Slashdot Mirror

jpmahala asks: "We had been using Groove internally at our company for quite some time (before the Microsoft buyout), and were interested in adding more users to the program. However, after clicking on the link to the store on Groove's website, I find a message from Microsoft that the product is no longer being offered. Following the link provided by Microsoft, I find that it is bundled into the Office2007 product now and it does not seem to be offered as a standalone product. I'm sad to see that sort of thing happen, and I am unwilling to upgrade everyone to Office2007 just for the sake of Groove. Is there any viable alternative out there?"

PetManimal writes "Microsoft has just released a list of 800 applications it says are 'officially supported' on Windows Vista. What's special about this list, however, are the programs that are not included: 'Popular Windows software that is conspicuously missing from Microsoft's list includes Adobe Systems Inc.'s entire line of graphics and multimedia software, Symantec Corp.'s security products, as well as the Mozilla Foundation's open-source Firefox Web browser, Skype Ltd.'s free voice-over-IP software and the OpenOffice.org alternative to Microsoft Office.' Another area in which Vista has found to be lacking is gaming, as discussed earlier on Slashdot."

BuR4N writes "Mark Russinovich takes a look at the Windows Kernel and the changes made in Vista. In this second part he describes the workings of the features SuperFetch, ReadyBoost, ReadyBoot, and ReadyDrive and how they improve system performance."

carlmenezes writes "Ars Technica has up an article discussing Microsoft's latest salvo against IBM. Microsoft's open letter to IBM adds fresh ammunition to the battle of words between those who support Microsoft's Open XML and OpenOffice.org's OpenDocument file formats. Microsoft has strong words for IBM, which it accuses of deliberately trying to sabotage Microsoft's attempt to get Open XML certified as a standard by the ECMA. In the letter, general managers Tom Robertson and Jean Paol write: 'When ODF was under consideration, Microsoft made no effort to slow down the process because we recognized customers' interest in the standardization of document formats.' In contrast, the authors charge that IBM 'led a global campaign' urging that governments and other organizations demand that International Standards Organization (ISO) reject Open XML outright."

Piracy Support Line writes "Russian principal Alexander Ponosov will not be visiting Siberia any time soon, at least not for the allegedly illegal Microsoft software that were preloaded on the computers they bought and Microsoft supported the reseller's story. Although Bill Gates rejected Mikhail Gorbachev's personal appeal for mercy on behalf of the teacher, the judge was kinder. Judge Elvira Mosheva decided to dismiss the case because 'Microsoft's financial damage is too insignificant for a criminal investigation.'"

An anonymous reader writes "In his RSA conference keynote today, Bill Gates announced that Microsoft will support the decentralized OpenID digital identity protocol, in addition to WS-* and CardSpace (transcribed notes, video). From its roots in LID, i-names, and Sxip, the first major deployment in LiveJournal, and now with support from Techorati, Magnolia, Symantec, a suspected mass-deployment by AOL, and a number of startups — using URLs as digital identities has caught hold."

Reader trparky recommends an article on Technet (which, be warned, is rather chaotically formatted). Mark Russinovich, whose company Winternals Software was recently bought by Microsoft, has published the first of a series of articles on what's new in the Vista kernel. Russinovich writes: "In this issue, I'll look at changes in the areas of processes and threads, and in I/O. Future installments will cover memory management, startup and shutdown, reliability and recovery, and security. The scope of this article comprises changes to the Windows Vista kernel only, specifically Ntoskrnl.exe and its closely associated components. Please remember that there are many other significant changes in Windows Vista that fall outside the kernel proper and therefore won't be covered."

Unpaid Schill writes "Over on the O'Reilly Network, there's an interesting piece about how Microsoft tried to hire people to contribute to Wikipedia. Not wanting to do the edits directly, they were looking for an intermediary to make edits and corrections favorable to them. Why? According to the article, it was apparently both to let people know that Microsoft will not 'enable death squads with their UUIDs' and also to fight the growing consensus that OOXML contains a useless pile of legacy crap which is unfit for standardization."

theodp writes "A week before the release of Vista, Microsoft is expanding its fight against software piracy with a new educational effort that includes comics. Making its U.S. debut Monday, the Genuine Fact Files campaign aims to make Microsoft's message more accessible to a broader audience. BTW, Vista's Software Protection Platform (SPP) can put unvalidated copies of the software into a reduced-functionality mode. From the article: 'Microsoft plans to draw attention to it through banner ads on its Web sites and promotional material that it will hand out through partners. By using comics, the company aims to make the message more accessible to a broader audience. They are black and white, in a style similar to newspaper comics.'"

jg21 writes ".NET Developer's Journal is reporting that Don Ferguson, the 'Father of WebSphere,' has left IBM to join Microsoft CTO Ray Ozzie's office. Ozzie, whose efforts to rebuild Microsoft have been discussed previously on Slashdot, is gaining a man who while at Blue championed Web services, patterns, Web 2.0, and business-driven development — a potent combo for the future that Microsoft is trying to bring into being."

loconet writes to tell us about a little surprise coming in Outlook 2007: it will render HTML email using the MS Word engine, dropping the use of IE for this purpose. This represents a body-check to the movement towards Web standards. Whatever you think about HTML email, lots of it gets generated, and those generating it won't be able to use CSS any more, and may stop pushing for more widespread standards support. The announcement was made on MSDN. From the Campaign Monitor post: "Imagine for a second that the new version of IE7 killed off the majority of CSS support and only allowed table based layouts. The web design world would be up in arms! Well, that's exactly what the new version of Outlook does to email designers."

Saturn2003a writes "Microsoft has stated that they will not be offering a patch for the new US Daylight Saving Time for Windows 2000 and earlier. Only customers with an extended support agreement can get a Hotfix from Microsoft. To get around this, IntelliAdmin has created an unofficial patch (source code provided) that will fix Daylight Saving Time on Windows 2000 and Windows NT machines."

