Slashdot Mirror

dotne writes "CNET has published an article called Acid2, Acid3 and the power of default. The article predicts that IE8 will not pass the Acid2 test after all: '[Another] scenario could be that Microsoft requires Web pages to change the default settings by flagging that they really, really want to be rendered correctly. Web pages already have a way to say this (called doctype switching, which is supported by all browsers), but Microsoft has all but announced that IE8 will support yet another scheme. If the company decides to implement the new scheme, the Acid2 test — and all the other pages that use doctype switching — will not be rendered correctly.' Microsoft's IE8 render modes have been discussed here previously, and they've caused an uproar in the web development community. According to the scheme, authors must put Microsoft-specific <meta> tags into their pages in order for them to be rendered correctly. I doubt Acid2, nor Acid3 will have Microsoft extensions in them."

Dak RIT writes "In a blog post this week, Microsoft's IE Platform Architect, Chris Wilson, confirmed that IE8 will use three distinct modes to render web pages. The first two modes will render pages the same as IE7, depending on whether or not a DOCTYPE is provided ('Quirks Mode' and 'Standards Mode'). However, in order to take advantage of the improved standards compliance in IE8, Web developers will have to opt-in by adding an additional meta tag to their web pages. This improved standards mode is the same that was recently reported to pass the Acid 2 test, as was discussed here."

Angostura writes "Microsoft's team blog for Microsoft Excel and Excel Services has responded with a denial to the earlier report that Visual Basic for Applications will disappear from Windows Office in 2009. The Slashdot discussion on the report on Tuesday got pretty animated."

Disgruntled Fungus writes "A few months ago, we discussed Microsoft's intention to open source the .NET libraries. According to a developer's official blog, the source code is now available. The source to libraries such as System, IO, Windows.Forms, etc. can now be viewed and used for debugging purposes from within Visual Studio. Instructions for doing so have also been provided. The source code has been released with a read-only license and 'does not apply to users developing software for a non-Windows platform that has "the same or substantially the same features or functionality" as the .NET Framework.'"

skolima writes "In response to requests for even easier access to the Binary Formats, Microsoft has agreed to remove any intermediate steps necessary to get the documentation. They're going to just post it, making it directly available as a download on the Microsoft web site. Microsoft will also make the Binary Formats subject to its Open Specification Promise by February 15, 2008. They're even planning to include an Open Source converter implementation."

Geoffrey.landis writes "Microsoft apologized to rival software vendor Corel Corp. for saying that Corel's file format posed a security risk, and issued a set of tools to unblock file types that had been blocked by default in the December Office 2003 service pack. In his blog on the Microsoft site, David Leblanc says 'We did a poor job of describing the default format changes.' He goes on to explain, 'We stated that it was the file formats that were insecure, but this is actually not correct. A file format isn't insecure — it's the code that reads the format that's more or less secure.' As noted by News.com, 'it is the parsing code that Office 2003 uses to open and save the file types that is less secure.' Larry Seltzer at pcmag.com also blogs the story."

akintayo writes "Digitimes reports that first-tier notebook manufacturers are increasing the standard installed memory from the current 1 GB to 4GB. They claim the move is an attempt to shore up the costs of DRAM chips, which are currently depressed because of a glut in market. The glut is supposedly due to increased manufacturing capacity and the slow adoption of Microsoft's Vista operating system. The proposed move is especially interesting, given that 32-bit Vista and XP cannot access 4 GB of memory. They have a practical 3.1 — 3.3 GB limit. With Vista SP1 it seems that Microsoft has decided to fix the problem by reporting the installed memory rather than the available memory."

notamicrosoftlover writes to tell us Channel9 is reporting that Internet Explorer 8 has correctly rendered the Acid2 page in "standards mode". "With respect to standards and interoperability, our goal in developing Internet Explorer 8 is to support the right set of standards with excellent implementations and do so without breaking the existing web. This second goal refers to the lessons we learned during IE 7. IE7's CSS improvements made IE more compliant with some standards and less compatible with some sites on the web as they were coded. Many sites and developers have done special work to work well with IE6, mostly as a result of the evolution of the web and standards since 2001 and the level of support in the various versions of IE that pre-date many standards. We have a responsibility to respect the work that sites have already done to work with IE. We must deliver improved standards support and backwards compatibility so that IE8 (1) continues to work with the billions of pages on the web today that already work in IE6 and IE7 and (2) makes the development of the next billion pages, in an interoperable way, much easier. We'll blog more, and learn more, about this during the IE8 beta cycle." There's also a video interview regarding IE8 development on Channel9."

notamicrosoftlover writes to tell us Channel9 is reporting that Internet Explorer 8 has correctly rendered the Acid2 page in "standards mode". "With respect to standards and interoperability, our goal in developing Internet Explorer 8 is to support the right set of standards with excellent implementations and do so without breaking the existing web. This second goal refers to the lessons we learned during IE 7. IE7's CSS improvements made IE more compliant with some standards and less compatible with some sites on the web as they were coded. Many sites and developers have done special work to work well with IE6, mostly as a result of the evolution of the web and standards since 2001 and the level of support in the various versions of IE that pre-date many standards. We have a responsibility to respect the work that sites have already done to work with IE. We must deliver improved standards support and backwards compatibility so that IE8 (1) continues to work with the billions of pages on the web today that already work in IE6 and IE7 and (2) makes the development of the next billion pages, in an interoperable way, much easier. We'll blog more, and learn more, about this during the IE8 beta cycle." There's also a video interview regarding IE8 development on Channel9."

Game|Life has a rundown on the Fall Update for Xbox Live. In addition to the Friend of a Friend feature we discussed last week, you'll also be seeing the first of the Xbox Originals download titles, a few Arcade games will be a bit lower cost, and a new 'family timer' option will let parents put caps on service use time. "You'll also be able to expand your bio, providing more detailed information about yourself to the Xbox Live community ... apparently I wasn't the only one going blind trying to watch those itty-bitty move previews, because now you'll be able to see them full-screen. The update also comes with "enhanced video codec support," which means that your DivX and Xvid files will play on your 360." Remember, if you don't want everyone seeing the folks on your Friends List you need to change your settings now. Plus, everybody should snag Psychonauts; make Tim Schafer a happy man for Christmas.

