msdn.com · Domains · Slashdot Mirror

Shatter attack by Kadin2048 · 2006-07-18 05:44 · Score: 5, Informative · on Windows Vista still Rife with Insecure Code

I had never heard of such a thing before (actually, initially I thought you were just punning on Windows + 'shattering', har har).

It would seem that Vista allegedly fixes the design flaw that allows for the attack, by not running system services in the same session as the user. At least, that seems to be what the Wikipedia article on the topic is suggesting.

The key to shatter attacks is that Windows allows processes running in the same session to pass messages between each other, the result of which is that via code injection, any process can escalate up to the level of the highest process also running in its session. MS is quoted in the article as saying "[This is not] a flaw in Windows. In reality, the flaw lies in the specific, highly privileged service. By design, all services within the interactive desktop are peers, and can levy requests upon each other. As a result, all services in the interactive desktop effectively have privileges commensurate with the most highly privileged service there." (Which is amusingly doublespeak-ish; they're saying "this isn't a design flaw, we designed it that way!")

This blog post by a member of the IE7 team would confirm that they've at least tried to address this in Vista (but of course that's what you'd expect them to say). It says: "User Interface Privilege Isolation (UIPI) blocks lower-integrity from accessing higher-integrity processes. For example, a lower-integrity process cannot send window messages or hook or attach to higher priority processes This helps protect against "shatter attacks." A shatter attack is when one process tries to elevate privileges by injecting code into another process using windows messages."

Yet another nice legacy "feature" from the single-user-OS days.

Re:I would like to know by NutscrapeSucks · 2006-07-18 05:38 · Score: 4, Informative · on Windows Vista still Rife with Insecure Code

Shatter attack are a configuration error, not a OS issue. They are roughly similar to running xterm as root on Unix and then complaining that users can execute root commands.

But apparently Vista has entirely removed the idea of an "interactive service", so they won't work. Info here: http://blogs.msdn.com/larryosterman/archive/2005/0 9/14/466175.aspx

Re:The Switch? by sootman · 2006-07-17 02:53 · Score: 4, Interesting · on The Future of Apple's Pro Desktop Line

We already went through this just a few years ago with OS X. Apple would be STUPID to wait until CS3 comes out. Yes, designers squirmed for a year or two while they waited for all their apps to come out, but Apple managed to stay in business in the meantime, and by the time the apps came out, the OS was quite nice. Hell, the FINDER in OS X 10.0 sucked ass performance-wise; I can't imagine trying to run any real APPS with it. (I used 10.0 to play around with the UNIX side of OS X while I waited 9 months for 10.1 to appear. While 10.1 was out, all the apps were released, and then Apple came out with 10.2 and the whole package was finally very nice.)

Same thing this time: Apple will have new hardware out, and one day when the apps appear, users will be able to buy them and use them that day. Apple will continue to sell G5s, and designers will hoard them, just like they did with the last of the OS-9-booting MDD G4s. The switch to Intel is really no different. Doesn't matter if it's the OS or hardware changing, the effect on the applications is the same: the apps won't run in an ideal manner, so people will either wait to change, or get by with non-optimal systems, untill the apps match the system.

Besides, plenty of people buy nice Macs and don't use CS. Final Cut is already shipping for Intel and Apple's other pro apps will all be universal soon--maybe even coincident with the release of the hardware. I'd expect to see an announcement regarding that at the WWDC as well: "We at Apple have just finished our transition to Intel, and we've also transitioned all of our apps. Yay us!"

The biggest difference this time, actually, is with Adobe: since OS 9 came out, they purchased Macromedia, and Quark almost dead, so Adobe can drag their feet all they want for the Intel transition.* That's another big reason that Apple would be stupid to wait for Adobe to get a product out the door. (Besides, how would it look for Apple to be waiting on Adobe before releasing new hardware? Very weak, that's how.)

* Plus, the switch to Intel ain't exactly easy. Same situation at Microsoft.

Re:It is good news ... But ... by Mr.+Shiny+And+New · 2006-07-15 12:22 · Score: 1 · on Fully Open Source NTFS Support Under Linux

Well, to be clear about the Windows NT Workstation bit: It's the LICENSE that prohibits using it as a server, not "Microsoft breaking compatibility". Also, refusing to make Explorer removable has nothing to do with compatibility with any software; I've ALWAYS been able to use Netscape or Mozilla or Firefox on any version of Windows that I cared to. Now, some programs DEPEND on IE, but that's not because Microsoft is breaking compatibility with Netscape. Finally, ODF isn't about Microsoft breaking compatibility; they never had it in the first place; it's about MS fighting to stay in the list of "legal" office suites to use in MA.