Standard Disclaimer writes "Most here on Slashdot know that Microsoft released its OpenXML specification to counter ODF and to help preserve its market position, but most people probably aren't aware of all the interesting legacy code the OpenXML specification has brought to light. This article by Rob Weir details many of the crazy legacy features in the dark corners of OpenXML. As it concludes after analyzing specification requirements like suppressTopSpacingWP, 'so not only must an interoperable OOXML implementation first acquire and reverse-engineer a 14-year old version of Microsoft Word, it must also do the same thing with a 16-year old version of WordPerfect.'"

Cheeze asks: "As I am sure some of you know, Daylight Saving Time is slated to change this year thanks to The Energy Policy Act of 2005. This means nothing to the large majority of the population except they will either sleep late one day or have to commute in the dark. To a select few, this is a crunch time akin to the Y2K fiasco, only there has been almost zero publicity recently. These select few are the ones responsible for updating the millions of computers, both servers and workstations, with the new time zone information. For newer servers, this usually means just install a patch and reboot (which is slightly more than mildly inconvenient). For older servers, this is basically an 'End of Life' declaration. Servers running software for which no patch is available will be unable to update their own clocks. This doesn't seem like such a big deal until you realize Microsoft is only offering patches for Windows XP and beyond, and Sun will not be supporting Solaris 7 and older. That should knock a large percentage of the computers 1 hour off for a few weeks this spring. What are you doing in your datacenters to prepare?"

theodp writes "Microsoft said you could count on them to improve patent quality. For an example of how they're raising the bar on innovation, check out this just-published patent application for Emotiflags, which Microsoft explains solves the problem of indicating an emotion associated with an email message. At the risk of infringing on the patent, this one Makes Me Mad!"

futuresheet writes "Microsoft formally released its robotics software yesterday, giving would-be robot builders a new tool to make them do the things they do. The license for the software is $399, and the 'standard' Pioneer P3DX robot that's made for home use is $40,000. Just the same, if you want to give it a try, it is downloadable for free for non-commercial use, and includes a simulator to try things out on your computer." From the article: "It represents a new effort for the company that has Chairman Bill Gates raving about potential growth in a robotics industry that's already worth an estimated $11 billion a year or more. '[A]s I look at the trends that are now starting to converge, I can envision a future in which robotic devices will become a nearly ubiquitous part of our day-to-day lives,' Gates writes in the January issue of Scientific American. Microsoft is not making robots. Its Robotics Studio is software designed to program the devices to collect data from an array of sensors and perform all manner of functions."

jginspace writes "As per the advance notification, Microsoft's monthly security bulletin, released yesterday, addressed five general Windows issues and one in Visual Studio. It also included a fix for a problem in Outlook Express for a total of seven updates. As patch Tuesdays go it was fairly unremarkable. The only general Windows update labeled 'critical' is for a flaw in Media Player. As usual, there's a cumulative update for Internet Explorer, but significantly, the only versions of IE affected are 5 and 6. Version 7 is clean — which is welcome news in this first update since the upgrade was pushed to the world last month. Microsoft was silent on the two zero-day Word holes, one reported here and a new one. Sans is calling this 'Black Tuesday' and recommends patches be applied urgently for the Visual Studio and Media Player vulnerabilities. Sans is recommending the Heise Offline Update utility covered in a previous story."

jginspace writes "As per the advance notification, Microsoft's monthly security bulletin, released yesterday, addressed five general Windows issues and one in Visual Studio. It also included a fix for a problem in Outlook Express for a total of seven updates. As patch Tuesdays go it was fairly unremarkable. The only general Windows update labeled 'critical' is for a flaw in Media Player. As usual, there's a cumulative update for Internet Explorer, but significantly, the only versions of IE affected are 5 and 6. Version 7 is clean — which is welcome news in this first update since the upgrade was pushed to the world last month. Microsoft was silent on the two zero-day Word holes, one reported here and a new one. Sans is calling this 'Black Tuesday' and recommends patches be applied urgently for the Visual Studio and Media Player vulnerabilities. Sans is recommending the Heise Offline Update utility covered in a previous story."

jginspace writes "As per the advance notification, Microsoft's monthly security bulletin, released yesterday, addressed five general Windows issues and one in Visual Studio. It also included a fix for a problem in Outlook Express for a total of seven updates. As patch Tuesdays go it was fairly unremarkable. The only general Windows update labeled 'critical' is for a flaw in Media Player. As usual, there's a cumulative update for Internet Explorer, but significantly, the only versions of IE affected are 5 and 6. Version 7 is clean — which is welcome news in this first update since the upgrade was pushed to the world last month. Microsoft was silent on the two zero-day Word holes, one reported here and a new one. Sans is calling this 'Black Tuesday' and recommends patches be applied urgently for the Visual Studio and Media Player vulnerabilities. Sans is recommending the Heise Offline Update utility covered in a previous story."

prostoalex writes "Microsoft announced the release of free XNA Game Studio Express tools for developing C# games that run on both Windows and XBox. They're also selling XNA Creators Club subscriptions, which, similar to MSDN subscriptions, offer access to sample code and additional documentation. Also, Microsoft is explicitly aiming towards uniting the Windows and XBox development platforms: 'You will have to compile the game once for each platform. In this release simply create a separate project for each platform and then compile them both. Our goal is to allow as much code as possible to be shared between those two projects, allowing you to use the same source files in both projects, but platform-specific code will need to be conditionally-compiled.'"

prostoalex writes "Microsoft announced the release of free XNA Game Studio Express tools for developing C# games that run on both Windows and XBox. They're also selling XNA Creators Club subscriptions, which, similar to MSDN subscriptions, offer access to sample code and additional documentation. Also, Microsoft is explicitly aiming towards uniting the Windows and XBox development platforms: 'You will have to compile the game once for each platform. In this release simply create a separate project for each platform and then compile them both. Our goal is to allow as much code as possible to be shared between those two projects, allowing you to use the same source files in both projects, but platform-specific code will need to be conditionally-compiled.'"