Kelson writes "The Internet Explorer team has updated the installer for IE7. Mostly they've adjusted a few defaults and updated their tutorials, but one change stands out: The installer no longer requires Windows Genuine Advantage validation. Almost a year after its release, IE7 has yet to overtake its predecessor. Was WGA holding back a tide of potential upgrades, or did it just send people over to alternative browsers?"

Erris writes "As commentators like Ars Technica slam WGA as deeply flawed, Microsoft is blaming human error and swears it won't happen again. 'Alex Kochis, Microsofts senior WGA product manager, wrote in a blog posting that the troubles began after preproduction code was installed on live servers. ... rollback fixed the problem on the product-activation servers within 30 minutes ... but it didnt reset the validation servers. ... "we didnt have the right monitoring in place to be sure the fixes had the intended effect"' Critics were not impressed. 'A system thats not totally reliable really should not be so punitive, said Gartner Inc. analyst Michael Silver. Michael Cherry, an analyst at Directions on Microsoft in Kirkland, Wash., said he was surprised that it was even possible to accidentally load the wrong code onto live servers ... [and asks], "what other things have they not done?' This is not the first time this has happened, either."

krewemaynard writes to let us know that Microsoft has been having major problems with its WGA servers since at least Friday evening. Quoting Ars: "Users of both Windows XP and Windows Vista were writing to say that they could not validate their installations using WGA, and one user even said that his installation was invalidated by the service... The Microsoft WGA Forums are full of problem reports, and Microsoft WGA Program Manager Phil Liu has acknowledged that there is a problem, and that MS is investigating." Update: 07/25 22:10 GMT by KD :Microsoft has identified and fixed the problem and posted instructions for anyone whose system mistakenly failed a WGA check. (The link posted earlier was to a 2006 article.)

randommsdev writes "Microsoft has announced the release of Windows Live ID Web Authentication. This means that WLID (formerly known as Passport) is now opened to third party websites to use as their authentication system. Any Windows Live user can potentially log in to a website that implements Web Authentication. Interestingly sample implementations are available in the Ruby, Python, Perl, and PHP open source languages amongst others — tested on openSUSE 10.2 but expected to work on any platform that supports these languages. More details are available in the SDK documentation."

Erebus writes "Jamie Cansdale released a free addin to Visual Studio back in 2004 to help developers build unit tests. His only problem was, he enable his addin for all versions of VS - including the Express addition which isn't suppose to support addins. After over a year of trying to talk with Microsoft and understand how and why he was in violation of their license agreement, during which they would never explain specifically which clause in the license was being violated, they sent the lawyers after him and pulled his MVP status. To top it all off, Jamie is actually a Java developer by day — his addin was originally developed just as a hobby project. A full account is available on his blog, including all email correspondence he had with Microsoft and the now 3 letters received from Microsoft lawyers. The lead product manager for Visual Studio Express has responded to Jamie's posts."

Erebus writes "Jamie Cansdale released a free addin to Visual Studio back in 2004 to help developers build unit tests. His only problem was, he enable his addin for all versions of VS - including the Express addition which isn't suppose to support addins. After over a year of trying to talk with Microsoft and understand how and why he was in violation of their license agreement, during which they would never explain specifically which clause in the license was being violated, they sent the lawyers after him and pulled his MVP status. To top it all off, Jamie is actually a Java developer by day — his addin was originally developed just as a hobby project. A full account is available on his blog, including all email correspondence he had with Microsoft and the now 3 letters received from Microsoft lawyers. The lead product manager for Visual Studio Express has responded to Jamie's posts."

mrcaseyj writes "A post on the IE blog criticizes some banks for no longer using secure connections for entire login pages and only encrypting the password as it goes back to the bank. This prevents simple password sniffing but doesn't prevent a man in the middle attack from replacing the unsecured login page with one that has disabled encryption. This is especially a problem if you are using an unencrypted wireless connection such as at a coffee shop, because hackers can easily use the airpwn package to intercept the login page and steal your password. An easy remedy for when a secure page isn't available is to enter a bad username and password which usually brings up a secure page telling you to try again. But can you really trust your money to a bank that doesn't even offer the option of a secure login page?"

bheer writes "Raymond Chen's blog has always been popular with Win32 developers and those interested in the odd bits of history that contribute to Windows' quirks. In a recent post, he talks about how an error he committed led to the recall of a Windows security patch."

PetManimal writes "Mati Aharoni's discovery of three flaws in Word using a fuzzer (screenshots) has been discounted by Microsoft, which claims that the crashes and malformed Word documents are a feature of Word, not a bug. Microsoft's Security Response Center is also refusing to classify the flaws as security problems. According to Microsoft developer David LeBlanc, crashes aren't necessarily DoS situations: 'You may rightfully say that crashing is always bad, and having a server-class app background, I agree. Crashing means you made a mistake, bad programmer, no biscuit. However, crashing may be the lesser of the evils in many places. In the event that our apps crash, we have recovery mechanisms, ways to report the crash so we know what function had the problem, and so on. I really take issue with those who would characterize a client-side crash as a denial of service.' Computerworld's Frank Hayes responds to LeBlanc and questions Microsoft's logic.'"

An anonymous reader writes "BlueJ is a popular academic IDE which lets students have a visual programming interface. Microsoft copied the design in their 'Object Test Bench' feature in Visual Studio 2005 and even admitted it. Now, a patent application has come to light which patents the very same feature, blatantly ignoring prior art."

Kelson writes "Internet Explorer 7 hit the 100 million download mark last week. Yet in the three months it's been available, Firefox's market share has continued to grow. InformationWeek reports that nearly all of IE7's growth has been upgrades from IE6. People don't seem to be switching back to IE in significant numbers, prompting analysts to wonder: has Microsoft finally met its match?"

davidmcg writes "Finally, Microsoft has made steps to make testing IE6 and IE7 easier for Windows users. Previously, you had to pay for an additional Windows license to legally run both versions of IE for testing purposes. Now Microsoft is making available free Windows XP/IE6 images available for VirtualPC (also free as MS is competing with VMWare). This means that you can run IE6 in a virtual machine while running IE7 on your host machine. The drawback is that the download is set to expire April 2007 ... although we are promised new versions will be released. What Microsoft doesn't mention is that Virtual PC also runs on Windows 2000 (and IE7 doesn't). Therefore it's possible to install this Windows XP VPC image on your Win2k machine. You can then update IE6 on the XP image to IE7, testing IE7 without upgrading from Win2k. This is all-around excellent news for web developers."

