Today is a good day to code

Yahoo Considered ColdFusion

Posted: December 31st, 1969 | Author: | Filed under: ColdFusion, Programming, Uncategorized | Tags: , | No Comments »

New and Improved MSN Search

Picture of Irv Owens Web DeveloperIt seems that MSN has roughly the same amount of pages indexed as Yahoo and Google, and yet on almost every search they return fewer pages than either of it's contemporaries. I have noticed that MSN's relevancy tends to be pretty good, however it is possible to customize your queries to an extent with MSN with their sliders so you can choose whether you want the most popular results, the most current, or the most relevant via keywords. Also, MSN's search engine is much faster than Yahoo, and a little faster than Google, however this could be due to there being much lighter traffic across Microsoft's servers. But I would attribute the performance to a combination of good programming, and ASP.net.

I dont particularly like ASP.net, mainly because of the lack of a solid framework like struts for java to use. I also dont really like VB syntax, although I have to admit, in version 7 it is greatly improved. But back to searching, if you search for fusebox in Yahoo, you get about 1.1 Million records returned. If you perform the same search in Google, you get about 215,000 records returned. I believe that Google has had a recent shakedown of its index. In the MSN search you get about 245,000. In the Google results you get a lot of art studios, however in the MSN search you get articles about the fusebox framework almost exclusively in the first page of results. Yahoo gives you a mixed bag of results, seemingly alternating back and forth between the fusebox music site, and the fusebox web development framework. In my particular case I was thinking about the fusebox web development framework, but there is no real way for a search engine to know that.

Prior to this week, MSN's search results were pretty useless, Im glad to see that Microsoft is working to do things a little differently. I notice that in my case I have back-links reported in MSN, but they are not listed in Yahoo and Google. Still, I tend to place higher in the SERPS on Yahoo and Google, and often I shouldn't. I think Microsoft is branching out and using different algorithms, instead of checking Google's results and altering their algorithm based on the adjustments to Google's index. That is lame and I think that more search engines should try new things.


What is this Y!Q stuff?

Posted: December 31st, 1969 | Author: | Filed under: JavaScript, Programming, Uncategorized | Tags: , , | No Comments »

What is this Y!Q stuff?

Picture of Irv Owens Web DeveloperYou may have noticed all of the Y!Q links everywhere on my site. It is a new beta product from Yahoo! that allows people to perform web searches constrained by selected content from the page they are searching from. The content that goes to Yahoo! is selected by the publisher and targeted to return even more relevant results than would be possible going directly to the search engine.

When a user visits a search engine, the system has no background about the person to constrain their results so it makes it difficult to perform a search, for example if I knew someone were from Washington State, and they typed in the word apple, then I could assume they might be looking for apple wholesalers, or apple growers, or apple trees. If someone from California searched for the word apple, I might return the company. This is possible if you know something about the person who is searching, which is why personalized search has been receiving more focus of late.

I prefer the context based approach, because then I don't have to provide any personal information for the search engine to give me what I want. It would know just by the content of the web page that I am searching from.

I'll be honing the coldfusion parsing scripts to give the best possible content to Yahoo! I'll be removing words that are less than four characters in length from the article, to get rid of parts of words and words that carry little meaning like 'the.' I hope to have the best, most relevant results, because Yahoo! is offering $5,000 in their contest. Of course there had to be some motive for me to use this beta program!

I suppose that in its final iteration, Yahoo! will create some type of advertising revenue sharing model similar to Google's adwords. They seem to be hoping that it will generate more clicks because of its usefulness to the user. It is still kind of buggy, for example in all browsers other than Safari 2.0 a semi-transparent overlay pops up when the Y!Q link is pressed, on Safari, it takes you to Yahoo's relevant results page. Hopefully they will fix this soon, I'm pretty sure it has something to do with the changes Apple made to Safari's javascript processing engine. Also, since I am trying to automate this, sometimes a character gets into the string, and causes the Y!Q to return something not valid. I hope this will help with your searching.


MySpace.com Switches From ColdFusion to Blue Dragon

Posted: December 31st, 1969 | Author: | Filed under: ColdFusion, Microsoft, Programming, Uncategorized | Tags: , , | 1 Comment »

MySpace.com Switches From ColdFusion to Blue Dragon

Picture of Irv Owens Web DeveloperWhen MySpace decided to stop using ColdFusion recently, many ColdFusion developers felt somewhat betrayed by the change. Many even suggested that it wasn't the best engineered solution. By that they were hinting that by using fusebox, no one has said which version, and ColdFusion 4.5 / 5 they weren't working with the best that Macromedia had to offer.