Sktea writes "A spokesman for Microsoft has said that they will issue no patches on the next 'Patch Tuesday' for versions of Word vulnerable to the recent zero-day threat. There is no mention whatsoever of the omission in the latest advance notification at the company's security site." From the article: "The software maker is working on a security update, but apparently needs more time. The company did not specify how many flaws Tuesday's updates will address or in which components of Windows the holes lie. The Visual Studio update could offer a patch for a zero-day vulnerability in the developer tools that was made public last month. "

0xbl00d writes "Eweek.com is reporting a new Microsoft Word zero-day attack underway. Microsoft issued a security advisory to acknowledge the unpatched flaw, which affects Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac and Microsoft Word 2004 v. X for Mac. The Microsoft Works 2004, 2005 and 2006 suites are also affected because they include Microsoft Word. Simply opening a word document will launch the exploit. There are no pre-patch workarounds or anti-virus signatures available. Microsoft suggests that users 'not open or save Word files,' even from trusted sources."

eldavojohn writes "Software giant Microsoft is helping the law track down and find phishers and political borders are no boundary for them. From the article, 'One court case in Turkey has already led to a 2.5-year prison sentence for a so-called "phisher" in Turkey, and another four cases against teenagers have been settled out of court, Microsoft said on Wednesday, eight months after it announced the launch of a Global Phishing Enforcement Initiative in March.' This initiative started back in March and has resulted in 129 lawsuits in Europe & the Middle East. Perhaps their legions of lawyers will come to some use for the rest of us but teenagers settling out of court? That reeks of RIAA/MPAA tactics to me."

MikeWeller writes, "Microsoft has recently announced a new licensing program for the Office 2007 user interface. This page links to the license and an MSDN Channel9 interview about the program (featuring a lawyer). The program 'allows virtually anyone to obtain a royalty-free license to use the new Office UI in a software product. There's only one limitation: if you are building a program which directly competes with Word, Excel, PowerPoint, Outlook, or Access (the Microsoft applications with the new UI), you can't obtain the royalty-free license.' What does this mean for OpenOffice? Will traditional menus/toolbars hold up to an ever-increasing number of features, or will OO be forced to take on a new UI paradigm? With the gap between OO and MS Office widening, how is this going to affect users trying to move between the two platforms?" You need to sign the license before you can get the 120-page UI implementation guidelines, which are confidential.

IO ERROR writes "Patrick Svenburg, program manager for Windows Client Solutions in Microsoft Federal, answered questions from government IT managers today about the upcoming Windows Vista release. Many of the questions were about BitLocker, Microsoft's new drive encryption technology, as well as other security questions, upgrading from Windows XP, IPv6 deployment and more. Svenburg is a member of the Windows Vista Launch Team and is leading early adoption efforts for Windows Vista within the Federal community, according to Government Computer News."

Lord Satri writes "Microsoft has announced the launch of Virtual Earth 3D. There are numerous screenshots to be seen, as well as a Google Earth comparison from Spatially Adjusted. You can read the Google Earth Blog on why he thinks it's not a threat to Google. C|Net's coverage and the official press release provide lots of concrete details of the product. You can also read more from the development side or see the CBS report on Virtual Earth 3D. My main gripe: Windows and Internet Explorer 6/7 only. From the official press release: 'When people visit Live Search, type a query into the search box and click the "Maps" tab, they get their search results in a map context that offers the option to explore the area using two-dimensional views (aerial and bird's-eye) or three dimensional models with Virtual Earth 3D. This new technology compiles photographic images of cities and terrain to generate textured, photorealistic 3-D models with engineering level accuracy.'"

Jimmy T writes "Microsoft and Secunia are warning about the discovery of a new 'Zero-day' vulnerability affecting all Microsoft based operating systems except Windows 2003. Both companies states that the vulnerability is currently being exploited by malicious websites. One attack vector is through Internet Explorer 6/7 — so be aware where you surf to."

androthi writes "Scott Granneman takes a look at some surprises in Microsoft Vista's EULA that limit what security professionals and others can do with the new operating system. You want to post benchmarking results? Well, Microsoft may now have a say in it. Vista's EULA no longer shows up on Microsoft's software licensing page, but does still exist — also take note of Windows DRM deciding what you can and can not listen to, and Defender deciding and removing what it considers spyware automatically (by default)."

jimbojw writes, "Internet Explorer 7 was finally released this morning and is available via automatic update or download from Microsoft." And an anonymous reader notes stats on IE7 and FF2 downloads, adding: "Looks like FF2 is already outnumbering FF 1.5, while IE7 is having a hard time to find followers. Will today's release as a high-priority, force-fed update fix this issue?" The sans.org stats site will be updated throughout the day, so perhaps we'll get an indication.

morcego asks: "As we are all too much aware, spam is an increasing problem. Each of us has our own set of tools and methods to try and reduce the amount of spam we receive, each with different pros and cons. Also, on a more broad front, we have options like SPF (+ SRS), Microsoft's own Caller-ID, and Yahoo's DomainKeys that we can use. These days, it is incredibly easy to implement any (or all of these), using publicly available frameworks and libraries (libspf2, and milter, to name a few). I have been using SPF for quite some time now with some measurable results, although nothing earth shattering. Which of these are you using, if any? Why, or why not? Do you think any of them really contribute anything to fight spam?"

filenavigator writes "Microsoft issued a press release today publicizing the release of Windows Media Player 11. Looks like the major updates in this version are for the Microsoft marketing engine. Features boasted by Microsoft include better integration with media players sanctioned by them, and integration with their new URGE music service. Additionally, and more importantly, this version contains the latest in Microsoft DRM software. Interested parties can download a free copy"

filenavigator writes "Microsoft issued a press release today publicizing the release of Windows Media Player 11. Looks like the major updates in this version are for the Microsoft marketing engine. Features boasted by Microsoft include better integration with media players sanctioned by them, and integration with their new URGE music service. Additionally, and more importantly, this version contains the latest in Microsoft DRM software. Interested parties can download a free copy"

We got lots and lots of questions for Dean Hachamovitch, whose formal title is "general manager Internet Explorer at Microsoft Corp." Picking a mere 10 of those questions was not easy, and I wish Dean could have answered twice as many -- and so does he, but his schedule has been tight this week. Anyway, here are his answers to the Chosen Ten. 1) How about this...
by also-rr

Would you like to make available IE on other operating systems?