MikeWeller writes, "Microsoft has recently announced a new licensing program for the Office 2007 user interface. This page links to the license and an MSDN Channel9 interview about the program (featuring a lawyer). The program 'allows virtually anyone to obtain a royalty-free license to use the new Office UI in a software product. There's only one limitation: if you are building a program which directly competes with Word, Excel, PowerPoint, Outlook, or Access (the Microsoft applications with the new UI), you can't obtain the royalty-free license.' What does this mean for OpenOffice? Will traditional menus/toolbars hold up to an ever-increasing number of features, or will OO be forced to take on a new UI paradigm? With the gap between OO and MS Office widening, how is this going to affect users trying to move between the two platforms?" You need to sign the license before you can get the 120-page UI implementation guidelines, which are confidential.

gbjbaanb writes "Raymond Chen (of ancient Microsoft heritage) has a blog where he describes some of the things he's worked on, as well as oddments of obscure code and design decisions in Windows. Regardless of what anyone thinks of Windows, it is informative and often thought-provoking. Recently, Raymond posted an entry about backwards compatibility, and why it is such a big deal for large corporations. Something that I have read about on Slashdot regularly (where Windows is criticized for bothering with it at all), I thought readers would be interested in exactly why Microsoft spends so much effort on backwards compatibility, and by inference, why it is an important topic for getting Linux adopted by big business."

gbjbaanb writes "Raymond Chen (of ancient Microsoft heritage) has a blog where he describes some of the things he's worked on, as well as oddments of obscure code and design decisions in Windows. Regardless of what anyone thinks of Windows, it is informative and often thought-provoking. Recently, Raymond posted an entry about backwards compatibility, and why it is such a big deal for large corporations. Something that I have read about on Slashdot regularly (where Windows is criticized for bothering with it at all), I thought readers would be interested in exactly why Microsoft spends so much effort on backwards compatibility, and by inference, why it is an important topic for getting Linux adopted by big business."

Lord Satri writes "Microsoft has announced the launch of Virtual Earth 3D. There are numerous screenshots to be seen, as well as a Google Earth comparison from Spatially Adjusted. You can read the Google Earth Blog on why he thinks it's not a threat to Google. C|Net's coverage and the official press release provide lots of concrete details of the product. You can also read more from the development side or see the CBS report on Virtual Earth 3D. My main gripe: Windows and Internet Explorer 6/7 only. From the official press release: 'When people visit Live Search, type a query into the search box and click the "Maps" tab, they get their search results in a map context that offers the option to explore the area using two-dimensional views (aerial and bird's-eye) or three dimensional models with Virtual Earth 3D. This new technology compiles photographic images of cities and terrain to generate textured, photorealistic 3-D models with engineering level accuracy.'"

filenavigator writes "Microsoft has delayed the automatic install of IE 7 in Japan. There's an an interesting response in one of the MSDN blogs. IT pros are saying that they have done this because business users asked it to be delayed. It seems to me many business users here in North America wanted it to be delayed as well, but were forced to scramble and deploy IE 7 blocking software. This looks like more proof that the IE 7 automatic push was more for marketing reasons, than security. If it were a security issue, than why wait on the Japanese push?" Does anyone know the 'technical' reason that the autoinstall was delayed?

linuxci writes "Firefox 2.0 has had over two million downloads in 24 hours with a peak rate of over 30 downloads a second. This means Firefox is well on track to beat IE7's three million in four days. Of course stats don't equal users but it's interesting to see that the demand for Firefox is currently outstripping IE."

We got lots and lots of questions for Dean Hachamovitch, whose formal title is "general manager Internet Explorer at Microsoft Corp." Picking a mere 10 of those questions was not easy, and I wish Dean could have answered twice as many -- and so does he, but his schedule has been tight this week. Anyway, here are his answers to the Chosen Ten. 1) How about this...
by also-rr

Would you like to make available IE on other operating systems?

Dean Hachamovitch:

We did make versions of IE available on other operating system for a pretty long time, up through IE5 on Unix and the Mac. At the time we developed them, those offerings made sense. I don't see a good reason to make IE available on other operating systems at this time.

2) IE7 release time
by BeeBeard Why did IE7 take such a long time to release after IE6?



Dean Hachamovitch:

Basically because we were doing a lot of other things before we started work on IE7: a few releases of MSN Explorer, a lot of work on what turned out to be Windows Presentation Foundation, a lot of investment in what turned into IPv6 support in Windows Vista, and lot of security response, a pretty intense effort on Windows Server 2003 (and IE's "Enhanced Security Configuration"), and then a pretty intense effort on Windows XPSP2. You can read a more detailed answer here

3) Follow up
by LordEd

If you had more time, is there a new feature you would have liked to include in IE7?

Dean Hachamovitch:

Yes, several come to mind. None were more important than shipping. None were more important than the bug fix work we did in response to beta feedback.

The temptation to get "just one more feature in" is so strong... one more CSS fix, one more neat facility for developers, one more performance optimization, one more cool end-user feature. The thing that made it easier to resist the temptation and ship is the prototype and planning work we've started on the next release of IE.

4) Simple questions
by Billosaur

IE has a dominating command of the market, although Firefox is slowly making inroads, due to innovations such as tabbed browsing that IE has had to incorporate to maintain that command. But where are the IE innovations? Why can't the IE team get ahead of the curve on Firefox? Is there anything you consider an innovation that is unique to IE that would plausibly be something the browser market would have to incorporate to stay competitive?

Dean Hachamovitch:

I think IE7 is the first browser with integrated real-time anti-phishing functionality, with an RSS platform and support for Simple List Extensions (see below), with "QuickTabs," with support for OpenSearch, and with shrink-to-fit printing on by default. In Windows Vista with Protected Mode, IE7 is the first browser to "put itself into a sandbox" and run with low privileges.

