IEBlog : SSL, TLS and a Little ActiveX: How IE7 Strikes a Balance Between Security and Compatibility
Obsolete controls disabled through ActiveX opt-in
An important part of the ActiveX opt-in feature is doing good housekeeping of the ActiveX controls that come with Windows. Many sites will benefit from IE7’s new native XMLHTTP control and sites can continue to use the MSXML 6.0 and 3.0 controls. The MSXML 5.0 control will not be enabled by default. The WMP 6.4 player is also disabled because its been replaced by the WMP 7 generation controls. As we can infer from HD Moore’s month of browser bugs, using the newer controls and leaving older controls disabled helps reduce the chances of user being exposed to a security or stability issue in an older control.
Since this should be a straightforward change for most sites, we’re asking for your help in moving your pages towards the native object XMLHTTP, the latest version of MSXML or the newer WMP control. In the best case scenario, the change might be to simply swap in the native object for XMLHTTP or the newer CLSID for the current WMP control.
There was a time that I had every desire and intention to stay closely attached with the development of IE7 and the RSS Web Feed engine via forums, blogs, and in some cases, email communication.
Why did that change?
ADD. My desire to overcome my ADD tendencies and actually place my primary focus on one of a bazillion and a half projects I have rolling around in my head at any given second, of any given day, month, week, year, and etc..
In other words,
It didn’t change. At least not the desire part, anyway. I still have *EVERY* desire to be a part of the development process of both of these products, though it will have to be future versions and/or the continued testing and integration of the soon-to-be-released versions for what should be an obvious reason: Both products are about to RTM.
Firstly, congratulations to both the IE and RSS teams for pulling together what I believe to be two absolutely astounding products. I don’t think it would be possible to truly understand how much work has gone into both of these products. It boggles my mind to think about the amount of effort that would need to go into a product such as IE to ensure that the transition from IE x.x to IE 7.0 would be as smooth as possible. Add to this the integration of a world class web feed engine** that allows for a simple, straight forward way to transparently move forward into a world of web feeds in which *VERY FEW* people will have a hard time understanding what a web feed is and why they are such an important aspect of our technological society moving forward, and what you have is a final product that is about to change each and every one of our worlds.
Overnight.
Well, maybe not literally overnight, but over the coming months, as IE7 and the RSS Web Feed engine are automatically deployed, as well as Vista is made available with all of this baked directly into the core, it is my own belief that what remains to be a somewhat bleeding edge technology will suddenly become mainstream, though very few people will even realize what has just happened (except for folks like Technorati, PubSub, Syndic8, etc… who will see what I personally believe will be a growth spike unprecedented to any other single technology in the history of computing.), not even wondering what life was like before web feeds due to the fact that they won’t even realize the transition has been made. A strange phenomenom, yes, but a transparent technology upgrade none-the-less.
So for what its worth,
To Microsoft, the IE7 team, and the RSS team,
Thanks for taking the proper time to do the right thing by not only providing for your customers something that the rest of us most certainly already take for granted, but for building your entire technological foundation upon these very same technologies, providing for us tools (e.g. the RSS engine, LiveClipboard, SSE, Live Writer, Spaces, etc…) that will enable us developer types to create some pretty amazing things such that each and every one of your 100’s of millions of customers can become one of our customers too.
Of course, this is really nothing new in this regard, and is probably the single most overlooked point by those who attack MSFT from the OSS side of things. While technically speaking there is a *HUGE* difference between an open source application, and a proprietary application, speaking practically, there is *VERY LITTLE* difference between the two when it comes to the ability to build and extend from either of these when the foundation of these applications are built upon this little thing called an API. The API has been at the heart of nearly every application Microsoft has built since day one, allowing us developer types to make their customers, our customers too.
Don’t get me wrong, OSS is great! And so is a base of paying customers. The merger of the two is taking place, and that’s great! But if you were to ask me to make a choice between a GPL’d OSS application and a closed source proprietary application that provided a full and complete API in which I could build and extend from?
Well, given the fact that the closed sourced proprietary application(s) in question provides me access to 100’s of millions of Microsoft’s customers, the choice is not a choice at all,
Give me the API.
For the most part, my customers don’t care about or even know about the difference, and when it comes to building a profitable business, open source, closed source, or somewhere in between source, when it comes down to it, it’s the customers that are willing to pay money in exchange for my product and/or services that matter most.
Like it or not, those are the facts. Please don’t take this to mean I dislike open source software, and instead to mean that putting food on the table is more important than the philosophical differences of opinion between whether or not an API that anyone can freely extend from can truly be considered “free.”
Okay, so quite a few paragraphs up I stated “Firstly,” which would lead one to believe there was a,
Secondly, the one aspect of the last two to three years of Microsoft’s history that I have truly come to both admire and appreciate is the simple fact that they were one of the very first companies (of *ANY* size!) to embrace the concept of blogging, openly encouraging their employees to blog and blog often.
Fast forward two to three years later — The Result?
Well, as mentioned above, I believe we are all about to witness the result right before our very eyes in regards to the transparent transition to a web feed-enabled and powered world. But thats only one of the results.
A lot more goes into the development of a product than simple lines of code. While the source code in most cases is still closed, access to the source of those in whom design, build, test, release, market, and support these products is *WIDE* open. Forget about Artificial Intelligence — When the source itself provides bi-directional communication with the community of customers in which they serve, providing access to the intelligence behind each of these mentioned areas, *that*, my friends, is what I would consider the most revolutionary Open Source movement the world has ever seen.
Like it or not, Open Source Syndication is just as important, and, in fact, probably even more so than *ANY* open source software application that has ever been developed.
You can open all of the source you want, but if the minds behind this software are closed, it doesn’t do a lick of good. In other words, OSS is great, but open minds and open access to these minds is even greater.
Thanks for reading. This stuff is important!
—
** The RSS engine itself is a globally accessible web feed syncronization engine (from a single machine application perspective) that supports each and every flavor of web feed that exists in the wild in any great capacity, pulling them together, remarkably well I should add, into one somewhat generic RSS feed type. In other words, any application on your machine can access the same web feed database, add, update, delete, mark as read, etc… any web feed and/or entry within that feed to ensure each application that utilizes web feeds can interact with the same data, and therefore each application will be in sync with the current state of each feed/entry you are subscribed to.
Pretty cool stuff!
IE7 still assumes that the object element is an ActiveX control, which sucks as it keeps this useful little container useless still.
Mark Pilgrim's article http://www.xml.com/pub/a/2003/07/02/dive.html still has relevancy even in IE7. This has been a bug since the beginning, and will it take designers harping about it for years (ala PNG transparency) to get it fixed?
Dear Microsoft IE team: when you do decide to begin implementing XHTML 2.0 (and XHTML 1 via the MIME type) please do it correctly, the way Opera, Safari, and FireFox handle object elements.
@Josh,
It's a fair critique, and I agree... When they implement XHTML 2.0, lets hope the do it correctly, or not at all. Obviously there wouldn't be much point in doing it *ANY* other way than correctly, given that their current customer base (i.e. those in whom have sites that will only work correctly in IE) can't really complain about breaking something they don't even use.
BTW... I don't think I could agree with you (and Mark Pilgrim) more in regards to the object tag. One of the tags that had/has? some of the greatest potential if properly implemented, and yet seems to be a forgotten has-been.