Your list of gripes are all about maintaining a monopoly, but frankly they have nearly nothing to do with compatibility. MS's version of Kerberos isn't compatible with any other? True, but at least it's not like they HAD a compatible version, and then they broke it on purpose. And if someone DID reverse-engineer the AD protocol, MS isn't likely to make drastic changes, at least not to the existing installations.

I dislike MS as much as the next guy, but you have to respect the lengths they go to to keep software working. Read Raymond Chen's blog
http://blogs.msdn.com/oldnewthing/ if you want to know just what kinds of things they've done to make sure your crappy game from 1994 or your business-critical software that was written for NT 3.51 still works.

Re:Probably valid for games but... by Rick+Brewster · 2006-07-14 09:33 · Score: 1 · on Intel's Core 2 Desktop Processors Tested

Here are your 64-bit comparisons: http://blogs.msdn.com/rickbrew/archive/2006/07/13/ 664890.aspx It's my benchmark of Paint.NET developed awhile ago for the v2.6 release. It runs a lot of compute-intensive image processing code in both 32-bit and 64-bit. Summary: Athlon gains 60% in this benchmark by going to 64-bit, whereas Conroe gains 40%. In 32-bit mode, Conroe is ahead by 33%, but in 64-bit mode the advantage drops to 15%. (when comparing 2.4 GHz to 2.4 GHz)

Some more real-life benchmarks by Anonymous Coward · 2006-07-13 20:00 · Score: 2, Informative · on Intel's Core 2 Desktop Processors Tested

Rick Brewster of Paint.NET fame tested two Core 2 CPUs with his own benchmark.

Re:Kyle Bennet seems to disagree... by cnettel · 2006-07-13 18:40 · Score: 2, Interesting · on Intel's Core 2 Desktop Processors Tested

The Oblivion tests show all things wrong with this, E6700 and X6800 getting identical (more or less) numbers indicate a GPU bound test, AND they use different settings for the AMD test - as they state that the game was not playable if the higher quality settings were used there.

This MSDN blog post was an interesting read to me. As the writer notes, image processing is a kind of virtual task. But it shows some pretty interesting stuff, IMHO, like the fact that the gap between AMD and Intel (Intel winning in the end) is much smaller at 64-bit. Maybe that should be no surprise, with AMD designing the AMD64 instruction set in tandem with the K8. It's also interesting as it might indicate trends regarding tight loop performances in JITed environments in general. This, like it or not, is becoming more common.

Re:Run As by Bill+Dog · 2006-07-13 10:58 · Score: 1 · on Windows Rootkit Wars Escalate

Yup. It's best to use either MakeMeAdmin or DropMyRights, which add or remove privileges to the account you're already using.

I personally find it easier, esp. as a developer, to take the latter approach -- log in as admin, but run net apps neutered.

Re:Yes, it works in Vista by ThinkFr33ly · 2006-07-13 04:01 · Score: 3, Informative · on Windows Rootkit Wars Escalate

Sorry, that first link should be:

Address space randomization.

Helps if you actually preview before posting. :(

Yes, it works in Vista by ThinkFr33ly · 2006-07-13 03:58 · Score: 3, Informative · on Windows Rootkit Wars Escalate

I think it's somewhat disingenuous to specifically note this rootkit works in Vista. It implies that the security work done in Vista has somehow failed.

Vista has numerous improvements security wise, and almost all of them have to do with prevent a machine from becoming infected to begin with.

, UAC, Windows Defender, the improved software firewall, IE 7+ sandboxing/broker, etc... these are all meant to make it a lot harder for malware to get on the machine to begin with.

As the old security adage goes, if untrusted software is run on your machine, it's not your machine anymore.

Yes, it works in Vista by ThinkFr33ly · 2006-07-13 03:58 · Score: 3, Informative · on Windows Rootkit Wars Escalate

I think it's somewhat disingenuous to specifically note this rootkit works in Vista. It implies that the security work done in Vista has somehow failed.

Vista has numerous improvements security wise, and almost all of them have to do with prevent a machine from becoming infected to begin with.