I think that during the IE7 beta process, you've seen other browser vendors copy some of these features and/or deliver add-ons for others. (IE has also delivered some functionality - like spell-checking in forms or in-line find, as add-ons; you can read more here.

I want to call out the Phishing Filter and RSS in particular. I think there's a clear difference between the protection offered in IE7 and other places. I suggest readers look here and here and decide for themselves. I was surprised when I read this because I think IE7 delivers real-time protection that respects user privacy at the same time.

I think IE7's RSS is pretty deep. First, the support for the Simple List Extensions that we made available under a Creative Commons license is cool - check out the links below in IE7. Also, the platform enables developers to deliver on some great scenarios, like sharing subscription information between different applications and services easily (from the new version of Outlook 2007 I run at work to IE7 at home via Newsgator). You can read more about that here.

- Amazon Wish List as an RSS feed

- eBay Search Result as an RSS feed

- Yahoo Music Top 10 list as an RSS feed

In regards to tabs, according to http://en.wikipedia.org/wiki/Tabbed_browsing, NetCaptor (an IE-based browser) was first.

5) My shot
by Njovich

What do you consider the greatest weakness of Firefox?

Dean Hachamovitch:

Hey, I've met a bunch of the Firefox folks and respect them and am not about to say mean things about them or their product, period. I have started to see some things that even some Slashdotters find a little confusing, like the whole Iceweasel thing.

6) Security
by Seto89

One of IE7's revolutionary features was supposed to be security, although it took less than 24 hours for Secunia to post an advisory about a security hole. Moreover, the bug seemed to be carried over from as early as IE5.5. What approach did you take to improve browser's security, and how come the vulnerabilities have been carried over?

Dean Hachamovitch:

The overall approach we took is called the secure development lifecycle. You can read more about it in general at http://msdn.microsoft.com/security/default.aspx?pull=/library/en-us/dnsecure/html/sdl.asp and http://www.microsoft.com/MSPress/books/8753.asp. The very short version is that we stepped back to analyze all the ways to attack a browser and then figured out the best ways to defend in depth against attacks. We reduced attack surface area, for example, turning off several feature and protocols by default and with ActiveX opt-in. We re-wrote a lot of the URL handling code in our networking layer. We ran a lot of tools against the source code to look for vulnerabilities. We listened to feedback from lots of smart people who are skilled in the art of attack.

As anyone who reads SecurityFocus or FullDisclosure will tell you, security is an industry problem and innovation in attacks is ongoing.

The MHTML issue is pretty interesting. IE calls another Windows component to handle some MTHML functionality. That component has a vulnerability. The important things here are (1) a malicious site can steal user data and (2) of course Microsoft cares about privacy and will fix this issue promptly. Some of the blogs over at zdnet - in particular George Ou's and Ed Bott's, have had some balanced opinion pieces on this issue.

While I was writing this, someone disclosed another issue irresponsibly. On the one hand, it's minor (a malicious site can make the address bar, when it's selected and in a pop-up window, deceiving... clicking in the pop-up window addresses the issue) and our anti-phishing technology helps a lot. The MSRC blog has more detail. At the same time, an attacker could draw a fake or misleading address bar in a pop-up window in a browser that doesn't automatically show the address bar in every window. Again, I think all this shows is that innovation in attacks is ongoing.

7) How about this....
by Toreo asesino

Let's pretend for a moment that Internet Explorer isn't the default web-browser built into Windows and instead, users are presented with a choice on first login (e.g. a message asking 'How would you like to browse the internet? MSIE, Firefox, Opera').

Would you expect IE to become as dominant as it is now if users had to specifically choose it over another?

Ignoring the slight impracticalities, if so (I'm guessing you do), on what basis would this be?

Dean Hachamovitch:

OK, I'll pretend. My first question is when we ask users this question... if it's in 1995, then Opera isn't on the list (Wikipedia just told me that its first public release was in 1996) and neither is Firefox. If it's today, then, candidly, we have 10+ years of people seeing the IE icon and all that that means to them.

The funny thing about your question is that in some ways, users are about two clicks from this scenario every time they run Windows XP: from the Start menu, select Set Program Access and Defaults. And it's not limited to the browsers you list, but any browser that they can download.

To answer your core question: I don't know how people would answer that question. I think we've asked users far simpler ones (like setup programs that ask "Do you want a typical or custom software installation?") that have proven frustrating to them. I do blog searches just about every day to read what people are saying about their browser choice, the browser I work on, and the other browsers you list. While it may surprise you, for many users, the differences between today's browsers aren't as clear and obvious as they may seem to many in the Slashdot crowd. I've read a lot of posts that say, "I tried IE7, I'm pleasantly surprised, and I'm switching back." (I read a lot of others for sure.) For some folks, having professional technical support to contact makes all the difference in their browser choice. During a press interview with a technical trade journal recently I asked the reporter "So what do you browse with" and he said "Mostly IE6, sometimes Firefox 1.5." That might surprise some of you.

8) Allowing Developers to Test for Compatibility
by miyako

IE7, like IE6, renders a lot of pages significantly differently than the other main HTML rendering engines available (Geko, KHTML, and Opera). At the same time, IE7 requires WGA to run - so that applications like Wine are unable to run it. This means that web developers who are using Linux and Mac OS X will have an extremely difficult time testing their sites with IE7. Was this intentional? If so what was the reason behind it (do you want to force developers to move to Windows for web development, or simply set IE aside as something different that isn't a regular browser and must be specifically developed for), and if not how do you plan to rectify the situation?

Dean Hachamovitch:

I think the core of your question is about giving away Windows licenses for free. We love developers, period. We're also not about to give away Windows client licenses. Because we want end-users to have a great experience on the web, of course we want web developers to have an easy experience working with IE and testing their sites with IE. That's why we published tools like the web developer toolbar and the Application Compatibility Toolkit and so much documentation during the course of IE7 development. I also respect that - as hard as everyone at Microsoft works to make Windows the best operating system for developers run - some developers will choose to run others. Mac developers have a fine solution - I've talked with hardcore Mac people who bought a copy of Windows that they run on their Mac with Parallels to test their work in IE. For other developers, I've seen some very clever solutions like BrowserCam that should help.

