Reply to: Another Nail in ActiveX's IE Coffin

The reason Plugin's are so hated is the very reason they are so popular. They are quick and easy to develop and distribute, which means they are quick and easy to develop badly (or maliciously) and then distribute the resulting vulnerabilities to a huge audience.

The most common browser exploits, and not just in IE, arise from badly written plugins (and it feels like most of them are from Adobe)

WHS. HTML5 isn't an alternative (and .NET certainly isn't - duh!). HTML5 is now an alternative to what Flash was doing 15 years ago, and perhaps Java (not that anybody ever used applets), but that's nothing to get excited about. It's pretty pathetic really.

What's sad is we somehow missed out on having a decent, secure, built-into-the-browser development environment. It probably should have been Java (not that I'm a fan), or Flash, or Silverlight, but as all those are plugins and everybody hates plugins (although nobody knows why) we're stuck with clunky old HTML and a programming language that makes BBC Basic look modern. Well done IT industry.

Well if you haven't seen it it clearly can't exist! And how is "you can do it in .NET" any kind of answer, when the only way to run .NET in the browser is to install a plugin?!

Browser plugins serve a very specific purpose, they are widely misused but that isn't the point.

I've yet to see something you couldn't implement in .Net, they shouldn't be relying on any browser plugins anyway

There are still many cases where only a plugin can solve a problem. Many plugins can these days be re-implemented using HTML5/JS but many cannot. The problem though is that each such plugin is typically used by a very small number of people, relatively speaking, so Google are leading the charge to block native plugin functionality entirely.

I follow the FireBreath (cross-platform, cross-browser plugin library) mailing list and this has been an ongoing topic for some time now, ever since Google and then Mozilla made it perfectly clear they wish to drop NPAPI (the non-IE version of ActiveX) without providing a cross-browser alternative. The writing appears to be on the wall for plugins but to date in-browser technology simply doesn't offer a replacement for all the things plugins can do - and even when you can provide the same functionality in JS its a big task to chuck out your C++ project - and re-implement the whole thing in JS.

But anyway, this isn't a nail in IE's coffin... merely another nail in the coffin of all plugins. MS are in fact only following the trend.

That would make scary reading if we were back in the 1990s

It's a black list of specific old versions of plugins they've decided are risky; they're not blocking ActiveX controls per se. There's probably some work in upgrading old ActiveX controls for clients that have read this and don't understand that part, if you're so inclined.

Although I can see help desks world wide being swamped with calls from users who can't watch their cat videos anymore.