Dean Hachamovitch:

We did make versions of IE available on other operating system for a pretty long time, up through IE5 on Unix and the Mac. At the time we developed them, those offerings made sense. I don't see a good reason to make IE available on other operating systems at this time.

2) IE7 release time
by BeeBeard Why did IE7 take such a long time to release after IE6?



Dean Hachamovitch:

Basically because we were doing a lot of other things before we started work on IE7: a few releases of MSN Explorer, a lot of work on what turned out to be Windows Presentation Foundation, a lot of investment in what turned into IPv6 support in Windows Vista, and lot of security response, a pretty intense effort on Windows Server 2003 (and IE's "Enhanced Security Configuration"), and then a pretty intense effort on Windows XPSP2. You can read a more detailed answer here

3) Follow up
by LordEd

If you had more time, is there a new feature you would have liked to include in IE7?

Dean Hachamovitch:

Yes, several come to mind. None were more important than shipping. None were more important than the bug fix work we did in response to beta feedback.

The temptation to get "just one more feature in" is so strong... one more CSS fix, one more neat facility for developers, one more performance optimization, one more cool end-user feature. The thing that made it easier to resist the temptation and ship is the prototype and planning work we've started on the next release of IE.

4) Simple questions
by Billosaur

IE has a dominating command of the market, although Firefox is slowly making inroads, due to innovations such as tabbed browsing that IE has had to incorporate to maintain that command. But where are the IE innovations? Why can't the IE team get ahead of the curve on Firefox? Is there anything you consider an innovation that is unique to IE that would plausibly be something the browser market would have to incorporate to stay competitive?

Dean Hachamovitch:

I think IE7 is the first browser with integrated real-time anti-phishing functionality, with an RSS platform and support for Simple List Extensions (see below), with "QuickTabs," with support for OpenSearch, and with shrink-to-fit printing on by default. In Windows Vista with Protected Mode, IE7 is the first browser to "put itself into a sandbox" and run with low privileges.

I think that during the IE7 beta process, you've seen other browser vendors copy some of these features and/or deliver add-ons for others. (IE has also delivered some functionality - like spell-checking in forms or in-line find, as add-ons; you can read more here.

I want to call out the Phishing Filter and RSS in particular. I think there's a clear difference between the protection offered in IE7 and other places. I suggest readers look here and here and decide for themselves. I was surprised when I read this because I think IE7 delivers real-time protection that respects user privacy at the same time.

I think IE7's RSS is pretty deep. First, the support for the Simple List Extensions that we made available under a Creative Commons license is cool - check out the links below in IE7. Also, the platform enables developers to deliver on some great scenarios, like sharing subscription information between different applications and services easily (from the new version of Outlook 2007 I run at work to IE7 at home via Newsgator). You can read more about that here.

- Amazon Wish List as an RSS feed

- eBay Search Result as an RSS feed

- Yahoo Music Top 10 list as an RSS feed

In regards to tabs, according to http://en.wikipedia.org/wiki/Tabbed_browsing, NetCaptor (an IE-based browser) was first.

5) My shot
by Njovich

What do you consider the greatest weakness of Firefox?

Dean Hachamovitch:

Hey, I've met a bunch of the Firefox folks and respect them and am not about to say mean things about them or their product, period. I have started to see some things that even some Slashdotters find a little confusing, like the whole Iceweasel thing.

6) Security
by Seto89

One of IE7's revolutionary features was supposed to be security, although it took less than 24 hours for Secunia to post an advisory about a security hole. Moreover, the bug seemed to be carried over from as early as IE5.5. What approach did you take to improve browser's security, and how come the vulnerabilities have been carried over?

Dean Hachamovitch:

The overall approach we took is called the secure development lifecycle. You can read more about it in general at http://msdn.microsoft.com/security/default.aspx?pull=/library/en-us/dnsecure/html/sdl.asp and http://www.microsoft.com/MSPress/books/8753.asp. The very short version is that we stepped back to analyze all the ways to attack a browser and then figured out the best ways to defend in depth against attacks. We reduced attack surface area, for example, turning off several feature and protocols by default and with ActiveX opt-in. We re-wrote a lot of the URL handling code in our networking layer. We ran a lot of tools against the source code to look for vulnerabilities. We listened to feedback from lots of smart people who are skilled in the art of attack.

As anyone who reads SecurityFocus or FullDisclosure will tell you, security is an industry problem and innovation in attacks is ongoing.

The MHTML issue is pretty interesting. IE calls another Windows component to handle some MTHML functionality. That component has a vulnerability. The important things here are (1) a malicious site can steal user data and (2) of course Microsoft cares about privacy and will fix this issue promptly. Some of the blogs over at zdnet - in particular George Ou's and Ed Bott's, have had some balanced opinion pieces on this issue.

While I was writing this, someone disclosed another issue irresponsibly. On the one hand, it's minor (a malicious site can make the address bar, when it's selected and in a pop-up window, deceiving... clicking in the pop-up window addresses the issue) and our anti-phishing technology helps a lot. The MSRC blog has more detail. At the same time, an attacker could draw a fake or misleading address bar in a pop-up window in a browser that doesn't automatically show the address bar in every window. Again, I think all this shows is that innovation in attacks is ongoing.

7) How about this....
by Toreo asesino

Let's pretend for a moment that Internet Explorer isn't the default web-browser built into Windows and instead, users are presented with a choice on first login (e.g. a message asking 'How would you like to browse the internet? MSIE, Firefox, Opera').

Would you expect IE to become as dominant as it is now if users had to specifically choose it over another?

Ignoring the slight impracticalities, if so (I'm guessing you do), on what basis would this be?

Dean Hachamovitch:

OK, I'll pretend. My first question is when we ask users this question... if it's in 1995, then Opera isn't on the list (Wikipedia just told me that its first public release was in 1996) and neither is Firefox. If it's today, then, candidly, we have 10+ years of people seeing the IE icon and all that that means to them.

The funny thing about your question is that in some ways, users are about two clicks from this scenario every time they run Windows XP: from the Start menu, select Set Program Access and Defaults. And it's not limited to the browsers you list, but any browser that they can download.