9) I asked Hakon about CSS and now I ask you:
by Chabil Ha'

This past summer Håkon Wium Lie was interviewed on /. and my question was selected concerning IE7's glaring lack of full CSS support. Why is it that MS has avoided meeting at least the ACID2 spec for CSS in order to bring some semblance of comformity for developers?

Håkon Wium Lie's response to these questions is boiled down to the fact that you do have the talent and resources to fix these issues and he says that "the fundamental reason, I believe, is that standards don't benefit monopolists" like MS.

How do you respond to his comments (the author of the CSS spec) and does MS have any near future plans to adhere to the existing CSS standard? If not, what would it take for MS to take a more proactive role in supporting it?

Dean Hachamovitch:

During IE7's development, we prioritized the work we did based on the web development community's real-world feedback. The engineering exercise here was choosing the best work for a finite number of developers to do during a finite period of time, especially given the compatibility impact of changing how IE behaves. The work that we delivered in IE7 simply has more positive impact and makes web developers' jobs easier than making an arbitrary (if terribly clever) web page render the way its author intended.

The Acid 2 test explicitly states that it isn't part of a formal compliance suite and it is not a "spec for CSS." It's a suite of tests of HTML, CSS, PNG, and data URL features that Mr. Lie thought were important. I'm glad that Mr. Lie - who is one of the authors of the CSS specifications - acknowledges that Microsoft's developers have the talent to address these issues.

The question here isn't whether we want to support those features or if we understand that web developers want them (we do), but simply prioritization. We focused on web developers' real world problems.

The real goal here is interoperability - something that Microsoft product teams believe in (remember, Microsoft has more than one product that works with HTML, CSS, and other web standards, and they have to interoperate too) and something that benefits customers (end-users, developers, IT Pros, et al.) across the board. The work in Windows Vista around IPv6 as well as the work we've done in IE7 with OpenSearch, RSS and with Certificate Authorities and other browser vendors on Extended Validation certificates are good examples of following through on that belief in interoperability.

Your question also asks about Microsoft's plans to comply with the existing CSS standard; there are actually several CSS standards, some still under construction (CSS level 3) and some made obsolete over time (e.g. CSS 2.1 fixing errors, removing ambiguities and changing required behavior from CSS 2). Just as we did in IE7, we're going to listen to the web development community and prioritize the remaining CSS work and deliver the parts we hear are most important first. We do intend to comply with the standard; no other browser I'm aware of has complete support of every feature in CSS 2.1, so it's clear that we all have to use prioritization to know where best to place our resources.

10) Why develop IE at all
by CmdrGravy

Given that you are not planning on selling IE 7 and the fact that there are already other browsers on the market which can allow Windows users to experience the web fully why is Microsoft investing so much time and effort in continuing the development of IE?

Dean Hachamovitch:

Windows customers expect the best, safest experience with their PCs out of the box, especially around the web browser. We're investing so much time and effort in IE in order to give Windows customers a great, secure, default experience. I'm glad that users can choose other browsers as they see fit - Windows is a platform. We're working this hard on IE because so many end-users rely on it and so many developers have built on the APIs that IE exposes as a part of the Windows platform.

-------

Editor's note: Next week's Slashdot interview guest will be a FireFox person. Only fair, right? :)

We got lots and lots of questions for Dean Hachamovitch, whose formal title is "general manager Internet Explorer at Microsoft Corp." Picking a mere 10 of those questions was not easy, and I wish Dean could have answered twice as many -- and so does he, but his schedule has been tight this week. Anyway, here are his answers to the Chosen Ten. 1) How about this...
by also-rr

Would you like to make available IE on other operating systems?

Dean Hachamovitch:

We did make versions of IE available on other operating system for a pretty long time, up through IE5 on Unix and the Mac. At the time we developed them, those offerings made sense. I don't see a good reason to make IE available on other operating systems at this time.

2) IE7 release time
by BeeBeard Why did IE7 take such a long time to release after IE6?



Dean Hachamovitch:

Basically because we were doing a lot of other things before we started work on IE7: a few releases of MSN Explorer, a lot of work on what turned out to be Windows Presentation Foundation, a lot of investment in what turned into IPv6 support in Windows Vista, and lot of security response, a pretty intense effort on Windows Server 2003 (and IE's "Enhanced Security Configuration"), and then a pretty intense effort on Windows XPSP2. You can read a more detailed answer here

3) Follow up
by LordEd

If you had more time, is there a new feature you would have liked to include in IE7?

Dean Hachamovitch:

Yes, several come to mind. None were more important than shipping. None were more important than the bug fix work we did in response to beta feedback.

The temptation to get "just one more feature in" is so strong... one more CSS fix, one more neat facility for developers, one more performance optimization, one more cool end-user feature. The thing that made it easier to resist the temptation and ship is the prototype and planning work we've started on the next release of IE.

4) Simple questions
by Billosaur

IE has a dominating command of the market, although Firefox is slowly making inroads, due to innovations such as tabbed browsing that IE has had to incorporate to maintain that command. But where are the IE innovations? Why can't the IE team get ahead of the curve on Firefox? Is there anything you consider an innovation that is unique to IE that would plausibly be something the browser market would have to incorporate to stay competitive?

Dean Hachamovitch:

I think IE7 is the first browser with integrated real-time anti-phishing functionality, with an RSS platform and support for Simple List Extensions (see below), with "QuickTabs," with support for OpenSearch, and with shrink-to-fit printing on by default. In Windows Vista with Protected Mode, IE7 is the first browser to "put itself into a sandbox" and run with low privileges.

I think that during the IE7 beta process, you've seen other browser vendors copy some of these features and/or deliver add-ons for others. (IE has also delivered some functionality - like spell-checking in forms or in-line find, as add-ons; you can read more here.

I want to call out the Phishing Filter and RSS in particular. I think there's a clear difference between the protection offered in IE7 and other places. I suggest readers look here and here and decide for themselves. I was surprised when I read this because I think IE7 delivers real-time protection that respects user privacy at the same time.

I think IE7's RSS is pretty deep. First, the support for the Simple List Extensions that we made available under a Creative Commons license is cool - check out the links below in IE7. Also, the platform enables developers to deliver on some great scenarios, like sharing subscription information between different applications and services easily (from the new version of Outlook 2007 I run at work to IE7 at home via Newsgator). You can read more about that here.