, UAC, Windows Defender, the improved software firewall, IE 7+ sandboxing/broker, etc... these are all meant to make it a lot harder for malware to get on the machine to begin with.

As the old security adage goes, if untrusted software is run on your machine, it's not your machine anymore.

Yes, it works in Vista by ThinkFr33ly · 2006-07-13 03:58 · Score: 3, Informative · on Windows Rootkit Wars Escalate

I think it's somewhat disingenuous to specifically note this rootkit works in Vista. It implies that the security work done in Vista has somehow failed.

Vista has numerous improvements security wise, and almost all of them have to do with prevent a machine from becoming infected to begin with.

, UAC, Windows Defender, the improved software firewall, IE 7+ sandboxing/broker, etc... these are all meant to make it a lot harder for malware to get on the machine to begin with.

As the old security adage goes, if untrusted software is run on your machine, it's not your machine anymore.

Two camps by slapout · 2006-07-12 06:30 · Score: 1 · on What Does the Microsoft ODF Converter Mean?

It seems to me that there are two camps inside Microsoft: the developers and the management. The developers seem to want to do cool things. They are reaching out to the development community. (With open source, coding4fun, blogging, channel9, etc). But the management is still trying to hold on to the old ways and the cash cows.

Re:welcome to the real world by Beryllium+Sphere(tm) · 2006-07-12 04:11 · Score: 1 · on Hack in the Box Meets Windows Vista

>people are too lazy to create a second, non-admin account.

Lazy? Doing that presents so many issues that documenting and fixing them occupies an entire blog about non-admin logins in Windows. Then once you create the second, non-admin account, you're still vulnerable if an attacker includes in their payload a privilege escalation attack.

>developers are too careless and still write software that doesn't work unless you run it as admin.

Amen. For example, the person or persons who wrote a *typing tutor* program that requires admin access.

Re:The closed MS development is awful for develope by shyster · 2006-07-11 22:17 · Score: 1 · on Microsoft Hoping for Vista in January

I also dislike the way that Microsoft uses its products to drag developers and systems integraters, kicking and flailing, on whatever path it's decided to follow. Want to get all old .Net v1 apps recompiled in .Net v2? You can't.

Check out the code, and compile using the new compilers or VS2005? Sure, you may have to code around the published breaking changes, but that's why it's a major version change. Or maybe you don't want to recompile - you just want to run against the new framework? Well, then, just target the new framework version - no source required. Of course, don't be surprised if one of the breaking changes bites you in the ass - that's why Side by Side execution is there. If you're having problems with it, work around it or file a bug.

Want to support PC's that don't have .Net v2 installed and still use VS2005? You can't.

Unless you use Microsoft's open/shared source MSBee, of course.

If Microsoft would just shut up with all the market-babble and open up their development process in ways that would allow people to directly contact developers, report and comment on bugs, and allow others to reliably support their products, things would be so much easier.

I don't think there's a formal system for directly contacting developers, but most of the higher profile development tools group maintain a team blog or have developers who blog on blogs.msdn.com, and of course there's always the Microsoft monitored newsgroups. There's also a legion of MVPs and Regional Directors, who - while not employed by Microsoft - often have knowledge and MS contacts way exceeding your own. These folks are usually very active in the community and are not hard to find.

As for reporting and commenting on bugs, that's what the Product Feedback Center is all about. And yes, Microsoft even comments on them. They tend to mark them as By Design or Won't Fix a little too often for my tastes, but that's their prerogative.

As for others "reliably support[ing] their products", I don't know what you think the legions of MCSEs and their like do all day - but I think it boils down to supporting Microsoft products.

And now that I've been informative and laid out all the information you need, I'd like to ask you how is it that you're able to so confidently assert these shortcomings of Microsoft when you apparently can't even use Google (or even MSN gets this one right) (try searching for ".NET breaking changes" and see what the first hit is - oh, looky - the breaking changes from .NET 1.1 to .NET 2.0) or even attempt to keep up? Is it the case that you are simply that ignorant of your own ignorance? Are you just a troll? Do you have such deep hated fear and loathing of Microsoft that it prevents you from being rational? Or do you have such a high opinion of yourself that you figure if you don't know about it, then it doesn't exist?