New Atlanta claims in their press release that using the exact same code, MySpace was able to reduce their CPU usage by 50% under heavy load. They also claim that this result could not be duplicated with ColdFusion MX. I believe both of these claims. Most ColdFusion developers are loathe to admit it, but Microsoft has a pretty good thing going with C# right now. The ASP.net framework is decent, it performs extremely well in every test I have seen, so I am not suprised that by using ADO.net and ASP.net they were seeing gains like this. The biggest problem with any scripting or programming language comes down to the drivers when using an external resource. Web development is no different. When your database connection pool reaches it's limit, it just can't create any more connections and requests get queued. There is no way around this except to get better database drivers. I have seen JDBC fail miserably time and time again, especially with SQL Server 2000 in this area. One of the biggest causes of that 100% CPU utilization seems to be in the JDBC driver when the database doesn't respond in a timely fashion. I don't know what causes it, but it happens when I am working with a complicated dataset. It isn't even that the memory usage is too high and the server is thrashing, the CPU just goes to max and starts refusing connections. The only solution to this is to kill and restart the JRun instance. After that it behaves well again until it crashes.

In all fariness to Java / J2EE, I have only experienced these issues while working with ColdFusion Enterprise on Windows based systems, this doesn't seem to happen on Linux, at least in my experience. Since MySpace was so heavily invested in both ColdFusion and Windows hardware, I guess they had no choice but to use New Atlanta's Blue Dragon. Still, what most programmers have to realize is that at the end of the day, it is the tool that delivers the best that will be used. No matter what we feel about Microsoft, ASP.net is fast and stable in it's newest iteration. One of the advantages to ASP.net is that it automatically fixes it's memory leaks. This is something that Macromedia desperately needs to build into JRun. ColdFusion is sometimes slow and is often buggy when dealing with some of it's advanced features. Experienced CF developers know how to deal with most of this so it doesn't come into play very often, and I'd bet that with higher quality Microsoft SQL Server JDBC drivers, and the application of good design patterns and reusable CFCs they could have gotten better results out of the CFMX server. But as the CEO of New Atlanta said in his blog, to rewrite all the code to take advantage of components, invocation, and var typed variables is beside the point. They made the decision that would best serve their business. If their code was reusable or not is immaterial after the fact.

Still, I find ColdFusion's performance to be reasonable. I wouldn't call JSP / ColdFusion a speed demon any day, with light load, PHP blows it away with 10 users on it, but once you scale that up to 100,000 users concurrently, then Java starts to shine. Since Microsoft shamelessly copied Java with C# and improved on it, it is no suprise that ASP.net performs as well as it does since it has native OS support in Windows Server. No one uses ColdFusion because it is the fastest from the execution standpoint, they use it because it is the fastest language to develop in.

Another interesting point would be if Microsoft were to acquire New Atlanta in order to integrate ColdFusion support directly into IIS. This would give Macromedia / Adobe some competition and force them to fix some of the issues they have let languish in CF. It wouldn't be too suprising a move since they are seriously evaluating building PHP support directly into IIS. I'll bet that it wasn't even that tough for New Atlanta to port their J2EE version of ColdFusion over to ASP.net due to it's support for C# and Microsoft's Java source to C# source conversion tools. It, of course required some optimization, I'm sure, but I'll bet it is smokin'. Maybe I'll download it and try it.

New Atlanta
New Atlanta CEO's blog
House of Fusion MySpace Conversion Discussion


Fusebox 4 vs Mach-II

Posted: December 31st, 1969 | Author: | Filed under: ColdFusion, Programming, Uncategorized | Tags: , | No Comments »

Fusebox 4 vs Mach-II

Picture of Irv Owens Web DeveloperIn working with these frameworks for more object oriented code in ColdFusion, I have noticed some interesting facts. It appears that Fusebox 4 is way faster for small applications from an execution standpoint than Mach-II. Mach-II is of course way more robust in terms of near OOP utopia, however a decent level of simulated object-orientation is possible using Fusebox 4.1 if you take advantage of it's ability to natively work with CFCs.