- Amazon Wish List as an RSS feed

- eBay Search Result as an RSS feed

- Yahoo Music Top 10 list as an RSS feed

In regards to tabs, according to http://en.wikipedia.org/wiki/Tabbed_browsing, NetCaptor (an IE-based browser) was first.

5) My shot
by Njovich

What do you consider the greatest weakness of Firefox?

Dean Hachamovitch:

Hey, I've met a bunch of the Firefox folks and respect them and am not about to say mean things about them or their product, period. I have started to see some things that even some Slashdotters find a little confusing, like the whole Iceweasel thing.

6) Security
by Seto89

One of IE7's revolutionary features was supposed to be security, although it took less than 24 hours for Secunia to post an advisory about a security hole. Moreover, the bug seemed to be carried over from as early as IE5.5. What approach did you take to improve browser's security, and how come the vulnerabilities have been carried over?

Dean Hachamovitch:

The overall approach we took is called the secure development lifecycle. You can read more about it in general at http://msdn.microsoft.com/security/default.aspx?pull=/library/en-us/dnsecure/html/sdl.asp and http://www.microsoft.com/MSPress/books/8753.asp. The very short version is that we stepped back to analyze all the ways to attack a browser and then figured out the best ways to defend in depth against attacks. We reduced attack surface area, for example, turning off several feature and protocols by default and with ActiveX opt-in. We re-wrote a lot of the URL handling code in our networking layer. We ran a lot of tools against the source code to look for vulnerabilities. We listened to feedback from lots of smart people who are skilled in the art of attack.

As anyone who reads SecurityFocus or FullDisclosure will tell you, security is an industry problem and innovation in attacks is ongoing.

The MHTML issue is pretty interesting. IE calls another Windows component to handle some MTHML functionality. That component has a vulnerability. The important things here are (1) a malicious site can steal user data and (2) of course Microsoft cares about privacy and will fix this issue promptly. Some of the blogs over at zdnet - in particular George Ou's and Ed Bott's, have had some balanced opinion pieces on this issue.

While I was writing this, someone disclosed another issue irresponsibly. On the one hand, it's minor (a malicious site can make the address bar, when it's selected and in a pop-up window, deceiving... clicking in the pop-up window addresses the issue) and our anti-phishing technology helps a lot. The MSRC blog has more detail. At the same time, an attacker could draw a fake or misleading address bar in a pop-up window in a browser that doesn't automatically show the address bar in every window. Again, I think all this shows is that innovation in attacks is ongoing.

7) How about this....
by Toreo asesino

Let's pretend for a moment that Internet Explorer isn't the default web-browser built into Windows and instead, users are presented with a choice on first login (e.g. a message asking 'How would you like to browse the internet? MSIE, Firefox, Opera').

Would you expect IE to become as dominant as it is now if users had to specifically choose it over another?

Ignoring the slight impracticalities, if so (I'm guessing you do), on what basis would this be?

Dean Hachamovitch:

OK, I'll pretend. My first question is when we ask users this question... if it's in 1995, then Opera isn't on the list (Wikipedia just told me that its first public release was in 1996) and neither is Firefox. If it's today, then, candidly, we have 10+ years of people seeing the IE icon and all that that means to them.

The funny thing about your question is that in some ways, users are about two clicks from this scenario every time they run Windows XP: from the Start menu, select Set Program Access and Defaults. And it's not limited to the browsers you list, but any browser that they can download.

To answer your core question: I don't know how people would answer that question. I think we've asked users far simpler ones (like setup programs that ask "Do you want a typical or custom software installation?") that have proven frustrating to them. I do blog searches just about every day to read what people are saying about their browser choice, the browser I work on, and the other browsers you list. While it may surprise you, for many users, the differences between today's browsers aren't as clear and obvious as they may seem to many in the Slashdot crowd. I've read a lot of posts that say, "I tried IE7, I'm pleasantly surprised, and I'm switching back." (I read a lot of others for sure.) For some folks, having professional technical support to contact makes all the difference in their browser choice. During a press interview with a technical trade journal recently I asked the reporter "So what do you browse with" and he said "Mostly IE6, sometimes Firefox 1.5." That might surprise some of you.

8) Allowing Developers to Test for Compatibility
by miyako

IE7, like IE6, renders a lot of pages significantly differently than the other main HTML rendering engines available (Geko, KHTML, and Opera). At the same time, IE7 requires WGA to run - so that applications like Wine are unable to run it. This means that web developers who are using Linux and Mac OS X will have an extremely difficult time testing their sites with IE7. Was this intentional? If so what was the reason behind it (do you want to force developers to move to Windows for web development, or simply set IE aside as something different that isn't a regular browser and must be specifically developed for), and if not how do you plan to rectify the situation?

Dean Hachamovitch:

I think the core of your question is about giving away Windows licenses for free. We love developers, period. We're also not about to give away Windows client licenses. Because we want end-users to have a great experience on the web, of course we want web developers to have an easy experience working with IE and testing their sites with IE. That's why we published tools like the web developer toolbar and the Application Compatibility Toolkit and so much documentation during the course of IE7 development. I also respect that - as hard as everyone at Microsoft works to make Windows the best operating system for developers run - some developers will choose to run others. Mac developers have a fine solution - I've talked with hardcore Mac people who bought a copy of Windows that they run on their Mac with Parallels to test their work in IE. For other developers, I've seen some very clever solutions like BrowserCam that should help.

9) I asked Hakon about CSS and now I ask you:
by Chabil Ha'

This past summer Håkon Wium Lie was interviewed on /. and my question was selected concerning IE7's glaring lack of full CSS support. Why is it that MS has avoided meeting at least the ACID2 spec for CSS in order to bring some semblance of comformity for developers?

Håkon Wium Lie's response to these questions is boiled down to the fact that you do have the talent and resources to fix these issues and he says that "the fundamental reason, I believe, is that standards don't benefit monopolists" like MS.

How do you respond to his comments (the author of the CSS spec) and does MS have any near future plans to adhere to the existing CSS standard? If not, what would it take for MS to take a more proactive role in supporting it?

