Slashdot Mirror

I really like Paul Graham's view about great hackers and their aversion towards cubicles. Google may be a great company to work in with all their star hackers and what not, but it has not got its offices done right. For instance look at the Google's Australia office with the long rows of tables for their programmers.

Compare with the plush private offices that Microsoft provides to its developers developers developers.

As a side note, I had posted the links on this same topic some time ago, but can't seem to find it on slashdot now.

Actually, Microsoft has done a lot of work in this area. They have a model they claim works very well for creative teams, consisting of a "common" open work area with reconfigurable moving walls you can write on, surrounded by shared offices, plus "escape pods" where people can go be alone with their project. You can see a channel 9 video on this here: http://channel9.msdn.com/ShowPost.aspx?PostID=2383 21

It's very interesting.

Have you used Windows Vista or Office 2007? Quoting what you "read somewhere" as authorative without appropriate references is aliased as FUD. The new Office UI is definitely easier to use than the menu-based hierarchy of previous releases. It's not that Microsoft made the change on a whim - a lot of research went into it. Spend some time reading the Office UI Bible, a series of blog posts by the Office UI Lead PM and try and understand the motivation for the change.

CLICK HERE

And Microsoft can release any specs at any time so Linux could implement "interoperability" improvements.

The fact that Microsoft does not do either should tell you all you need to know about the "interoperability" bullshit.

You got a +5 for this. Nice work!

The problem is, you're wrong.

Here's the real truth:

Microsoft recently put out a set of almost 40 specifications under a new thing they've got called the "Open Specification Promise":

http://www.microsoft.com/interop/osp/default.mspx

Most of the standards revolve around XML-based web communications (SOAP, WSDL, WS-*), but there's also their Virtual Hard Disk format (VHD) that's used in their virtualization software, Sender ID related stuff (remember all the issues a couple years ago that this "standard" wouldn't fly because it wasn't free enough for open source use? no longer), and Office XML formats (2003 and 2007).

The people who cameup with this stuff can be seen in a Channel 9 interview explaining it in more detail:

http://channel9.msdn.com/showpost.aspx?postid=2590 77

They're very explicit in stating that open-source developers working on Linux can implement these specifications that Microsoft devised without having to enter a license agreement, pay royalties, or worry about being sued for patent infringement or whatever. Jean Paoli is one of the people interviewed... he's one of the creators of XML, by the way, so you can probably imagine the scope of his personal interest in seeing XML-based standards being as widely adopted as possible. And if that's not enough to convince you, even Lawrencse Rosen (google him if you don't know the name) approves of Microsoft's OSP initiative.

Now, granted, these are not the keys to the Windows kingdom, but it's a step in the right direction, and Microsoft should be encouraged to get as many specs out into the Open as possible, as soon as possible.

[quoted: how many people could there possible be who import text files from Unix systems]

Answer: EVERY SINGLE F**KING ONE OF THE WINDOWS USERS HERE.

I'd like to know how they managed to add utf-8 support to Notepad, remove that 64K barrier you mentioned, and still not fix the linefeed problem.

And why Word and wordpad and VC++ IDE and every single other program I try on Windows has no problem handling bare linefeeds

Also the "standard textbox" displays linefeeds as newlines. It has to, considering you can give it a constant string from in-memory in a C program.

What you are talking about is a specialized widget that edits file contents only.

Let's see: average programmer in the US in 2001 produced 6200 lines of code per year, according to Gartner.

6200 lines/year * 10 words/line = 62000 words/year

62000 words/year / 1080 hours/year = 57 words/hour

57 words/hour / 60 mins/hour = 1 wpm

Apparently, considering no coder types at anywhere near 1 wpm, writing code is bottlenecked by thinking, not typing.