In messing around with the sample applications that are available from the fusebox.org site, I have been modelling some of the speeds in my local development environment. When I tell both that they are in a production environment, their respective speed picks up admirally. If however, they are set to development, they remain quite slow. I would greatly prefer Mach-ii over Fusebox 4.1 for huge applications, as it seems to do much better with object orientation while using CFCs. It's light framework does a much better job than the heavier framework that supports Fusebox 4.1. Mach-ii seems to have been built to specifically work with ColdFusion MX and better, while Fusebox 4 still needs to support ColdFusion 5. This appears to add the extra weight to the runtime. If you want to get as close as you can to true OOP in ColdFusion MX, then Mach-ii is as good as it gets.

fusebox.org


JoostBook – Joost to Facebook Interface Widget

Posted: December 31st, 1969 | Author: | Filed under: java, JavaScript, Programming, Uncategorized | Tags: , , , | No Comments »

JoostBook – Joost to Facebook Interface Widget

Picture of IrvinSince I'm in love with Joost, I have been thinking about good applications that I could write for the platform. Before I get into talking about the widget / plugin, let me just say that the experience I have had with communicating with the Joost engineers, through their joost-dev google group, as well as them allowing early access to their SDK, has been outstanding. I have rarely come across a more open and generous group. Typically, the SDK guardians are very selfish about discussing future features, and are usually quite arrogant about the possibility of a developer finding an undiscovered bug. None of this has been the case with the Joost SDK staff.

If you don't want to read the details about how I built it, and you just want to use it, you can get it here: JoostBook: Joost / Facebook Interface. You will need Joost, and a facebook account to get started.

Now, about the widget. Firstly, the installation is a little wierd because of the level of control facebook insists on. In order to use the SDK, you have to authenticate, if an unauthenticated request is made, the response is with the facebook login page. This makes for some unique error catching conditions.

Secondly, we web developers often take for granted that the DOM will have a listener attached to it, and will automatically refresh if anything in the DOM changes. Well, I know that the Joost engineers are working on it, but it doesn't refresh, and therefore, while you can create new XHTML elements, as well as modify the ones that are there with JavaScript. You are best off currently just hardcoding all of your objects up-front, and changing their contents. Also, injecting XHTML using innerHTML doesn't really work so well currently either. I'd suspect that much of this is because there is a bridge between the 2D world of XULRunner / Mozilla, and the 3D world of the Joost interface. I'm sure there is a lot of complexity between the two.

So basically, once you have downloaded Joost, and installed the plugin, the first thing I had to do was check for if you are logged in, if you aren't logged in, it has to show you the facebook login page in an iframe so that the XULRunner browser can be cookied. After that, the widget should work like one would expect. You may have to log in alot, and if you aren't logged in, obviously the application can't update the JoostBook facebook application.

Writing the Joost plugin was the easy part, getting the facebook stuff to work was the hard part. Most of it was because the error handling is terrible. Since facebook doesn't allow you to see the 500 errors that your server is throwing, and it doesn't log it, you have to find other ways to check to see if your server is behaving properly. I spent a lot of time in my logs checking for errors.

The install process is a little wierd too, for example, in Firefox 2.0.0.8 on Windows XP, when I clicked on the Joda file linked in the page, it tried to open it as if it were some kind of markup file, obviously the joda looked like garbage, I had to right click and save. Perhaps if I had used a joost:// link it would have worked OK, but I think more research is in order. I didn't really try it in IE because most of the readers of this blog use Firefox, but it should work the same way.

Then having to install the application in facebook can be a little difficult as well. Well, the installation isn't difficult, its the concept that you have to install two applications that work together that is hard. At least there is no particular order in which you need to install them, worst case whenever you run the JoostBook plugin in Joost, it'll show you the facebook login page all the time.

At any rate, it was a fun experience, and I still think the guys at Joost are on to something. I'm slightly less psyched about the facebook platform, but I'm still excited about it.


Google Sitemaps

Posted: December 31st, 1969 | Author: | Filed under: ColdFusion, Google, Programming, Uncategorized | Tags: , , | No Comments »

Google Sitemaps

Picture of Irv Owens Web DeveloperAnother couple of projects I started working on was getting a properly configured robots.txt, going, and to use Google sitemaps. If you have a gmail account, and you are a publisher, this is a very easy way to make sure Google crawls your site properly, and knows about all your links. One of the things I have noticed about the googlebot is that it frequently hits my homepage, but it would always only index the blogs that were directly linked to from that page. It would almost never go all the way through my site to get to the oldest articles.