To answer your core question: I don't know how people would answer that question. I think we've asked users far simpler ones (like setup programs that ask "Do you want a typical or custom software installation?") that have proven frustrating to them. I do blog searches just about every day to read what people are saying about their browser choice, the browser I work on, and the other browsers you list. While it may surprise you, for many users, the differences between today's browsers aren't as clear and obvious as they may seem to many in the Slashdot crowd. I've read a lot of posts that say, "I tried IE7, I'm pleasantly surprised, and I'm switching back." (I read a lot of others for sure.) For some folks, having professional technical support to contact makes all the difference in their browser choice. During a press interview with a technical trade journal recently I asked the reporter "So what do you browse with" and he said "Mostly IE6, sometimes Firefox 1.5." That might surprise some of you.

8) Allowing Developers to Test for Compatibility
by miyako

IE7, like IE6, renders a lot of pages significantly differently than the other main HTML rendering engines available (Geko, KHTML, and Opera). At the same time, IE7 requires WGA to run - so that applications like Wine are unable to run it. This means that web developers who are using Linux and Mac OS X will have an extremely difficult time testing their sites with IE7. Was this intentional? If so what was the reason behind it (do you want to force developers to move to Windows for web development, or simply set IE aside as something different that isn't a regular browser and must be specifically developed for), and if not how do you plan to rectify the situation?

Dean Hachamovitch:

I think the core of your question is about giving away Windows licenses for free. We love developers, period. We're also not about to give away Windows client licenses. Because we want end-users to have a great experience on the web, of course we want web developers to have an easy experience working with IE and testing their sites with IE. That's why we published tools like the web developer toolbar and the Application Compatibility Toolkit and so much documentation during the course of IE7 development. I also respect that - as hard as everyone at Microsoft works to make Windows the best operating system for developers run - some developers will choose to run others. Mac developers have a fine solution - I've talked with hardcore Mac people who bought a copy of Windows that they run on their Mac with Parallels to test their work in IE. For other developers, I've seen some very clever solutions like BrowserCam that should help.

9) I asked Hakon about CSS and now I ask you:
by Chabil Ha'

This past summer Håkon Wium Lie was interviewed on /. and my question was selected concerning IE7's glaring lack of full CSS support. Why is it that MS has avoided meeting at least the ACID2 spec for CSS in order to bring some semblance of comformity for developers?

Håkon Wium Lie's response to these questions is boiled down to the fact that you do have the talent and resources to fix these issues and he says that "the fundamental reason, I believe, is that standards don't benefit monopolists" like MS.

How do you respond to his comments (the author of the CSS spec) and does MS have any near future plans to adhere to the existing CSS standard? If not, what would it take for MS to take a more proactive role in supporting it?

Dean Hachamovitch:

During IE7's development, we prioritized the work we did based on the web development community's real-world feedback. The engineering exercise here was choosing the best work for a finite number of developers to do during a finite period of time, especially given the compatibility impact of changing how IE behaves. The work that we delivered in IE7 simply has more positive impact and makes web developers' jobs easier than making an arbitrary (if terribly clever) web page render the way its author intended.

The Acid 2 test explicitly states that it isn't part of a formal compliance suite and it is not a "spec for CSS." It's a suite of tests of HTML, CSS, PNG, and data URL features that Mr. Lie thought were important. I'm glad that Mr. Lie - who is one of the authors of the CSS specifications - acknowledges that Microsoft's developers have the talent to address these issues.

The question here isn't whether we want to support those features or if we understand that web developers want them (we do), but simply prioritization. We focused on web developers' real world problems.

The real goal here is interoperability - something that Microsoft product teams believe in (remember, Microsoft has more than one product that works with HTML, CSS, and other web standards, and they have to interoperate too) and something that benefits customers (end-users, developers, IT Pros, et al.) across the board. The work in Windows Vista around IPv6 as well as the work we've done in IE7 with OpenSearch, RSS and with Certificate Authorities and other browser vendors on Extended Validation certificates are good examples of following through on that belief in interoperability.

Your question also asks about Microsoft's plans to comply with the existing CSS standard; there are actually several CSS standards, some still under construction (CSS level 3) and some made obsolete over time (e.g. CSS 2.1 fixing errors, removing ambiguities and changing required behavior from CSS 2). Just as we did in IE7, we're going to listen to the web development community and prioritize the remaining CSS work and deliver the parts we hear are most important first. We do intend to comply with the standard; no other browser I'm aware of has complete support of every feature in CSS 2.1, so it's clear that we all have to use prioritization to know where best to place our resources.

10) Why develop IE at all
by CmdrGravy

Given that you are not planning on selling IE 7 and the fact that there are already other browsers on the market which can allow Windows users to experience the web fully why is Microsoft investing so much time and effort in continuing the development of IE?

Dean Hachamovitch:

Windows customers expect the best, safest experience with their PCs out of the box, especially around the web browser. We're investing so much time and effort in IE in order to give Windows customers a great, secure, default experience. I'm glad that users can choose other browsers as they see fit - Windows is a platform. We're working this hard on IE because so many end-users rely on it and so many developers have built on the APIs that IE exposes as a part of the Windows platform.

-------

Editor's note: Next week's Slashdot interview guest will be a FireFox person. Only fair, right? :)

We got lots and lots of questions for Dean Hachamovitch, whose formal title is "general manager Internet Explorer at Microsoft Corp." Picking a mere 10 of those questions was not easy, and I wish Dean could have answered twice as many -- and so does he, but his schedule has been tight this week. Anyway, here are his answers to the Chosen Ten. 1) How about this...
by also-rr

Would you like to make available IE on other operating systems?

Dean Hachamovitch:

We did make versions of IE available on other operating system for a pretty long time, up through IE5 on Unix and the Mac. At the time we developed them, those offerings made sense. I don't see a good reason to make IE available on other operating systems at this time.

2) IE7 release time
by BeeBeard Why did IE7 take such a long time to release after IE6?