I don't think Microsoft can be blamed for your ignorance - there are plenty of other .NET developers who know about this stuff, and we're not doing anything magical. It's called keeping up to date, reading, and researching - the price you pay for being a technology focused professional

This ain't new. by game+kid · 2006-07-11 02:42 · Score: 1 · on Firefox 2.0 'Beta Candidate 1' Released

I liked "2.0 Beta Candidate" better back when it was "Beta 2 Preview".

In both cases, people have said not to download, and wait for the real Beta--though for somewhat different reasons.

Firefox: "Unlike the real Beta 1 release, the RCs for it are only intended for internal use, and are not mirrored. Thus widespread distribution of these links stands a good chance of DDOSing the poor Mozilla servers, which are only hosting these for internal testing."

IE: That's why this is a preview for developer testing only. Never install betas of OS components (that includes beta previews) on a machine that you can't afford to rebuild.

This ain't new. by game+kid · 2006-07-11 02:42 · Score: 1 · on Firefox 2.0 'Beta Candidate 1' Released

I liked "2.0 Beta Candidate" better back when it was "Beta 2 Preview".

In both cases, people have said not to download, and wait for the real Beta--though for somewhat different reasons.

Firefox: "Unlike the real Beta 1 release, the RCs for it are only intended for internal use, and are not mirrored. Thus widespread distribution of these links stands a good chance of DDOSing the poor Mozilla servers, which are only hosting these for internal testing."

IE: That's why this is a preview for developer testing only. Never install betas of OS components (that includes beta previews) on a machine that you can't afford to rebuild.

Re:Article misinformed. by hadleyhope · 2006-07-10 04:11 · Score: 1 · on Linux/Mac/Windows File Name Friction

According to this Windows still has a 260 character limit on a file path (including name) http://blogs.msdn.com/brian_dewey/archive/2004/01/ 19/60263.aspx/

Try double clicking on a file with a longer path in Explorer or opening it in Word...

Re:Chickens finally coming home to roost by Foolhardy · 2006-07-08 13:45 · Score: 1 · on WinFS' Demise Not a Bang Or a Whimper

Yes, you're right: Microsoft already created a new, modern OS to fix otherwise basic design problems in the old one. Unfortunately, the only supported API on that OS, Win32, was based very heavily on Win16 (it even boasted almost full source-level compatibility with Win16 if you followed the rules) and brought obsolete, harmful conventions with it that Microsoft still can't get rid of. It also didn't help that a subset of Win32 was ported to the old OS line in Windows 95, and was THE Microsoft consumer OS line until 2001.

What came with Win32 were single-user conventions that don't include any local security or discrete users. There are lots of pieces of software for Win32 that require the system to go into single-user emulation mode, requiring administrator access all the time and the use of only one user profile. Most programs just ignore the new SecurityDescriptor, DesiredAccess etc. parameters of Win32 create functions-- the security parameters that Win16 didn't have, and Win95 doesn't implement.

Win32 also brought the old and quirky windowing system where parameters are packed into type-unsafe blobs, multiple messages represent the same thing slightly differently, messaging order is often strange but preserved for compatibility (i.e. WM_MINMAXINFO being sent before WM_NCCREATE or WM_CREATE), and many other inconsistencies. Not to mention that just having two applications of different privilege levels display windows on the same desktop represents a security vulnerability, again for historical reasons predating Win32.

Creating NT was certainly a clean break from the earlier OS line. IMO, it's an architecture worth keeping. Win32 as an operating environment compared to Win16, wasn't revolutionary and IMO needs to go. Half-implementations of Win32 didn't help any; the Win95 implementation level of Win32 still needs to be phased out.

Re:In other words... by eikonos · 2006-07-07 17:58 · Score: 1 · on WinFS' Demise Not a Bang Or a Whimper

Microsoft has not yet finalised plans to make the most commercial success out of WinFS. Making it part of a highly pirated OS doesn't make commercial sense.

Expending effort and money to make any features for a pirated OS doesn't make sense, and yet MS continues to make and give away Internet Explorer, Windows Media Player, Visual Studio Express, etc for free. Why would WinFS be any differerent?

Lack of features in a rebranded OS doesn't imply loss of sales / profits either. Improved features doesn't imply more profits from the OS business as well.

Are you actually trying to argue that having or not having features has no effect on profits? Don't tell marketing that because they constantly try to sell products on features. Apparently they think customers want features.

And so, until MS dcides whether to package WinFS as part of SQL or .Net or Active Directory or the Aero interface or BSOD... we'll have to wait and see.

