[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [www-vrml] SP2 vs. The Plugins: Anchor Node Bug
There is another BUG(?!):
Every anchor node to a html (non-3d file) in a wrl/x3d file is filtered in
Flux, BS-Contact and Blaxxun (in IE) after clicking onto the reffering
3d-object in the 3d space.
No error sound, no hint....
Is there a solution for this problem?
Kay Melzer
Dipl.Inform.(FH)
Creator of MedWorld3D
FH-Dortmund - University of applied sciences
Abteilung medizin-technische Informatik Department of medical computer
sciences
Dortmund - Germany
Business contact:
FH-Dortmund, Abtlg. med. techn. Informatik
Kay Melzer - Hauspostkasten 52
Emil-Figge-Str. 42
44227 Dortmund
EMail: kay.melzer@fh-dortmund.de
Web: www.fhdo.edu.tf
Web: www.3d-node.com
ICQ: 51094929
Phone: +49 179 1354278
Fax: +49 179 1354278
> -----Original Message-----
> From: owner-www-vrml@web3d.org
> [mailto:owner-www-vrml@web3d.org] On Behalf Of George Birbilis
> Sent: Monday, September 13, 2004 10:46 AM
> To: Paul Aslin; 'www-vrml'
> Subject: Re: [www-vrml] SP2 vs. The Plugins
>
> > Oh BTW the missing status bar in SP1 or later version of XP is
> > actually a bug, the bar comes and goes at will. Which is not a good
> > thing when there is where the security "padlock"
> > icon is displayed.
>
> it's available from View menu of IE, but maybe if a page
> writes to the status bar via JavaScript, IE shows the
> statusbar automatically if it's hidden (haven't tried it).
> BTW, a page can hide the statusbar when they open a new HTML
> window (these are called "window decorations" in Netscape
> terminology I think). I agree the "padlock" and other
> status/feedback icons are a problem, but web browsers were
> designed like that originally cause Netscape envisioned them
> as an application platform that would replace classic desktop
> OS GUIs, like Windows. Few custom app GUI designers would
> like to have that bar at the bottom of their window
>
> > > That was already a case and so is with signed applets
> etc. You can't
> > > split that in two prompts, one before downloading the
> resource and
> > > one after (once the OS checked the file downloaded OK, is signed
> > > with a valid certificate, has not been tampered with etc.). You
> > > can't split that in two files either, you have to prompt the user
> > > ONCE before installing. The activeX control is thus considered an
> > > integral part of the page functionality and the whole page isn't
> > > considered yet downloaded till that downloads
> >
> > But this is exactly what happens when you download an .exe
> program of
> > a website or CD !
> > Firstly it asks if you wish to 'run' or 'save' the file. If
> you then
> > choose 'run' it downloads the file and then presents the install
> > wizard etc.
>
> In the case you mention (download a file), you're in fact
> prompted only once if you select to "run" the file, not
> twice. The executable you run may not show any GUI etc. and
> just run. There's no install wizard, it just happens that
> most stuff you download, AFTER THEY RUN, show a GUI since
> they're self-extractable archives that contain an
> installation GUI (much friendlier than unix tarballs, but
> it's executable code that before you run you don't know what it is).
>
> BTW, it seems XP SP2 now marks executables downloaded from
> the internet somehow in your system (maybe in metainfo at the
> filesystem, don't suppose it modifies the .EXE cause it would
> break some installers if it did so [they'd think the EXE was
> cracked]). Whenever you run those executables in the future,
> it shows a dialog saying this was downloaded from the net, it
> checks if they're digitally signed or not, if the signature
> is valid (file not tampered with) and aks if you're sure you
> want to run them (plus has option to not prompt for that
> specific file again in the future). Much better for new users
> in security means. In previous Windows versions (e.g.
> on a Win2000), I had reported to MS that it wasn't even
> checking if a file was signed and tampered with (invalid
> signature) to warn you before you run that file (you had to
> right click the file yourself before running it and see its
> property pages to check if there was a signature and if it
> was valid which was too much for everyday use)
>
> > > (place the site in
> > > non-trusted zone to avoid the download in the first place if you
> > > care about speed, or change the settings for the
> "Internet zone" and
> > > make it NEVER download ActiveX controls is you want
> speedup and are
> > > sure you won't need and will not want to use ActiveX
> controls ever)
> >
> > Try writing a step by step tutorial on the process of doing
> this and
> > you will realize that this is not exactly a user friendly task.
>
> very easy:
>
> 1) click on the address bar (if not visible, select menu
> option View/Toolbars/Address bar)
> 2) click at the first character of the host part of the URL
> address (e.g.