I agree. I would love to see a stateful, strongly typed web architecture. Basically a streaming application. What a nightmare it is today to write a large/complex system with a scripting language like Javascript and this XmlHttpRequest hack job. People have done some interesting things to abstract this stuff away from us, but I'm still not satisfied. I'm not sure why Java web applets were never too successful, well I can guess, but maybe WPFe can improve upon Java webapplets and take us to where I would like to see the web. http://channel9.msdn.com/showpost.aspx?postid=1933 67
http://blogs.msdn.com/mharsh/archive/2006/03/23/55 9106.aspx

I agree. I would love to see a stateful, strongly typed web architecture. Basically a streaming application. What a nightmare it is today to write a large/complex system with a scripting language like Javascript and this XmlHttpRequest hack job. People have done some interesting things to abstract this stuff away from us, but I'm still not satisfied. I'm not sure why Java web applets were never too successful, well I can guess, but maybe WPFe can improve upon Java webapplets and take us to where I would like to see the web. http://channel9.msdn.com/showpost.aspx?postid=1933 67
http://blogs.msdn.com/mharsh/archive/2006/03/23/55 9106.aspx

FUD. Windows already supports Junction Points. RTFA. The Vista implementation of symlinks is NOT BACKWARDS compatible with older OS versions. When will Slashdot decide to publish a story that doesnt serve to garner adviews only?

On their Local Live site.

http://blogs.msdn.com/mappoint_b2b/archive/2006/06 /26/647007.aspx

There are other options. If you follow the link to the original blog entry, http://blogs.msdn.com/oldnewthing/archive/2006/03/ 30/564809.aspx#comments, you will find a list of ways to handle the problem, all of which are more or less reasonable.

Personally, I would choose the "Do nothing" option as described by "The Old New Thing", which actually includes putting up a Knowledge Base article that describes the bug and the remedy. With the exception that I might contact the Samba team directly with a bug report.

This coming from the guy that's requiring SMB2 in Vista so that people using Samba on Linux server's can't use them for file storage.

Here's why:
http://blogs.msdn.com/oldnewthing/archive/2003/08/ 28/54719.aspx

If you like Raymond's Blog, you should also watch his talk at PDC05 "Five Things Every Win32 Programmer Needs to Know" - FUN412

Also check out Larry Osterman's blog (another good MS blogger)

If you like Raymond's Blog, you should also watch his talk at PDC05 "Five Things Every Win32 Programmer Needs to Know" - FUN412

Also check out Larry Osterman's blog (another good MS blogger)

With IE7, the user is asked upon installation whether he wants to allow the browser to auto-check all Web sites against a Microsoft database.

Firefox's default setting, in contrast, uses a blacklist of known phishing sites that is stored on the user's computer...

To me sending all my URLs to google or microsoft is equally problematic. I do see usual yeda yeda on M$ blog but its not thrilling to know that -- We use the data to make the Phishing Filter service better and constantly improve the level of accuracy in our result...

Raymond often talks about new OS version having to keep application relying on hacks working. People don't care if game is doing crazy crap internally to determine something (which could have easily been queried with a documented API call)... they care that they upgraded to Windows XP and *it* broke their game.

Raymond often talks about new OS version having to keep application relying on hacks working. People don't care if game is doing crazy crap internally to determine something (which could have easily been queried with a documented API call)... they care that they upgraded to Windows XP and *it* broke their game.

Don't you think Microsoft gets kudos for supporting executables from 1981 on the current operating systems? It's a testament to the appcompat work done by members of the Windows OS team that lets you run VisiCalc unmodified on a few Hz DOS box and take the same PE to run on a dual-core mega-multi-Hz box.

By the early nineties, Word was well on its way to dominance:
"In the period 1992-1994, Word wiped the floor with WordPerfect in reviews, winning just about all of them."
http://blogs.msdn.com/chris_pratley/archive/2004/0 4/27/120944.aspx
And WordStar pretty much shot themselves in the foot with WS2000. Interesting article.

Also,
http://en.wikipedia.org/wiki/Microsoft#1985.E2.80. 931991:_The_rise_and_fall_of_OS.2F2
http://en.wikipedia.org/wiki/Microsoft_Word#Word_1 990_to_1995
On a sidenote, I like Microsoft's early website.

You guys are missing the point of this story.

IE7 is available for Europe, U.S and Japan to freely download from MS website.