Dean Hachamovitch:

Basically because we were doing a lot of other things before we started work on IE7: a few releases of MSN Explorer, a lot of work on what turned out to be Windows Presentation Foundation, a lot of investment in what turned into IPv6 support in Windows Vista, and lot of security response, a pretty intense effort on Windows Server 2003 (and IE's "Enhanced Security Configuration"), and then a pretty intense effort on Windows XPSP2. You can read a more detailed answer here

3) Follow up
by LordEd

If you had more time, is there a new feature you would have liked to include in IE7?

Dean Hachamovitch:

Yes, several come to mind. None were more important than shipping. None were more important than the bug fix work we did in response to beta feedback.

The temptation to get "just one more feature in" is so strong... one more CSS fix, one more neat facility for developers, one more performance optimization, one more cool end-user feature. The thing that made it easier to resist the temptation and ship is the prototype and planning work we've started on the next release of IE.

4) Simple questions
by Billosaur

IE has a dominating command of the market, although Firefox is slowly making inroads, due to innovations such as tabbed browsing that IE has had to incorporate to maintain that command. But where are the IE innovations? Why can't the IE team get ahead of the curve on Firefox? Is there anything you consider an innovation that is unique to IE that would plausibly be something the browser market would have to incorporate to stay competitive?

Dean Hachamovitch:

I think IE7 is the first browser with integrated real-time anti-phishing functionality, with an RSS platform and support for Simple List Extensions (see below), with "QuickTabs," with support for OpenSearch, and with shrink-to-fit printing on by default. In Windows Vista with Protected Mode, IE7 is the first browser to "put itself into a sandbox" and run with low privileges.

I think that during the IE7 beta process, you've seen other browser vendors copy some of these features and/or deliver add-ons for others. (IE has also delivered some functionality - like spell-checking in forms or in-line find, as add-ons; you can read more here.

I want to call out the Phishing Filter and RSS in particular. I think there's a clear difference between the protection offered in IE7 and other places. I suggest readers look here and here and decide for themselves. I was surprised when I read this because I think IE7 delivers real-time protection that respects user privacy at the same time.

I think IE7's RSS is pretty deep. First, the support for the Simple List Extensions that we made available under a Creative Commons license is cool - check out the links below in IE7. Also, the platform enables developers to deliver on some great scenarios, like sharing subscription information between different applications and services easily (from the new version of Outlook 2007 I run at work to IE7 at home via Newsgator). You can read more about that here.

- Amazon Wish List as an RSS feed

- eBay Search Result as an RSS feed

- Yahoo Music Top 10 list as an RSS feed

In regards to tabs, according to http://en.wikipedia.org/wiki/Tabbed_browsing, NetCaptor (an IE-based browser) was first.

5) My shot
by Njovich

What do you consider the greatest weakness of Firefox?

Dean Hachamovitch:

Hey, I've met a bunch of the Firefox folks and respect them and am not about to say mean things about them or their product, period. I have started to see some things that even some Slashdotters find a little confusing, like the whole Iceweasel thing.

6) Security
by Seto89

One of IE7's revolutionary features was supposed to be security, although it took less than 24 hours for Secunia to post an advisory about a security hole. Moreover, the bug seemed to be carried over from as early as IE5.5. What approach did you take to improve browser's security, and how come the vulnerabilities have been carried over?

Dean Hachamovitch:

The overall approach we took is called the secure development lifecycle. You can read more about it in general at http://msdn.microsoft.com/security/default.aspx?pull=/library/en-us/dnsecure/html/sdl.asp and http://www.microsoft.com/MSPress/books/8753.asp. The very short version is that we stepped back to analyze all the ways to attack a browser and then figured out the best ways to defend in depth against attacks. We reduced attack surface area, for example, turning off several feature and protocols by default and with ActiveX opt-in. We re-wrote a lot of the URL handling code in our networking layer. We ran a lot of tools against the source code to look for vulnerabilities. We listened to feedback from lots of smart people who are skilled in the art of attack.

As anyone who reads SecurityFocus or FullDisclosure will tell you, security is an industry problem and innovation in attacks is ongoing.

The MHTML issue is pretty interesting. IE calls another Windows component to handle some MTHML functionality. That component has a vulnerability. The important things here are (1) a malicious site can steal user data and (2) of course Microsoft cares about privacy and will fix this issue promptly. Some of the blogs over at zdnet - in particular George Ou's and Ed Bott's, have had some balanced opinion pieces on this issue.

While I was writing this, someone disclosed another issue irresponsibly. On the one hand, it's minor (a malicious site can make the address bar, when it's selected and in a pop-up window, deceiving... clicking in the pop-up window addresses the issue) and our anti-phishing technology helps a lot. The MSRC blog has more detail. At the same time, an attacker could draw a fake or misleading address bar in a pop-up window in a browser that doesn't automatically show the address bar in every window. Again, I think all this shows is that innovation in attacks is ongoing.

7) How about this....
by Toreo asesino

Let's pretend for a moment that Internet Explorer isn't the default web-browser built into Windows and instead, users are presented with a choice on first login (e.g. a message asking 'How would you like to browse the internet? MSIE, Firefox, Opera').

Would you expect IE to become as dominant as it is now if users had to specifically choose it over another?

Ignoring the slight impracticalities, if so (I'm guessing you do), on what basis would this be?

Dean Hachamovitch:

OK, I'll pretend. My first question is when we ask users this question... if it's in 1995, then Opera isn't on the list (Wikipedia just told me that its first public release was in 1996) and neither is Firefox. If it's today, then, candidly, we have 10+ years of people seeing the IE icon and all that that means to them.

The funny thing about your question is that in some ways, users are about two clicks from this scenario every time they run Windows XP: from the Start menu, select Set Program Access and Defaults. And it's not limited to the browsers you list, but any browser that they can download.

To answer your core question: I don't know how people would answer that question. I think we've asked users far simpler ones (like setup programs that ask "Do you want a typical or custom software installation?") that have proven frustrating to them. I do blog searches just about every day to read what people are saying about their browser choice, the browser I work on, and the other browsers you list. While it may surprise you, for many users, the differences between today's browsers aren't as clear and obvious as they may seem to many in the Slashdot crowd. I've read a lot of posts that say, "I tried IE7, I'm pleasantly surprised, and I'm switching back." (I read a lot of others for sure.) For some folks, having professional technical support to contact makes all the difference in their browser choice. During a press interview with a technical trade journal recently I asked the reporter "So what do you browse with" and he said "Mostly IE6, sometimes Firefox 1.5." That might surprise some of you.