We don't have to wait to find out becaues we can read the blog of the (former?) WinFS team where one of their posts tells us clearly that WinFS will be "productized" in SQL and NOT elsewhere.
http://blogs.msdn.com/winfs/archive/2006/06/23/644 706.aspx

Old news by kesuki · 2006-07-07 17:10 · Score: 1 · on WinFS' Demise Not a Bang Or a Whimper

http://blogs.msdn.com/winfs/archive/2006/06/23/644 706.aspx

sheesh zonk get some sleep already :)

Re:So what? by pdschmid · 2006-07-07 12:52 · Score: 1 · on Microsoft's Open XML Project A Short-Term Fix

Read Brian Jones's blog as well as the comments to his OpenXML-ODF translator post to find enough people who think that ODF is the world and nothing else exists.
It's hillarious that posting something in support of Microsoft on slashdot gets labelled as troll.

Re:Embrace and Extend by NickFitz · 2006-07-06 01:41 · Score: 1, Informative · on Microsoft to Support ODF via Plug-In

Yes.

Corrected URL by Rosyna · 2006-07-06 01:13 · Score: 5, Informative · on Microsoft to Support ODF via Plug-In

The correct url is http://blogs.msdn.com/brian_jones/archive/2006/07/ 05/657510.aspx the link in the summary was missing the trailing x.

Re:Wow! Can now store even more data in ROM! by mlk · 2006-07-05 01:17 · Score: 1 · on O2 Xda Atom Exec Review

It got me too, but this is a good read on ROM/RAM in the WM5 world

From the MSDN blog by DigitAl56K · 2006-07-02 13:06 · Score: 1 · on Microsoft Denies the Windows Kill Switch

http://blogs.msdn.com/wga/archive/2006/06/30/65281 8.aspx

Our genuine customers deserve the best experience, and so over time we have made the following services and benefits available only to them: Windows Update service, Download Center, Internet Explorer 7, Windows Defender, and Windows Media Player 11, as well as access to a full range of updates including non-security related benefits.

In other words, pirating Windows may be the best way to get hold of a copy that does not violate antitrust laws.

Google gets MS execs, MS gets Google tech guys by I'm+Don+Giovanni · 2006-07-02 12:13 · Score: 2, Interesting · on Another Microsoft Exec Joins Google

While you guys celebrate Google hiring MS execs that do nothing, Microsoft is hiring away Google tech guys that actually do something besides draw a huge salary. I refer to guys like Danny Thorpe, who grew to be a legend as a Delphi dev at Borland, went to Google, stayed for 4 months, then quit and went to Microsoft to work on their live.com stuff. (If you read between the lines of Danny Thorpe's posts to the borland.public.delphi.non-technical newsgroup (accessible from Borland's newsserver and Google Groups), you get the idea that Danny concluded that Google isn't all it's cracked up to be.)

Also, Scoble's recent blog regarding this thread's topic says that he's met many former Google employees that now work at Microsoft, but you don't hear about them (I assume because they aren't big fat salary drawing execs, but are instead actual tech guys; and Microsoft doesn't feel the need to alert the media to such hirings like Google does (Google needs to do all it can to justify its inflated stock price)).

Re:VALIDATE IT????? by rbarreira · 2006-07-02 10:09 · Score: 1 · on Internet Explorer 7 Beta 3 Reviewed

Read this before speaking any more bullshit about how they don't care AT ALL about standards and feedback from users.

Re:It breaks the new slashdot layout by jiushao · 2006-07-02 04:30 · Score: 2, Informative · on Internet Explorer 7 Beta 3 Reviewed

Unless I am misintepreting the issue you are having it is actually not a bug but rather a different behaviour within the specification, IEBlog discussed this Slashdot CSS issue. Exactly who to blame for this inconsistency is hard to tell, but I guess the W3C is first in line with the Slashdot CSS developer second.

Re:Anyone have by VGPowerlord · 2006-07-01 14:07 · Score: 1 · on Internet Explorer 7 Beta 3 Reviewed

That's funny, they claimed to have fixed a number of bugs.

Not that I'm pleased with IE, as they've fixed the Star-HTML Hack while other bugs not mentioned in the IE Blog still remain.