Dean Hachamovitch:

During IE7's development, we prioritized the work we did based on the web development community's real-world feedback. The engineering exercise here was choosing the best work for a finite number of developers to do during a finite period of time, especially given the compatibility impact of changing how IE behaves. The work that we delivered in IE7 simply has more positive impact and makes web developers' jobs easier than making an arbitrary (if terribly clever) web page render the way its author intended.

The Acid 2 test explicitly states that it isn't part of a formal compliance suite and it is not a "spec for CSS." It's a suite of tests of HTML, CSS, PNG, and data URL features that Mr. Lie thought were important. I'm glad that Mr. Lie - who is one of the authors of the CSS specifications - acknowledges that Microsoft's developers have the talent to address these issues.

The question here isn't whether we want to support those features or if we understand that web developers want them (we do), but simply prioritization. We focused on web developers' real world problems.

The real goal here is interoperability - something that Microsoft product teams believe in (remember, Microsoft has more than one product that works with HTML, CSS, and other web standards, and they have to interoperate too) and something that benefits customers (end-users, developers, IT Pros, et al.) across the board. The work in Windows Vista around IPv6 as well as the work we've done in IE7 with OpenSearch, RSS and with Certificate Authorities and other browser vendors on Extended Validation certificates are good examples of following through on that belief in interoperability.

Your question also asks about Microsoft's plans to comply with the existing CSS standard; there are actually several CSS standards, some still under construction (CSS level 3) and some made obsolete over time (e.g. CSS 2.1 fixing errors, removing ambiguities and changing required behavior from CSS 2). Just as we did in IE7, we're going to listen to the web development community and prioritize the remaining CSS work and deliver the parts we hear are most important first. We do intend to comply with the standard; no other browser I'm aware of has complete support of every feature in CSS 2.1, so it's clear that we all have to use prioritization to know where best to place our resources.

10) Why develop IE at all
by CmdrGravy

Given that you are not planning on selling IE 7 and the fact that there are already other browsers on the market which can allow Windows users to experience the web fully why is Microsoft investing so much time and effort in continuing the development of IE?

Dean Hachamovitch:

Windows customers expect the best, safest experience with their PCs out of the box, especially around the web browser. We're investing so much time and effort in IE in order to give Windows customers a great, secure, default experience. I'm glad that users can choose other browsers as they see fit - Windows is a platform. We're working this hard on IE because so many end-users rely on it and so many developers have built on the APIs that IE exposes as a part of the Windows platform.

-------

Editor's note: Next week's Slashdot interview guest will be a FireFox person. Only fair, right? :)

About as timely an interview as you can get: Microsoft released Internet Explorer 7 last week, and today we're gathering questions for IE team general manager Dean Hachamovitch. As usual, please follow Slashdot interview rules when posting or moderating questions. We'll publish Dean's answers verbatim as soon as he replies.

About as timely an interview as you can get: Microsoft released Internet Explorer 7 last week, and today we're gathering questions for IE team general manager Dean Hachamovitch. As usual, please follow Slashdot interview rules when posting or moderating questions. We'll publish Dean's answers verbatim as soon as he replies.

writes "IE development team has released a list of CSS changes for IE7. Some of the notable new features are enabling :hover for all elements, and implementing position:fixed, and PNG transparency support. In addition, there is a long list of fixed bugs that plagued previous IE browsers for years. These changes (except for PNG transparency) only work under the <!DOCTYPE> switch to preserve compatibility with previous versions of IE."

An anonymous reader writes, "Microsoft plans to push out Internet Explorer 7 as a 'high priority update' when it ships security patches tomorrow, according to Washingtonpost.com's Security Fix blog. That means anyone who has Windows configured to download and install patches automagically from Redmond will be greeted with IE7 next time they boot up their machines. In related news, it appears IE's worldwide market share actually increased a couple of points since July, despite a number of high profile zero-day attacks this year." The article notes that the IE7 "containment wall" protected mode will not be available on XP, but only to those who purchase Vista.

Update: 10/09 21:26 GMT by kd : An anonymous reader points to this Microsoft blog posting where it is revealed that the article linked above is incorrect. IE7 will not be pushed tomorrow.

teslatug writes "Channel9 has an interview with Bill Hilf of the Open Source Software Lab at Microsoft. Hilf argues that the majority of companies advocate open source solely so that they can drive customers to their core business, which is not open source. He calls this his 'donut theory.' Hilf also sees RedHat in this model, with support being their core. He compares this to dating, where you have to offer your date value in order to entice them. In his view, Microsoft offers developers a platform where they can make money selling their software. The virtues of 'free as in freedom' and the value of open source to the desktop users are skirted, but he makes an interesting point about big businesses like IBM and Oracle."

LifeForm42 writes "Java guru and ServerSide.com creator Floyd Marinescu is on Microsoft's Channel 9. From the description of the interview: 'Floyd Marinescu is truly a leader in the coding community. Besides writing some of the most influential books in the Java world, he has brought developers together in two popular online venues which he founded: TheServerSide.com and TheServerSide.net. Now Floyd is using his unique talent for building virtual societies in a new endeavor called InfoQ. Whereas TheServerSide.com catered to a Java audience, and TheServerSide.net catered to Microsoft developers, InfoQ is a venue for programmers on any platform.'"

Kawahee writes "Microsoft, in conjunction with the announcement that they have finished Windows Vista RC1 have released Internet Explorer 7 RC1. Further commentary from the IE Blog post: 'The RC1 build includes improvements in performance, stability, security, and application compatibility. You may not notice many visible changes from the Beta 3 release; all we did was listen to your feedback, fix bugs that you reported, and make final adjustments to our CSS support.'"

An anonymous reader writes "Microsoft has posted a shared source version of its device emulator (which ships with Visual Studio 2005) for download. Primarily meant for academia to experiment with and build upon, it is licensed under the Microsoft Shared Source Academic License. Since it emulates the ARM processor, it can run all modern Windows Mobile and Windows CE operating systems. Barry Bond, the architect behind the emulator (and also Rotor, one of Microsoft's previous shared source offerings) has a blog post on the release."

