undefined | Better HN

0 pointsgmueckl6y ago0 comments

Still, it enabled features that others have a hard time replicating to this day. E.g. MS OFfice exposes a ton of its functionality via COM for remote control and embedding.

0 comments

3 comments · 1 top-level

Klathmon6y ago· 2 in thread

COM was incredible for being able to hack bits of various programs together.

I worked on a spike once to try and get a modern web browser embedded in a proprietary business basic language who's UI toolkit only exposed some COM/OLE stuff.

It was an unholy abomination of unmaintainable software, but it worked and worked well. It made me think a lot about how things would have looked today if ActiveX managed to keep it's foothold.

pjc506y ago

There was a lot wrong with ActiveX, starting with the fact that it was proprietary and Windows/X86 only, but the basic concept of cleanly embeddable controls was extremely sound and is something the modern Javascript world is only slowly groping towards.

tialaramex6y ago

The biggest problem is that they start with something that's supposed to be part of application software on your PC and then try to blacklist the dangerous bits and put everything else on the web. We already knew by then that blacklisting is a terrible idea in security and won't work.

The meeting should have gone like this:

Manager: We're going to put COM on the Web!

Engineer: What about this COM function that deletes files?

Manager: We'll blacklist that.

Engineer: Or this one that reboots the PC?

Manager: Blacklist. In fact I'm assigning you the job of making the blacklist.

Engineer: I think there's an unlimited number of problematic features of COM.

Manager: Good point. OK, ActiveX is cancelled. Thanks for your time, good meeting everyone, make sure to implement PKIX correctly so we don't cause more holes there too.

j / k navigate · click thread line to collapse