8) Allowing Developers to Test for Compatibility
by miyako

IE7, like IE6, renders a lot of pages significantly differently than the other main HTML rendering engines available (Geko, KHTML, and Opera). At the same time, IE7 requires WGA to run - so that applications like Wine are unable to run it. This means that web developers who are using Linux and Mac OS X will have an extremely difficult time testing their sites with IE7. Was this intentional? If so what was the reason behind it (do you want to force developers to move to Windows for web development, or simply set IE aside as something different that isn't a regular browser and must be specifically developed for), and if not how do you plan to rectify the situation?

Dean Hachamovitch:

I think the core of your question is about giving away Windows licenses for free. We love developers, period. We're also not about to give away Windows client licenses. Because we want end-users to have a great experience on the web, of course we want web developers to have an easy experience working with IE and testing their sites with IE. That's why we published tools like the web developer toolbar and the Application Compatibility Toolkit and so much documentation during the course of IE7 development. I also respect that - as hard as everyone at Microsoft works to make Windows the best operating system for developers run - some developers will choose to run others. Mac developers have a fine solution - I've talked with hardcore Mac people who bought a copy of Windows that they run on their Mac with Parallels to test their work in IE. For other developers, I've seen some very clever solutions like BrowserCam that should help.

9) I asked Hakon about CSS and now I ask you:
by Chabil Ha'

This past summer Håkon Wium Lie was interviewed on /. and my question was selected concerning IE7's glaring lack of full CSS support. Why is it that MS has avoided meeting at least the ACID2 spec for CSS in order to bring some semblance of comformity for developers?

Håkon Wium Lie's response to these questions is boiled down to the fact that you do have the talent and resources to fix these issues and he says that "the fundamental reason, I believe, is that standards don't benefit monopolists" like MS.

How do you respond to his comments (the author of the CSS spec) and does MS have any near future plans to adhere to the existing CSS standard? If not, what would it take for MS to take a more proactive role in supporting it?

Dean Hachamovitch:

During IE7's development, we prioritized the work we did based on the web development community's real-world feedback. The engineering exercise here was choosing the best work for a finite number of developers to do during a finite period of time, especially given the compatibility impact of changing how IE behaves. The work that we delivered in IE7 simply has more positive impact and makes web developers' jobs easier than making an arbitrary (if terribly clever) web page render the way its author intended.

The Acid 2 test explicitly states that it isn't part of a formal compliance suite and it is not a "spec for CSS." It's a suite of tests of HTML, CSS, PNG, and data URL features that Mr. Lie thought were important. I'm glad that Mr. Lie - who is one of the authors of the CSS specifications - acknowledges that Microsoft's developers have the talent to address these issues.

The question here isn't whether we want to support those features or if we understand that web developers want them (we do), but simply prioritization. We focused on web developers' real world problems.

The real goal here is interoperability - something that Microsoft product teams believe in (remember, Microsoft has more than one product that works with HTML, CSS, and other web standards, and they have to interoperate too) and something that benefits customers (end-users, developers, IT Pros, et al.) across the board. The work in Windows Vista around IPv6 as well as the work we've done in IE7 with OpenSearch, RSS and with Certificate Authorities and other browser vendors on Extended Validation certificates are good examples of following through on that belief in interoperability.

Your question also asks about Microsoft's plans to comply with the existing CSS standard; there are actually several CSS standards, some still under construction (CSS level 3) and some made obsolete over time (e.g. CSS 2.1 fixing errors, removing ambiguities and changing required behavior from CSS 2). Just as we did in IE7, we're going to listen to the web development community and prioritize the remaining CSS work and deliver the parts we hear are most important first. We do intend to comply with the standard; no other browser I'm aware of has complete support of every feature in CSS 2.1, so it's clear that we all have to use prioritization to know where best to place our resources.

10) Why develop IE at all
by CmdrGravy

Given that you are not planning on selling IE 7 and the fact that there are already other browsers on the market which can allow Windows users to experience the web fully why is Microsoft investing so much time and effort in continuing the development of IE?

Dean Hachamovitch:

Windows customers expect the best, safest experience with their PCs out of the box, especially around the web browser. We're investing so much time and effort in IE in order to give Windows customers a great, secure, default experience. I'm glad that users can choose other browsers as they see fit - Windows is a platform. We're working this hard on IE because so many end-users rely on it and so many developers have built on the APIs that IE exposes as a part of the Windows platform.

-------

Editor's note: Next week's Slashdot interview guest will be a FireFox person. Only fair, right? :)

Luis Escalante writes "After over a year and a half, IE7 has been released to the public as of Monday afternoon. Download it directly here. Word hit the streets after several mangers of the IE division posted on the IE blog."

scriptedfun writes "The BBC reports on how bedroom coders might regain their place in the game development world by providing the industry 'an injection of imagination.' Microsoft's XNA Game Studio Express (covered previously on Slashdot) is given a special mention, but the article points out that 'the concept behind XNA is nothing new,' citing Sony's Net Yaroze as another example. With user-generated content fueling innovation in many aspects of technology, current initiatives by the major players to provide easy access to game development tools may just redefine the face of next-gen gaming. Peter Molyneux, creator of Populous, says: 'It's 100% down to the passion that people have, and the ability to perhaps bring in other people, maybe from all around the world on the internet, and create something.'"