Here is the code from the component that I am using to generate the sitemaps file. I modified the code originally avaliable at ColdFusion based Google Sitemap Creator. It is a .cfc so it should be pretty plug and play. Of course I will change the sensitive details about my site…








http://www.owensperformance.com/index.cfm
#theDatetime#
always

1.0


http://www.owensperformance.com/resume.cfm
#theDatetime#
monthly

0.9


http://www.owensperformance.com/aboutus.cfm
#theDatetime#
monthly

0.3


http://www.owensperformance.com/blog.cfm
#theDatetime#
daily

0.8






http://www.owensperformance.com/blog_content.cfm?
articleid=#urlString.articleid#

#theDatetime#
never

0.7





file=”#ExpandPath('../sitemap.xml')#”
output=”#theXml#” nameconflict=”overwrite”>
Google Sitemaps Overview


ColdFusion “Scorpio” Possible New Features

Posted: December 31st, 1969 | Author: | Filed under: ColdFusion, Programming, Uncategorized | Tags: , | No Comments »

ColdFusion “Scorpio” Possible New Features

Picture of Irv Owens Web DeveloperOver on Ben Forta's blog, www.forta.com, he has a discussion running about new features for ColdFusion MX 8. One of the things he suggests is tighter integration with Microsoft Exchange. I think that would be very cool, but I'd agree with some of the readers over there that some type of iCal support would be sweet along with the ability to interact with a mail server using IMAP.

I'd like to use the Exchange interaction to allow my applications to use the events for a particular user as a trigger, for example, if a user had an event set up for a particular meeting room using a custom ColdFusion meeting booking system, the server could see if that room were still free about two hours before the meeting and if it weren't, it would send an email to all the meeting participants, in the Outlook format, to reschedule the event or change its location.

That's a really simple way to use it, and I'm sure there are others, but it would be helpful. I would like to see IMAP support so that I wouldn't have to actually pull down a user's mail in order to display it using the cfpop tag. It would be nice to have a customizable mail interface.

What I would really be interested in was an optional built in framework of some type, and upgraded SESSION management. While I don't mind having to use cflock whenever I am using SESSIONs, it would be really cool if I didn't have to use it. I also think that it would make development much easier for those who don't read up as much as I do, fail to use cflock, and end up with large applications with SESSION breakdowns. It might be cool to have another type of shared scope for objects that would automatically check to see if there were an instance of the object. If there was, then the system would use that instance unless told not to. If there were no instance, it would load a new instance from the disk.

Wow, I thought I had no real opinion about the upcoming version of ColdFusion, and that I was pretty happy about its current level of functionality, but I guess there are a couple of suggestions that I could make. More support for Mach-ii and other frameworks via a system level plug-in would be nice. Perhaps if they were more integrated into the application server, they could allow more convention-over-configuration like rails.


Big Iron (Mainframes) and the World of Tomorrow

Posted: December 31st, 1969 | Author: | Filed under: JavaScript, Programming, Uncategorized | Tags: , , | No Comments »

Big Iron (Mainframes) and the World of Tomorrow

Picture of Irv Owens Web DeveloperThere was an article in CNET yesterday espousing the need for developers to pick up mainframe development, and schools reinstating their mainframe classes. While I don't think anyone should waste their time learning about a mostly dead technology, it makes sense to learn from the applications developed on mainframes and take the lessons with a grain of salt.

Right now I am working on converting a legacy mainframe application that was implemented in the 1970's into a web application. The real issues are stemming from the current business process with that mainframe. The database, probably some RDBMS variant, is normalized in such a way that it makes enough sense to keep that structure rather than try to re-invent the wheel. What has been suprising is that it also makes sense to maintain most of the data presentation layer.

The people who use the current system get a ton of data from a very small amount of screen real-estate. The mainframe systems were usually text based, and limited in the number of characters that could be stored in a field, and therefore displayed. Much of the business process that resulted from these limitations has evolved around using codes and cheat sheets to figure out what the codes mean. This also has the effect of shielding somewhat sensitive information from outsiders and customers. The use of codes as a shorthand for more detailed information also has the effect of being able to transfer a large amount of knowledge in a very short time for experienced users. Similar to the way we use compression to zip a text-file into a much smaller file for translation later. When a user inputs the code, they are compressing their idea into a few characters that the user on the other end can understand.

I have been more fortunate than most, because I have access to one of the original architects of the system, and I believe that having an understanding of the business environment and the system architecture is more important than knowing the actual code. Most people looking to hire individuals who understand the mainframe are really looking for people to dis-assemble their applications and rebuild them as web applications.