But for some bizare reason MS have decided to single out Japan from the rollout of Auto Update and delay them by 6 months.

Their reasoning is because some corporates are not ready for it. But hang on, that's what the IE7 blocker tool is for.

The bun-fight going on over at the MS blog here: http://blogs.msdn.com/ie/archive/2006/11/02/first- wave-of-localized-ie7-releases-now-available.aspx# comments ... are accusing MS of being racist, as they have singled out Japan and are treating them differently than everyone else by denying them the Auto Update. In anyones book, if you treat a culture differently to another, that is racism. MS then reacted by deleting blog comments where they have been accused of racism, instead of replying to the genuine questions and concerns.

i totally agree with you. from the press releases and news articles it seems that MS is ensuring that every popular application such as JBoss, PHP and Ruby runs as well on Windows as it does on Linux. With MS dollars they will ensure all sorts of compatibility/interoperability with other portions of Windows (IIS, IE etc) - which to be blunt is all MS does - ensure compatibility (within strict rules of course). So now Windows will once again become a choice for deployment of stacks - which Linux currently is.

You should read about how the phishing filter works before freaking out:
* http://blogs.msdn.com/ie/archive/2005/09/09/463204 .aspx

To summarize:
* IE has a list of whitelisted sites which is stored locally
* If the site you are visiting is in the whitelist, nothing is transmitted to Microsoft
* If the site you are visiting is not in the whitelist, the URL path is transmitted to Microsoft to check against a blacklist (the URL path does not include parameters)

Given the short lifetime and large quantity of phishing websites, maintaining a local blacklist isn't practicle -- it wouldn't be updated as fast as a centralized list and it would be too large to transmit to modem users. Additionally, a hash based "URL" check is useless for a phishing filter given the infinite number of ways an URL can be constructed.

A healthy dose of paranoia is good and all, but quite frankly if Microsoft was trying to obtain your browsing history for some devious purpose there are a number of other, easier ways for them to do so.

Just to be clear, Microsoft is NOT automatically installing IE 7 on people's machines.

The "critical" Windows update is simply an installer shim which first prompts the user and asks if they want to install IE 7. They can say yes, no, or not now (remind me later.)

"I'm keeping my fingers crossed that Apple is the first to bring SELinux's granularity of security to grandmother's everywhere in a usable way.

Unless Windows Vista is pushed back again, it should be first to bring these features to the masses.

http://blogs.msdn.com/ie [for the good] ie team blog http://secunia.com/product/12366/ [ for the bad] ie7 vulnerability report http://www.microsoft.com/windows/ie/community/ [for the both] ie community page

IE7's feed handler starts with a mime sniff. It looks at the first 512 bytes of the XML and if it has a element, it then does believe it to be a feed. Since in your case this isn't an RSS or Atom feed, you get the error text.

You have two options.

1) You can turn off the feed view in IE (buried in Advanced options, IIRC).
2) You can add a large comment to the top of the XML to push the element out of the first 512 bytes. This may be difficult for you if you don't own the webservice in question.

The NAME attribute cannot be set at run time on elements dynamically created with the createElement method. To create an element with a name attribute, include the attribute and value when using the createElement method.

The following example shows how to set the NAME attribute on a dynamically created A element.

        var oAnchor = document.createElement("<A NAME='AnchorName'></A>");

Via http://blogs.msdn.com/tonyschr/

Worked for me:

In the IE7 Beta 2 Preview the UI element that hosts menus and 3rd party toolbars is located between the navigation bar and tabs. However, in this release there's a registry key which you can set to move this to the top of the window instead:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"ITBar7Position"=dword:00000001

Is there any evidence that Microsoft's security products have a higher degree of access to Windows? AFAIK any Microsoft product outside of Windows is forbidden from using undocumented APIs. From what I've ready even the IE and WMP teams follow this (despite technically being part of Windows).

Here's a reference to the policy:
http://blogs.msdn.com/calvin_hsia/archive/2005/01/ 26/361033.aspx

Here's a sneak peek of the one of the new websites.

I wonder if this is fixed in IE7?

