of those suffering from Bill-envy
> > will extend that failure to his personal life.
> Wrong.
> ActiveX components are simply Windows executables. Making a runtime for
> them would basically mean making a runtime to allow Windows programs to
> run on other OS's. This is *not* a simple task, and not one Microsoft is
> willing to allow (they refuse to document the APIs, hence everything has
> to be reverse-engineered). Witness the Wine project (allowing Windows
> programs to run on Linux) - which has taken years to get as far as it
> has, and although an impressive job is *still* only experimental.

I would hardly say only experimental. Witness the fact that the whole
Corel Word Perfect port depended totally on Wine. The fact WP is running
so well on linux now attests to that.

You don't need to know what all the undocumented API hooks in Windows
are to have a good ActiveX interpreter. You only need it to know what
the public will be writing to in their own ActiveX components, AND you
can build it to be more secure than MS's own ActiveX implementation.
Insisting on knowing every hidden 'feature' of windows is a cop out that
non-MS people try to use as an excuse to get under the hood. Its a whine
by mediocre coders who want everything to be explained to them and done
for them, rather than having to figure it out for themselves.

You don't need to know the circuitry of the engine control computer in
order to fix a car today, you only need to know how to test it with
available diagnostic tools. Likewise you don't need to know how to take
apart and rebuild a car in order to know how to drive a car on the

This archive was generated by hypermail 2b29 : Thu Jul 27 2000 - 14:10:00 MDT