I do intend to maintain the look of the existing mainframe screens, but intend to replace the current cheat-sheets with simple hover javascript events to display descriptions of what the codes mean. I like this approach of blending the old with the new since it will create a sustainable bridge between the legacy users and incoming users who may not have had the same experience.

The article in CNET further implies that mainframes still sport some advantages over server based applications. That may be true to a degree for deployed desktop applications, but maiframes have no advantage when it comes to web applications. Still, people who know COBOL, FORTRAN, and other low level languages can command a premium for their technical knowledge in the few shops who feel that maintaining these mainframe applications and hardware are better for some reason than replacing them, but it is only a matter of time until these shops agree that paying an ever increasing amount for maintenance and upgrades is more expensive than bringing someone onboard to convert the application to the web. Therefore I see no future in the mainframe, however some great applications were developed for them, and the applications that are still running on them were probably more robust than average.

Much of the methodology I tend to follow when constructing a database or organizing code were implemented for the first time on big iron, so I actually feel priviliged to be able to work with it. Its almost like looking into a time machine where you can see and feel the environment of the past which, even though it may seem the same, is vastly different than the business climate today.

Learn COBOL today!

What is a mainframe anyway?


Whirlwinds of Code and Forming Design Patterns

Posted: December 31st, 1969 | Author: | Filed under: ColdFusion, Microsoft, Programming, Uncategorized | Tags: , , | No Comments »

Whirlwinds of Code and Forming Design Patterns

Picture of Irv Owens Web DeveloperOne of the biggest issues with understanding object oriented programming is getting over its associated terminology. Most developers whether they realize it or not have formed design patterns, and use them all the time. If an established developer were to look at their code, they would often see that their application was broken down into data access and storage components, display components, and the logic that allows them to successfully communicate. When asked to bring a system from one application to another, they can usually do it with little to no modification. This is the idea behind design patterns.

In an interview yesterday I realized that I had better take a more aggressive look at design patterns. Understanding the terminology may be tough, but it is an excellent way to communicate an application's business needs, especially using UML, as well as getting down to the lowest level of describing the objects that will comprise your frameworks. I have always tried to get a firm handle on design patterns, but they have largely eluded me. I have understood simple systems like breaking your code into well defined model-view-controller layers, and using messaging to communicate between layers, but I have never really been able to understand the more advanced concepts. In the interview I noticed that I was designing with some object oriented concepts by using Fusebox, even if I didn't know what to call them, but ignoring some of the more specific ones.

Programming is often like the game Dark Cloud for the PlayStation 2. For those who haven't played the game, it is a role playing game in which the player travels around their world trying to re-assemble their world, which was scattered by an evil genie. The player is provided a weapon which is pretty weak to start with, and by travelling around the world, they can gain objects which make their weapon stronger. When they get enough objects, they can merge their objects permanently into the weapon, increasing its effectiveness. They then begin the process anew, adding objects to the newly enhanced weapon until they can merge it again. When you have better weaponry, the player can gain pieces of their world more quickly and can assemble more complex worlds in shorter time. It is like this with programming. Often I feel as though code is whirling around me and once I have that “aha!” moment it merges and becomes something solid for me that enables me to take the next step. Building large applications has caused me to develop different frameworks or APIs for me to use. For example, most of my applications require search, so I have developed a pretty thorough search framework, made up of components, that can be moved with little modification. I wouldn't have known that it was that, but it is.

Today, or last night rather, I had one of those “aha!” moments, the moments we all write software for. I was finally able to put names to some of what I was doing. Now that I am beginning to understand, I can see why it would be hard for experienced object oriented developers to explain to procedural developers how to do OO design. You just begin to think differently. I can see about ten areas in which I can improve my search API / framework to make it more portable. The hardest part is finding the dragon, slaying it is easy. In other words, associating design patterns to what you are doing is hard, once you can put names to faces so to speak, the rest is simple. For a while I could never understand why people were so excited about Microsoft enabling the use of C# in SQL Server 2005. But now I can see, you can create an entire data access framework all on the database server, abstracting the underlying database and its queries from the application. It would be possible, in a web application, to completely separate the model from the controller and view layers. This has huge benefits in code maintenance because you could have any number of applications using the data access framework through web services.