> the first "w" char of www.someserver.com)
> 3) shift+click at the last character of the host part of the
> URL address (e.g. the last "m" char of www.someserver.com) to
> select that part
> 4) right click on the selected URL address part and select
> "Copy" from the popup menu
> 5) go to "Tools/Internet Options..." menu
> 6) click on the "Security" tab
> 7) click on "Restricted sites"
> 8) press the "Default Level" button so that you see the
> reading "High" at the "Security level" scrollbar
> 9) press the "Sites..." button (a new dialog will open)
> 10) right click in the textbox labeled "Add this website to
> the zone:" and select "Paste" from the popup menu
> 11) press the "Add" button
> 12) press OK to close the "Restricted sites" dialog
> 13) press OK to close the "Internet Options" dialog
>
> btw, you can also access that same "Internet Options" dialog
> from the menus of various other programs, Microsoft and
> non-Microsoft ones (they all use the same settings)
>
> > I think you have missed my point here which is simply...
> > ... why is it so hard to actually stop certain ActiveX
> controls from
> > downloading.
> >
> > And by this I mean for the average computer user, who
> firstly may not
> > know just which website the control was downloaded from, and be
> > willing to dig through the numerious places of Internet Option to
> > figure out what changes what. This is suppost to be as simple as
> > possible, its not rocket science.
>
> Because the user should never know what the page needs in
> order to show, they care just to see the page! If the page
> author says it needs an ActiveX control, the author knows
> better if their page will or won't show without that ActiveX
> control (e.g. Flux VRML/X3D browser). The user should ONLY be
> warned and made aware of the usage of a potentially hazardous
> item in that page, if there's a security issue involved. That
> is they should never see any warnings, prompts etc. if they
> have that site in their "Trusted sites"
> zone, or if that control is digitally signed by a publisher
> that they have already selected to "always trust" at a
> previous time they had been asked about some content from
> that publisher (those publishers are in the "Content" page of
> the "Internet Options" dialog, at the "Publishers..."
> button and you can add/remove such too manually from there).
>
> The problem of an unsigned control eating up bandwidth to
> first download and then having you reply you don't trust it
> is unsolvable, since the browser HAS to download the full
> archive of the control to unpack it and see if it's signed or
> not and if the content hasn't been tampered with (say
> infected by a virus or some trojan injected in the CAB
> archive etc.) after it had been signed. So unless you disable
> ActiveX controls permantently in your internet zone (good
> only if you don't use Flash, VRML/X3D etc.), or per web host
> or site (say add them in the "Restricted sites" zone), you'll
> suffer that time penalty of getting the controls downloaded
> first and you getting prompted after (prompting you twice
> would be a usability nightmare, plus a page can contain
> several such items)
>
> > Let just say for example CompanyZ brings out an ActiveX
> control which
> > contains a bug that causes problems for certain computers, do you
> > think the media will be able to explain just how the prevent this
> > ActiveX control from bwing downloaded.
>
> by being downloaded it doesn't mean it RUNS!
> so it can't cause absolutely ANY problem if the user doesn't
> decide to trust and install it when prompted
>
> in fact with XP SP2, the user's space isn't intruded by some
> popup dialog that asks if they trust an ActiveX control, the
> default setting is to block them and a sound is played, plus
> a security bar shown at the top of the window (under the
> menubar if that's visible) that prompts you some item was
> blocked and to right click there to see more info and be
> prompted to unblock that item if you wish. Then the user from
> there can select to trust a publisher (say Macromedia) or a
> website so that they don't get that default ActiveX control
> blocking behaviour. That's a bit more problematic for website
> designers, but much better for the users who would just press "Yes"
> in any popup dialog they saw when they were trying to visit a webpage
>
> > > I do agree though that while a page downloads one shouldn't see a
> > > blank window but something better INSIDE the window (not at some
> > > status bar or at some rotating browser icon)
> >
> > well this area would be a good place to put information about the
> > plugin itself, perhaps a jpg the content author supplies to
> be shown
> > untill the plugin is ready.
>
> the problem is the control might be invisible or 0x0 sized in
> the page, or many control might be there, so it wouldn't
> always help (although I agree that showing an optional
> placeholder with ActiveX control download info [similar to
> the optional show-placeholder setting for images IE has]
> would be nice [to define in the OBJECT parameters in the
> HTML]). I was thinking of the whole page showing something
> (some progress icon) instead of a blank screen till some of
> its content gets ready to render. Cause as it is now users
> (esp. on modems) think the browser just "crashed" (cause the
> window remains blank for some time and if there's no status
> bar, you just rely on the rotating "e" icon to understand
> it's still working and not "crashed")
>
> cheers,
> George
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> George Birbilis <birbilis@kagi.com> [Microsoft MVP for
> 2004-J#] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> + QuickTime VCL and ActiveX controls (for PowerPoint/VB/Delphi etc.)
> + Plugs VCL and ActiveX controls (InterProcess/Internet
> communication)
> + TransFormations, VB6 forms to ASP.net WebForms convertion
> http://www.kagi.com/birbilis
> + Robotics
> http://www.mech.upatras.gr/~robgroup
> ..............................................................
> ..........
>
> --------------------------------------------------------------
> -----------
> for list subscription/unscrubscription,
> go to
> http://www.web3d.org/cgi-bin/public_list_signup/lwgate/listsavail.html
>
-------------------------------------------------------------------------
for list subscription/unscrubscription,
go to http://www.web3d.org/cgi-bin/public_list_signup/lwgate/listsavail.html