Re:my review by gooseserbus · 2006-07-01 08:18 · Score: 2, Informative · on Internet Explorer 7 Beta 3 Reviewed

For more information about uninstalling Internet Explorer 7 Betas, see the following MSDN Blog post:

http://blogs.msdn.com/ie/archive/2006/06/29/650033 .aspx

-Goose.

Re:Anyone have by aymanh · 2006-07-01 06:17 · Score: 4, Funny · on Internet Explorer 7 Beta 3 Reviewed

Someone linked to this list in a previous discussion, one of my favorite quotes:

Obviously, we have heard the feedback asking us to be more standards-compliant in our rendering behavior. We must balance this ask with the need of our customers (and end users) to have their pages not be broken. To find a balance we introduced a strict mode in IE6 that lets authors opt in into the more standards compliant rendering (and, if you're putting in a modern DOCTYPE declaration, you're being opted in automatically). Pages authored under non-strict mode (or "quirks mode") will not change behavior in IE7 - so the fixes we've done to be more CSS compliant won't appear under quirks mode.

So wannabe web designers will still be able to create broken pages and get away with it on IE6 AND IE7.

Not Feature Complete by Nicholas+Evans · 2006-07-01 06:11 · Score: 4, Informative · on Internet Explorer 7 Beta 3 Reviewed

IE7 may have all of the features Microsoft wanted it to have, but it still lacks reak XHTML support.

They've had how many years to get their shit together, but we're still stuck with 'sorry, our implementation is a hack even though we helped write the standard, maybe you'll get THE BASIC FEATURES OF THE WORLD WIDE WEB implemented in 2015!

Re:Let's see. by Abu+Hurayrah · 2006-06-30 09:27 · Score: 1 · on Microsoft Releases IE7 Beta 3

I'd like to disagree with this comment (it is Slashdot, afterall). IE7 fixes a lot of rendering bugs that IE6 had - just view the css/edge site with IE6 & IE7 to see some of the fixes in action. My own test XML-page renders properly, with CSS, on IE7 where it didn't on IE6. IE 7 is noticeably faster than IE6. These are all my personal observations, and I'm sure a more professional analysis will yield a lot more improvements.

Having said that, IE7 is still far off from where the rest of the world is at, and it can be argued that Microsoft is not working as hard as it should be on implementing standards, but a quick read over the IEBlog will show that that the developers of IE really are trying to implement feature requests, and IE7 brings with it more than just a bunch of fluff. It brings IE up to Y2K CSS compliance. : -D

Re:cue the obligatory joke: by ThePhilips · 2006-06-30 08:29 · Score: 1 · on Office 2007 Delayed Again

Innovation is hard, that's why so few companies do it very much.
There also appears to be an optimum size for innovation. If an company is too large there tends to be a corporate culture against risk taking, even if the actual level of risk is not that high.

In my experience, larger company gets, more interested people are involved in development loop. More people - more critics. Bright ideas just die under weight of what-ifs. Or people (like me) just stop proposing new things - just to avoid confrontations with others.

And that's precisely what happened with Vista (The World As Best As I Remember It) When you have meeting with 11 managers - you would think thrice before spitting anything out. I had experience of meeting with 4 managers on the table - and that was very unpleasant. Everything you say have to satisfy everybody. Or meeting will never end, since everybody want their way of things approved.

As many insiders have spoke up, the office division to date mostly avoided the fate of other products developped in Redmond. The goals doesn't seem to change much - no innovations really needed. But M$O2k7 looks to me precisely like product made "for a change," rather then to satisfy some need. With grain of sarcasm, I might notice that maintenance of infamous upgrade spirale is the real need behind that M$O release.

Re:Let's see. by Jugalator · 2006-06-30 08:13 · Score: 2, Informative · on Microsoft Releases IE7 Beta 3

Maybe a comment from Microsoft themselves on this topic would also be of interest to some:

In that vein, Ive seen a lot of comments asking if we will pass the Acid2 browser test published by the Web Standards Project when IE7 ships. Ill go ahead and relieve the suspense by saying we will not pass this test when IE7 ships. The original Acid Test tested only the CSS 1 box model, and actually became part of the W3C CSS1 Test Suite since it was a fairly narrow test but the Acid 2 Test covers a wide set of functionality and standards, not just from CSS2.1 and HTML 4.01, selected by the authors as a wish list of features theyd like to have. Its pointedly not a compliance test (from the Test Guide: Acid2 does not guarantee conformance with any specification). As a wish list, it is really important and useful to my team, but it isnt even intended, in my understanding, as our priority list for IE7.