What really dragged it together for me was why Java was so tough. I realized that it was tough because my mostly procedural mind was trying to write a program thinking about what each class should do instead of things like what does this class know about itself, what is it's purpose. How do the methods inside it work to help it achieve its purpose. In short I was trying to write a simple program, instead of thinking about a toolset to help me achieve my goal. With Java, you have to diagram, you have to chart or you will just get lost. Even objective-c makes more sense, with over-riding the init method for objects. These things didn't make sense before, but now I am getting it. I still have a long way to go, but I think I'll start working with Mach II, even if there is a performance hit. That is a little more OO than Fusebox, but Fusebox is a great foundation for it.

All that being said, there are still some instances where you can go too far with data encapsulization. For example if you had a table that had contact information in it. You wouldn't want to return each row, create a struct out of it, then set an iterator method to go through each struct, then each element of the structs, at least not in ColdFusion. Iterating over a query is something that the built-in elements of ColdFusion do fairly well anyway so building frameworks to disassemble a query object, then re-assemble it as a bunch of structs is probably an un-necessary layer of complexity for most applications. So like anything else, discretion is required. Now I'm ready to tackle the UML book and hopefully figure out how to use that nifty ID3 tag reader framework for Objective-C that I downloaded a while back and couldn't quite figure out how to use. I've got Macintosh applications that need to be developed.

Here are a few of the sites that helped me get to the “aha!” moment.
Macromedia exerpt from 'Design Patterns'
ColdFusion object factories, the Composition CFC
Introduction to the Mach-II framework


New Internet Explorer 7 to Allow More Customization

Posted: December 31st, 1969 | Author: | Filed under: Google, JavaScript, Microsoft, Programming, Uncategorized | Tags: , , , , | No Comments »

New Internet Explorer 7 to Allow More Customization

Picture of Irv Owens Web DeveloperI love the ability I have to add more functionality to Firefox. Right now I have the web developer tools so that I can check out a page's stylesheets, javascript, block level elements, etc… I have the IP tool installed so that I can see the IP address of the site that I am currently visiting. I have the Gmail notifier and the PageRank tool all incorporated in my browser, most of which modifies the status bar at the bottom of the browser and is completely innocuous. Internet Explorer has always supported plug-ins, but they were limited in their ability to change the user's browsing experience, relegating them to toolbars and the like. That is about to change.

Similar to the new Google dashboard Internet Explorer will allow small web applications to be installed in the browser, it will allow a user to modify the webpages they are viewing, create a new download manager using the .net languages, really the implications seem to be pretty huge. There is just one problem. Security.

One of my biggest fears with a heavily extensible Internet Explorer is that people will be able to use it to compromise the security of the operating system. We have heard time and time again that in Longhorn, ahem, Vista, users will be able to run Internet Explorer 7 in a sandbox of sorts, or a least privileged user account, preventing would be hackers from compromising the system. That is great for Vista, but what about on Windows XP Service Pack 2? Don't get me wrong, I think Microsoft has done as much as can be expected of anyone when patching a completely insecure OS, and they did it in record time too. Still, there have been plenty of bulletins regarding more compromises and exploits in Windows XP SP2, some regarding Internet Explorer. If you give individuals the ability to distribute code that a user can install, it is possible, by definition to compromise that user's system. I'm sure that Microsoft would be quick to point out that then it isn't their fault that someone installed software that allowed hackers to have their way with all their files, but at the same time it is very easy to misrepresent a piece of software to a computer novice who is using Windows. Just look at how far Gator / Claria has gotten sneaking software onto systems. I think that while having the ability to customize one's web browser is cool, Microsoft should consider passing on this potential nightmare. It is sort of reminiscent of Microsoft's touting of Active X and how it was going to obliterate the line between desktop software and internet applications and change the way we all use our computers. Well, it changed the way we all use our computers, we all need anti-virus / spyware / malware filters that sniff out those Active X controls and disable them. Most of us, those in the know, if we have to use windows, turn the Active X controls off altogether.

I think that Microsoft should really not include this feature, and I mean even for toolbars unless they are reviewed by Microsoft and signed by Microsoft. That is the only way to be sure users aren't getting malware. If the plug-in isn't signed by Microsoft then the OS should refuse to install it. It should be that simple. Of course it makes developing for IE that much more difficult, but Microsoft could release a developer's version of IE that was open source so that the plug-in verification could be disabled to allow all plug-ins to be installed. Everyone in the software business knows that features move boxes, but Microsoft should keep their eyes on the prize of security. They really need to get their reputation back, and integrating more sketchy features in not the best way to do this.

IE Extensibility – From the IE blog