* Posts by Ernie Evans

1 post • joined 8 Jul 2008

MS issues eleventh hour Snapshot bug workaround

Ernie Evans

Reality and the web

I think we all agree that ActiveX was a hack thrown together by Microsoft in an attempt to leapfrog Netscape in the browser market. The problem is, a lot of people/companies use ActiveX controls. Regarding, "I've yet to see an ActiveX control that works consistantly.", I assume you've never seen Adobe Flash that shows up on most major websites without any issue. It's an ActiveX control! Microsoft can't "...just give up and KILL ActiveX ..." because all those websites and companies that use and implement ActiveX controls will scream bloody murder without a significant amount of handholding to move them to a new solution. Try removing the Plugin technology from Mozilla and see how many happy customers you have left.

Now, I agree that MS has acted pretty poorly in not attempting to wean their development community off of ActiveX years ago and providing a cutoff date for ActiveX. Let's hope that they properly address in IE 8 rather than continue to use bandaids to deal with ultimately is a sucking chest wound in the security of their browser.

Oh, regarding the "Code quality - the missing ingredient ..." statement. MS has many applications with exposed interfaces to make it easier for users like you or I to script their applications to do interesting things because "we" demanded it. To then turn around and slam them because someone found an obscure backdoor through IE/ActiveX to these exposed interfaces and say that "...see, if they had let me look at the code, this wouldn't happen" is flawed logic at best or just blatantly ignorant at worst. MS runs millions of tests per day against these apps to find and prevent security flaws. Bugs still get through when an unforseen interaction takes place. It doesn't matter if you have an extra hundred eyes pouring over the code because very few people spend their lives just looking at code. People go and look at code when an issue occurs. Why do you think the XP testing scheme is, if you find a bug, write a test case that can reproduce that bug, fix it, verify the test case passes? It isn't "pour through the code and try to imagine bugs that can occur".

Ultimately I will admit I much prefer having the source code available when I encounter a bug with a system, but hey, if I don't like how MS does business I can always choose a different solution.