No.

No. According to MSDN, only URLs that are not common are sent to the Microsoft server for verification. This list of not-common URLs sit on your machine, and even then only the base of the URL is sent to Microsoft for analysis.

Here's the blurb from MSDN:

Phishing Filter does not check every URL on the Microsoft server. It only sends those which are not on a known list of OK sites or those that appear suspicious based on heuristics. If an URL is checked on the Microsoft server, first the URL is stripped down to the path to help remove personal information, then the remaining URL is sent over a secure SSL connection. The communication with the Microsoft server is done asynchronously so that there is little to no effect on your browsing experience.

So, for example, if you were to visit http://www.msn.com/ nothing will be checked on the Microsoft server because "msn.com" and other major websites are on the client-side list of OK sites. However, let's say the URL looked like this: http://207.68.172.246/result.aspx?u=Tariq&p=Tariq' sPassword, in this scenario phishing filter will remove the query string to help protect my privacy but it will send "http://207.68.172.246/result.aspx" to be checked by the Microsoft Server because 207.68.172.246 is not on the allow list of OK sites. As it turns out, 207.68.172.246 is just the IP address of MSN.com server, so its not a phishing site but this example should help you understand more about how Phishing Filter checks sites on the server.

But thanks for spreading the FUD.

Actually, IE7 apparently strips the query string, which is more than FF2 does in enhanced mode. Still, I'm stuck on Win2K, so I have no choice over which to use ..

PatchGuard is about stopping modifications to the kernel's internal structures, like the syscall table and the kernel's image. It has nothing to do with loading drivers that use only the kernel's public interfaces.

However, Microsoft HAS decided that only kernel-mode drivers signed with a SPC (software publishing certificate) can be loaded on x64. Microsoft doesn't charge anything for a SPC directly, but you do need to buy a cert from a commercial CA like Verisign. There is also an option that the user can specify during boot-up to disable the signature checks.

I, too, am worried about how inconvenient or expensive it will become to use free/open source drivers in Vista like Daemon Tools and OpenVPN. Although since I reboot so infrequently, I can live with setting the "Disable driver signature enforcement" every time I restart the OS. It's annoying, but usable. The thing is, disabling digital signature enforcement probably breaks all 'protected content' apps... I'm not sure if that's a bad thing or not.

What could you possibly be talking about? Direct disk access means bypassing the filesystem and reading and writing to the sectors directly. This requires administrator privileges for good reason: it bypasses file security, file locks and all the other nice things that filesystems do. No user application requires the ability to bypass the filesystem. Don't you need to be root to access a mounted block device on a UNIX? It's the same thing. The fact that it's possible to modify the kernel when you have admin privileges (and physical access for that matter) is hardly suprising, and in fact is unfixable (short of full TCPA).

PatchGuard is only there to discourage apps that hook the syscall table (an inherantly unsafe operation) and make other modifications to the kernel's private, volaitle internal interfaces. When Windows NT was written, the MS devs never expected 3rd party devs to go poking around with the kernel's private interfaces, and are rightly disgusted when those 3rd party software programs cause problems because of it. Compare this to Linux: you are free to maintain your own custom build of the kernel, but in the mainline, all the kernel interfaces are so volaitle, every minor revision is binary incompatible with the rest. You'd never get a device driver accepted into the mainline if it depended on private interfaces that break every revision, even on a source level. Microsoft is well within their prerogative to make changes the Windows kernel's internal, private interfaces. This doesn't work too well when 3rd party apps are dependent on them never changing, especially when Windows crashes because of it. PatchGuard is a technical speed bump to make it harder for 3rd party software companies to screw with the kernel's internals. Microsoft knows that it's an unwinnable arms race, but hope that the 3rd parties will decide it's just easier to stick to the kernel's public interfaces. Microsoft is willing to create new stable public interfaces to support the necessary behavior.

The only thing I can think of that you might be talking about for reduced performance is if you meant no intermediate buffering when you said "direct disk write". The FILE_FLAG_NO_BUFFERING and FILE_FLAG_WRITE_THROUGH buffering options are unrelated to direct disk access (which actually means bypassing the filesystem to access the block device directly). Write through and unbuffered IO aren't going anywhere.