Source (that also contains a brief summary of the most important fixed in IE7)

Re:Let's see. by Bogtha · 2006-06-30 07:03 · Score: 3, Informative · on Microsoft Releases IE7 Beta 3

IE 7 still did not correctly implement the box model, positioning, all CSS1, all CSS2, or any CSS3. The same IE-specific parsing bugs for CSS are in place in IE 7.

Exactly which box model bugs are you talking about? The most common one that people complain about is whether width includes padding or not. Unfortunately, despite everybody still complaining about it, Microsoft fixed that bug in 2001 when they released Internet Explorer 6.

I believe they still get error-handling wrong, which means they don't conform to CSS 1, however they have implemented the last remaining functionality of CSS 1 with Internet Explorer 7, so if you write valid CSS 1 that shouldn't be a problem.

As for CSS 3, they've added a few CSS 3 selectors.

You are wrong when you claim that Internet Explorer 7 has the same parsing bugs; for instance, they've fixed the * html and _property hacks.

is it that the people at Microsoft are incapable of producing a specs-compliant rendering engine (when every one else in the world can?)

None of the browsers you point to even implement HTML properly. Compliancy is obviously too much to expect from anybody.

I agree that Internet Explorer is miles behind other browsers, and I agree that it's really frustrating, but the specific claims you are making are false.

Re:Let's see. by Bogtha · 2006-06-30 07:03 · Score: 3, Informative · on Microsoft Releases IE7 Beta 3

IE 7 still did not correctly implement the box model, positioning, all CSS1, all CSS2, or any CSS3. The same IE-specific parsing bugs for CSS are in place in IE 7.

Exactly which box model bugs are you talking about? The most common one that people complain about is whether width includes padding or not. Unfortunately, despite everybody still complaining about it, Microsoft fixed that bug in 2001 when they released Internet Explorer 6.

I believe they still get error-handling wrong, which means they don't conform to CSS 1, however they have implemented the last remaining functionality of CSS 1 with Internet Explorer 7, so if you write valid CSS 1 that shouldn't be a problem.

As for CSS 3, they've added a few CSS 3 selectors.

You are wrong when you claim that Internet Explorer 7 has the same parsing bugs; for instance, they've fixed the * html and _property hacks.

is it that the people at Microsoft are incapable of producing a specs-compliant rendering engine (when every one else in the world can?)

None of the browsers you point to even implement HTML properly. Compliancy is obviously too much to expect from anybody.

I agree that Internet Explorer is miles behind other browsers, and I agree that it's really frustrating, but the specific claims you are making are false.

Re:Just how much more web standards compliant is i by NickFitz · 2006-06-30 06:27 · Score: 1 · on Microsoft Releases IE7 Beta 3

IE7 is IE7 - it's the same code whichever operating system it's running on. As far as enhancements to standards support: the improvements to HTML and CSS support have been restricted to bug fixes since Beta 2, in which the major changes/improvements were introduced. Improvements to DOM support will probably come in a later version (7.5, 8, 8.5...).

You can keep up with what they're doing on the IE Team's blog.

The ACID Test by ThinkFr33ly · 2006-06-30 06:25 · Score: 4, Informative · on Microsoft Releases IE7 Beta 3

Here is what Microsoft has to say about IE 7 and the ACID test:

"...I've seen a lot of comments asking if we will pass the Acid2 browser test published by the Web Standards Project when IE7 ships. I'll go ahead and relieve the suspense by saying we will not pass this test when IE7 ships. The original Acid Test tested only the CSS 1 box model, and actually became part of the W3C CSS1 Test Suite since it was a fairly narrow test - but the Acid 2 Test covers a wide set of functionality and standards, not just from CSS2.1 and HTML 4.01, selected by the authors as a "wish list" of features they'd like to have. It's pointedly not a compliance test (emphasis added) (from the Test Guide: "Acid2 does not guarantee conformance with any specification"). As a wish list, it is really important and useful to my team, but it isn't even intended, in my understanding, as our priority list for IE7."

Re:Vista? by NickFitz · 2006-06-30 06:18 · Score: 4, Informative · on Microsoft Releases IE7 Beta 3

According to the announcement on the IE Team's blog:

This beta does not install on Windows Vista Beta 2; a new version of IE7+ in Windows Vista will be available with the next public Windows Vista release soon.