An anonymous reader writes "Microsoft has posted a shared source version of its device emulator (which ships with Visual Studio 2005) for download. Primarily meant for academia to experiment with and build upon, it is licensed under the Microsoft Shared Source Academic License. Since it emulates the ARM processor, it can run all modern Windows Mobile and Windows CE operating systems. Barry Bond, the architect behind the emulator (and also Rotor, one of Microsoft's previous shared source offerings) has a blog post on the release."

GvG writes "After making Virtual Server available for free some time ago, Microsoft announced today it is offering Virtual PC as a free (as in beer) download. They also announced a change to the Vista license related to virtualization: Customers who deploy Windows Vista Enterprise have the ability to install up to four (4) copies of the operating system in a virtual machine for a single user on a single device. Even better, nothing in the license requires that Microsoft Virtualization technologies be used - if you want to use a competing product as your Virtualization solution, you still get the four extra licenses for use with VMs."

Apache4857 writes "It appears that Microsoft has finally caved. BetaNews is reporting that Microsoft is sponsoring an open source project to enable conversion between Open XML in Office 2007 and OpenDocument formats. The project, hosted on Sourceforge.net, made its initial release today. The Word 2007 conversion utility is expected to ship ship by the end of 2006, and similarly conversion utilities for Excel and PowerPoint are expected early next year." See the announcement in Brian Jones' blog (Jones is the Microsoft program manager responsible for Office file formats).

commander salamander writes "Over at the WinFS Team Blog, Quentin Clark states that Microsoft no longer plans to ship WinFS as a standalone software component. Instead, portions of the underlying technology will be included with the next release of SQL Server (codename Katmai) and ADO.NET. Does this spell the end for the true relational storage paradigm that Microsoft has been promising since Windows 95?"

anzev writes "A team manager for Windows for 5 years has decided to write a blog-essay about what caused Windows Vista project to miss the due date. Philip tells us in the blog, that Windows developers are writing an average of 5000 lines of code (which is *only* 1200 lines less than the national average of 6200 lines of code per year). He addresses issues like the Vista code being too complicated, the processes the developers have to follow too complex and a lot more. All in all it gives a nice insight into why Vista will be late, from a different perspective. Oh, and Slashdot gets mentioned too ;-)."

capt turnpike writes "It's no secret that Windows technology evangelist Robert Scoble (of Scobelizer blogging fame) is leaving Microsoft for a startup, but Microsoft Watch's Mary Jo Foley has the first exit interview with Scoble. Topics range from what Microsoft could have done to keep him spreading the word and building out MS's Channel 9 community site, where he sees MS going and more. From the article: 'There were times when I knew I was taking risks. I didn't know what would happen when I told Steve Ballmer that his leadership on the gay rights bill wasn't good.'"

goombah99 writes "Macosxhints is giving a set of tips that let any Mac user boot Windows Vista on a Mac. In this case, it's not a native Intel boot but rather VirtualPC running on a PPC G5 Mac. Thus Vista and Mac OS X can run concurrently. There are no extravagant hacks needed, just a matter of finding the right set of configurations to let VirtualPC present the proper disk images for mounting and BIOS settings to the installer. This bodes well for native installs onto the Intel Mac." Actually, there have been successful (though not glitch-free) installs of beta versions of Vista on Intel Macs for a few months now. Here's a report from Hans Verbeeck (Developer Evangelist for Microsoft EMEA) on putting Vista Beta 2 on a MacBook Pro.

borgboy writes "Windows Vista has gotten a lot of negative press recently following the release of the latest beta, especially regarding excessive prompting for privilege escalation for seemingly common activities. On his blog, Steve Hiskey, the Lead Program Manager for User Account Control in the Windows Security Core group, details what the issues with the excessive prompting are, what the design goals of the feature are, and how they plan to achieve them. Briefly - they know the excessive prompting is a royal pain, they know that have to reduce it to an absolute minimum to be both productive AND an effective security risk mitigation measure, and they want as much feedback as they can get on the beta."

Vitaly Friedman writes "Microsoft has revealed a surprising new feature for Word 2007: built-in blog publishing. The big surprise is this: the HTML that is generated is actually not that bad. 'Joe Friend, a lead program manager (Microsoft's term for a person who creates the specifications for software that programmers implement) has posted an entry on his blog regarding an interesting new feature being implemented for Word 2007: direct publishing of blogs to the web from within the program.'"

bariswheel writes "An important piece written by a Columbia Law professor addresses sensitive questions about the future of the Internet: "Is it a problem if the gatekeepers (i.e. a duopoly of the local phone and cable companies) discriminate between favored and disfavored uses of the Internet? How would you take it if AT&T makes it slower and harder to reach Gmail and quicker and easier to reach Yahoo! mail? What if I-95 announced an exclusive deal with General Motors to provide a special "rush-hour" lane for GM cars only? Is there something special about "carriers" and infrastructure--roads, canals, electric grids, trains, the Internet--that mandates special treatment? Should content providers like Google, or subscribers like us, pay for the bandwidth consumed?" Here's hoping that sites like Google Techtalks and Channel 9 remain 'free' and available for the next 10 years."

An anonymous reader writes "The BBC is running a short piece detailing Microsoft's newest step in testing Internet Explorer 7, which just went into Beta 2 yesterday. They're now offering free phone support to U.S., German, and Japanese users who try out the trial software." From the article: "'We believe that IE 7, even at this beta stage, is a significant improvement and we want as many people as possible to try it and use it,' said the browser development team in a post on its blog. 'IE 7 is feature complete and has been through significant compatibility and reliability testing. People (especially technology enthusiasts) will have a good experience with it,' continued the post. Microsoft said the new version addresses some problems affecting banking and news sites. It is also designed to be more secure than the current version, with built-in protection against malicious software and online phishing scams."

h0neyp0t writes "Harvard and Berkeley have released a study that shows why phishing attacks work (pdf). When asked if a phishing site was legit or a spoof, 23% of users use only the content of the website to make the decision! The majority of users ignore the address and SSL indicators in the browser. Some users think that favicons and lock icons in HTML are more important indicators. The paper hints that the proposed IE7 security indicators and multi-colored address bar will also suffer a similar fate. This study is brought to you by the people who developed the security skins Firefox extension."