As for special hooks that MS applications get into the OS that no one else gets, how about an actual example?

IE7 still doesn't support XHTML.

Firefox 2 is translated to 34 languages. IE 7, on the other hand..."The short version is that we will be releasing IE7 in all languages available for each version of Windows - twenty-four fully localized languages in total. In two to three weeks, we'll ship the Arabic, Finnish, French, German, Japanese, and Spanish language versions. The remaining languages will be released in phases between November and January.

And then the IE7 install checks if your computer is a legal XP copy. But most of desktop users just don't own a legal copy. So, in the long run, even if you can crack the license checking, most of desktop people won't be able to install IE7. But they will want a IE7-like browser. And people will tell them to install firefox 2, which doesn't require a legal XP copy.

1) Would you like to make IE available on other operations systems?
MS Guy: We _did_ do that.
Slashdotters: You don't see a good business case, but would you like to answer the question? At least say that you think other operating systems are strongly supported by other browers. Better yet, tie this question in with question 10.

2) Why did IE6 -> IE7 take so long?
MS Guy: We worked on other things.
Slashdotters: Why is the IE team working on projects like Microsoft Presentation Foundation when IE is losing market share?

3) If you had more time, is there a new feature you would have liked to include in IE7?
MS Guy: Yes. Also, successfully fought the temptation to get in "one more CSS fix".
Slashdotters: Please prioritize fixing CSS and standards support ahead of "cool end-user feature[s]".

4) Firefox has popularized innovations like tabbed browsing. What are some IE innovations?
MS Guy: I think "real-time anti-phishing functionality", "RSS platform", "Simple List Extensions", "QuickTabs", "Support for OpenSearch", having a different default print setting, and support for a feature of Vista.
Slashdotters: Phishing is preventable on the user end; if someone is likely to succomb to phishing attacks, preventing them is of little benefit as they will likely also open virus-infected files and leave themselves open to other malware. Built-in RSS support should be low priority given the number, quality, and variety of other solutions available. Simple List Extensions is an XML spec for exchanging information between apps...that's innovation? (Using the word "Extensions" rather than referring to an exchange of information is also a shameless attempt to capitalize on Firefox's popularization of the word. MS: "We have extensions now, too!") QuickTabs seem to be a decent idea, but not working real well (at least from http://blogs.msdn.com/ie/archive/2006/02/10/529938 .aspx , the first non-Excedrin page I found). Congratulations on changing a default print setting and supporting new features that only you had access to...?

5) What do you consider the greatest weakness of Firefox?
Response: I respect Firefox folks.
Slashdotters: Awesome. Would be nice if your other snarky comments didn't undermine this.

6) IE7 is supposed to be very secure, but in less than 24 hours a bug was found that has existed since IE5.5. Explain?
Response: Paragraph about how the _development cycle_ is now secure, and that they turned off ActiveX by default. Says the exploit mentioned is because of another Windows component that IE calls. "Not my problem WONTFIX"
Slashdotters: *re-open bug*

7) If IE was not default on Windows, would IE be dominant? Ignore impracticalities.
MS Guy: Proceeds to outline all of the impracticalities. Says that all users have the capability to change default browser, if they don't it's their problem.
Slashdotters: You can change thousands of settings within a couple clicks. Saying any user can do it assumes that "any user" knows how, which is obviously false.

8) IE7 will have significant marketshare, but won't run on Wine or OSX. Was it intentional to force web developers to buy Windows?
MS Guy: I think you're trying to get Windows for free. You can run Windows on Mac hardware now. Use BrowserCam
Slashdotters: Answer the question or f*** off.

9) An author of the CSS Spec and supported of Acid 2 said IE doesn't support standards fully because standards don't benefit monopolists. Response?
MS Guy: Acid 2 is a measure of features one person thinks is important. We don't agree that developers think HTML, CSS, PNG, or data URL features are important. Developers want IE to work with other MS products, not to support web standards.
Slashdotters: Why then do you never, ever, ever, ever get asked about cross-application support features and always, in every single interview ever, get asked about supporting web standards?