An anonymous reader writes "Bowing to pressure from European antitrust regulators and rival security vendors, Microsoft has agreed to modify Windows Vista to better accommodate third-party security software makers. In a press conference Friday, Microsoft said it would configure Vista to let third-party anti-virus and other security software makers bypass 'PatchGuard,' a feature in 64-bit versions of Windows Vista designed to bar access to the Windows kernel. Microsoft said it would create an API to let third-party vendors access the kernel and to disable the Windows Security Center so that users would not be prompted by multiple alerts about operating system security. In addition, Redmond said it would modify the welcome screen presented to Vista users to include links to other security software other than Microsoft's own OneCare suite. From the article: 'It looks like Microsoft was really testing the waters here, sort of pushing the limits of antitrust and decided they probably couldn't cross that line just yet.'"

raist_online asks: "After long years of X11 (and recently Mac OS X) I'm now in a job that mandates Windows and uses some Windows-only tools, providing us with XP Pro installs. Using VMWare with dual heads means I can still mostly live in X11-based goodness but I'm really missing a virtual desktop when I have to use Windows. The MS Powertoy doesn't really cut it for me and I've been trying out Cooldesk (some task-bar integration but not behaving well) and altdesk (which is OK but doesn't integrate into the task-bar). I'm really looking for something as simple as the standard X11 pager. Please note that I HAVE to use native Windows for some things so suggestions for Wine / VMWare inside Linux are missing the point. Slashdot, what are your suggestions?"

Jonathan asks: "As someone who has been following the development of software verification technology, a recent trend has intrigued me. It seems that the formal method people have finally come down off their high horse and are offering code verification as just another tool. This approach shows up in recent Java and C# based code verification tools that aren't aimed at 'proving correctness' so much as finding potential errors. Now it seems that such an approach is beginning to find its way into XP methods[pdf] as another verification tool to supplement unit tests. Given the current speed and effectiveness of tools like the Spec# verifier, is code verification via automated theorem proving finally going to make its way into the mainstream?"

Uncle Rummy writes, "Microsoft has quietly released an official patch for the zero-day VML vulnerability. The patch was publicly available yesterday, But Microsoft has just added it to the Security Bulletin Index." Eight days from time of first report to patch is pretty fast for Microsoft, and is almost two weeks ahead of their normal patch schedule. This security flaw was being aggressively exploited out in the wild.

Uncle Rummy writes, "Microsoft has quietly released an official patch for the zero-day VML vulnerability. The patch was publicly available yesterday, But Microsoft has just added it to the Security Bulletin Index." Eight days from time of first report to patch is pretty fast for Microsoft, and is almost two weeks ahead of their normal patch schedule. This security flaw was being aggressively exploited out in the wild.

walterbyrd writes "Linux Journal has published an article by Glyn Moody, about the Microsoft sponsored study: The Economic Impact of Microsoft Windows Vista (pdf). Apparently Moody feels that the economic effects of MS-Vista being delayed in Europe would not be as dire as Microsoft would have the world believe." From the article: "The implication is that the European Commission would be crazy to jeopardize these wonderful benefits by clipping the wings of this digital golden goose, or even grounding it completely. The white paper looks tremendously professional, and is filled with tables, bar and pie charts; it has suitably serious discussions of methodology, and even introduces a few measured caveats: who could doubt its conclusions? What makes this FUD so impressive is that this attention to detail obscures the sleight of hand that is going on here. The white paper may predict sales by the "Microsoft ecosystem" of over $40 billion in six of Europe's biggest economies, but what this figure hides is the fact that income for Microsoft and its chums is a cost for the rest of Europe."

SEMW writes "Microsoft has published the preliminary Official User Interface Guidelines for Windows Vista. Highlights include Top 12 Rules for the Windows Vista User Experience — and the use of screenshots from Windows XP as examples of what not to do. The full guidelines are as yet incomplete, but what is there makes for interesting reading."

SEMW writes "Microsoft has published the preliminary Official User Interface Guidelines for Windows Vista. Highlights include Top 12 Rules for the Windows Vista User Experience — and the use of screenshots from Windows XP as examples of what not to do. The full guidelines are as yet incomplete, but what is there makes for interesting reading."

SEMW writes "Microsoft has published the preliminary Official User Interface Guidelines for Windows Vista. Highlights include Top 12 Rules for the Windows Vista User Experience — and the use of screenshots from Windows XP as examples of what not to do. The full guidelines are as yet incomplete, but what is there makes for interesting reading."

Toreo asesino writes, "Microsoft is tightening the screws on their up & coming DRM platform. First, Windows Media Player 11 removes the right to move music from one machine to another. According to their website, WMP11 'does not permit you to back up your media usage rights (previously known as licenses).' Worse, if you rip your own CDs and the 'Copy protect music' option is turned on, WMP11 will require you to 'connect to a Microsoft Web page that explains how to restore your rights a limited number of times.'" The Inquirer has an even more jaundiced take on Microsoft's turn of the thumbscrew.

NYGiant writes "Microsoft IPTV isn't cutting it for Verizon, Ars Technica reports, so they've taken over parts of the project. Verizon is in a rush to perfect its IPTV service, which is based on Microsoft's IPTV software. The problem is that to run well, Microsoft's software needs more memory than Verizon's set top boxes ship with. From the article: 'Under the terms of that deal, Verizon would use Microsoft's Foundation Edition middleware stack. Microsoft would also supply a set of customer-facing applications. While Foundation Edition remains in use by Verizon, the development of the other applications was taken over by Verizon engineers.'"

wubo writes, "Microsoft is apparently stepping up its anti-piracy measures by publishing the locations and specifics of their pending lawsuits. Check out the snazzy map — warms me heart and soul." And to even the scales of justice, one of the last remaining class-action antitrust lawsuits filed against Microsoft in a state court is set to go to trial in Iowa later this year. An anonymous reader writes, "Iowa consumers who purchased Microsoft products in the last 12 years are being represented in a class action anti-trust lawsuit against Microsoft. The jury trial begins on November 13 and is expected to last 6 months." Bill Gates is on the witness list.

Andy Updegrove writes, "Microsoft has just posted the text of a new promise not to assert its patents with respect to 35 listed Web Services standards. The promise is similar to the covenant not to assert patents that it issued last year with respect to its Office 2003 XML Reference Schema, with two important improvements intended to make it more clearly compatible with open source licensing. Those changes are to add an explicit promise not to assert any relevant patents against anyone in the distribution chain of a product, from the original vendor through to the end user; and to clarify that the promise covers a partial as well as a full implementation of a standard. It's all part of a recent wave of such pledges made by companies such as IBM, Nokia, and Oracle, and a significant shift in how Microsoft is dealing with open standards."