10) Why

It may be the first browser in Windows land but Browsers have been running in protected mode on Linux for years.

The fixes I described dont apply to the software user, they apply to the ISV. If this is a problem, then only use applications whose source you have access to. While this isnt universally possible, it is possible in many scenarios.

But if you're still experiencing DLL hell, then the problem isnt with windows, its with the companies or open-source projects developing your software.

There are numerous mechanisms to resolve this. Here are some links:

DLL Redirection
http://msdn.microsoft.com/library/en-us/dllproc/ba se/dynamic_link_library_redirection.asp

Registration Free COM
http://msdn.microsoft.com/library/en-us/dndotnet/h tml/rfacomwalk.asp

Good Blog summarizing this stuff:
http://blogs.msdn.com/junfeng/archive/2006/01/24/5 17221.aspx

Basically, this problem has been solved for years ... there are just alot of fairly crummy ISV's that dont bother to learn their trade very well.

The dotlocal stuff in particular is fantastic, and helps you make completely local and portable applications, which will work just by dropping the flat of files, no installation necessary.

You're right though in that its not easy to solve as the application consumer. It _is_ easy to solve by a competent ISV though.

Yes, it really is ClearType, and the setting isn't system-wide, it's in IE's "Advanced" options screen.

Apache added support for RFC 2817 to mod_ssl about a year ago, in Apache HTTPD 2.2. Admittedly, not many people are using 2.2 yet; a lot of servers are still running 1.3.

I could not find any indication that Mozilla/Firefox support RFC 2817. (I read one email archive that said it did, but bugzilla says it has not been implemented.)

I found the answer to my question regarding IE7 support: it will not support RFC 2817. It will however, support RFC 3546 (SNI) in the Vista version, which is apparently a better method of getting the same functionality. (The reply to the above Slashdot comment includes some info and links on SNI.) Mozilla does not yet support SNI. Apache does not support SNI out of the box; the mod_gnutls module does, but it's not included with Apache, and is not yet production quality. There is a patch for Apache mod_ssl.

Summary: It appears that SNI will be the way forward, but consensus and implementations still need to catch up. IE7/Vista is the second browser implementation after Opera. Apache and Mozilla do not yet support it, but are working on it. Here's a decent write-up about the situation.

Can you put on pants for your next interview, or do you enjoy making people uncomfortable?

http://channel9.msdn.com/ShowPost.aspx?PostID=1749 8

No the zoom feature is new to IE7. They did (and still do) have the ability to change the text size.

Firefox by contrast doesn't have zoom at all. But Opera's zoom is quite considerably better than IE7's!

There is a workaround that involves editing the registry to get the menu bar in the correct place but why is this not implemented as part of toolbar customisation?

X11 has inferior font rendering and quality to Windows hands down. XP had ClearType and many well designed typefaces when it came out 5 years ago, and Vista introduces more good fonts. It's the rare thing that Microsoft got right (the other being marketing). ClearType is even arguably better than Apple's technology, though OS X overall font support is excellent.

I can't understand IT professionals overlooking the practical importance of typography. We all spend hours reading text on computer screens, so it's not just about font literate designer types that suffer seeing subjectively ugly things, it's about everyone that uses a screen.

Let me put it this way. If Microsoft announced this, what would your reaction be?

I trust you are aware that Microsoft announced similar antiphishing features over a year ago, and just released them in IE7? And that Firefox 2 will also ship with similar functionality next week?

You don't have to imagine the reaction... just look back in the archives and read it.

Any word on how soon IE7 is hitting automatic updates? Not until at least Patch Tuesday, I assume...

Actually, it's sooner than expected: it'll hit automatic updates on November 1. Though it sounds like they're only targeting IE7 beta users at first, then adding systems with IE6 "after a few weeks."

channel 9 have a video on the details of how vista works with this technology http://channel9.msdn.com/Showpost.aspx?postid=2424 29