IE Developer Responds to Mozilla Accusations

sriram_2001 writes "Dave Massy, a Microsoft employee who works on the Internet Explorer team has a response to the Mozilla Foundation's Mitchell Baker's comments. Specifically, he responds to the claim that IE is a part of the operating system. 'IE is part of the Windows Operating System so that parts of the OS and other applications can rely on the functionality and APIs being present. To be clear there are no Operating System APIs that IE uses that are not documented on MSDN as part of the platform SDK and available to other browsers and any other software that runs on Windows..'

MS needs to change windows fundamentally

[filmmaker]

No one is ready to pay what really bug-free code would cost. We accept a few bugs. Please note that we even accept some airplane crashes (not to mention car accidents), but, naturally, different industries and software components pose different levels of "reasonable" bug count.

And therein lies the heart of the MS development philosophy. Strictly speaking, that's true, but take something like Windows XP. It's is the ultimate case of the kid who cleans his room, ostensibly, but when his mother checks the closet, an avalanche of dirty clothes and assorted toys and things exlpodes from the doorway. I think MS could learn a lot from Apple, as they always have, and should look into utilizing something like BSD to start over. Obviously, they can't come out and say "our products suck; it takes half a gig of ram just to appease the system tray icons in Windows XP...sorry about that." But some way, some time they will have to move away from Windows as it is today.

Re:MS needs to change windows fundamentally

[Dr.+Evil]

How much RAM does it take to get a system tray icon to appear in Gnome or KDE?

Linux on the Desktop can nearly match Windows feature for feature now, but it can no longer claim low resource requirements while doing so.

IMHO, Mozilla or even firefox is a heavier app than IE. Once running, they're faster (to a trained eye) but sometimes, when pulling out of swap, they will still slug along.

No, the reason to go with Mozilla or Firefox is not performance. It, for me, is everything from reasonable error messages, to being able to control the junk which finds its way on to my machine, to standards compliance.

Re:MS needs to change windows fundamentally

[21chrisp]

OSX takse up it's fair share of RAM. More than XP or any other OS by my experience.

Re:MS needs to change windows fundamentally

[dknj]

Not to negate your post, but have you used any modern window manager that was big on eye candy? They use just as much ram as windows xp does. Mac OS X with less than 512mb of ram is a joke (heck,even with 512mb of ram it slows down when I fire up more than one resource intensive app) and KDE is just as bad. If you go back to Windows 95 or NT 4 before all these themed desktops came into light you wouldn't need half a gig of ram to show systray icons..

-dk

Re:MS needs to change windows fundamentally

[filmmaker]

Honestly, I use a patched Windows 2000 Pro. I do video editing and all kinds of stuff with a 64MB RAM nvidia video card from 2001 and half a gig of system RAM. Win2K Pro is hands down the finest product MS ever released for my dollar. Well, I like MS Money too. It's not all doom and gloom.

Re:MS needs to change windows fundamentally

[A+beautiful+mind]

Uh, isn't that a bit, just a tiny bit favoring apple? I"d be all for it, but to be honest it's not how things look like atm.

First of all, the price could be argued, second of all. it seems that you're advocating the FOSS power as a base or foundation for an operating system, rather than apple's talents.

Re:MS needs to change windows fundamentally

[ettlz]

By 2015, Microsoft will be open source, and most likely, Linux will be its kernel.

I think this is unlikely. The underlying NT is quite well-designed (originally by David Cutler of VMS, amongst others, as I believe), and a reasonably flexible system upon which to develop applications. Microsoft's not going to give it up any time soon. It's what's run on top that's wrong with Windows.

Re:MS needs to change windows fundamentally

[A+beautiful+mind]

oh, the irony, the current quote on the bottom of /. is:

The Macintosh is Xerox technology at its best.

Re:MS needs to change windows fundamentally

[at_slashdot]

I don't think we accept airplane crashes. We don't even accept space shuttle crashes. We want 0 crashes, it's not like "it's ok to have a crash each x number of flights"

Re:MS needs to change windows fundamentally

[zoney_ie]

Simple answer. Turn off the eye-candy. It's pointless. I use WinXP with classic theme (and theme service turned off), and along with turning off other unneeded services, WinXP runs with a memory profile of about 70MB when idle with no apps loaded.

Now as you do want to run multiple apps, even 128MB isn't enough leeway - but I do get by fine with 256MB.

Re: MS needs to change windows fundamentally

[gidds]

Mac OS X with less than 512mb of ram is a joke

Well, 512 millibits would indeed be a joke, but if you meant 'MB' for megabytes, then your definition of 'joke' must be different from mine...

I used to run it in half that, and it worked just fine thanks. When I added a load more, it got a lot faster for editing huge audio files or having lots of heavy apps open, but for general use there wasn't that much difference. I wouldn't recommend using less than 256MB, but it's perfectly comfortable with that amount.

Re:MS needs to change windows fundamentally

[pg110404]

Linux on the Desktop can nearly match Windows feature for feature now, but it can no longer claim low resource requirements while doing so.

Yes, but unlike windows, linux is still modular.

I refuse to switch to KDE or GNOME because it's easy to use. Hell I still use FVWM without any fluff and my computer kicks ass.

You can take away the fluff of linux. You CAN'T take away the fluff of windows XP.

Re:MS needs to change windows fundamentally

[pg110404]

The underlying NT is quite well-designed

I had to write a device driver for windows NT 4 and talk about a nightmare.

The api had at least 6 memory pointers for device read/write and depending on what you were doing or the cycle of the moon, had to know which one to use.

Contrast that with all the other OSes I had to write device drivers for, they only required two. One was a virtual memory pointer the other was a physical memory address.And they even gave kernel calls to translate from one to the other.

I'd say based on the glimpse of the internals, that the NT kernel by the time it got to NT 4 got hacked so bad, quite well designed is not the description I'd use.

Re:MS needs to change windows fundamentally

[David+Off]

> I think this is unlikely. The underlying NT is quite well-designed (originally by David Cutler of VMS, amongst others, as I believe), and a reasonably flexible system upon which to develop applications.

I'd go along with that, when I worked for the OSF we considered NT as the uKernel for OSF/1 uK.

(considered == joint study with Dave Cutler and others)

Re:MS needs to change windows fundamentally

[rhizome]

>Uh, isn't that a bit, just a tiny bit favoring apple? ...
>First of all, the price could be argued

What's not to favor? I don't believe the price *can* be argued. It could at one time, but not anymore. Once Apple incorporated IDE into their machines the prices have been on par with Intel machines. It's true, it's just the perception of Apples as more expensive that persists. I have a maxed out 12" PowerBook that cost $2k brand new. This is about what I'd expect to pay for a nice Intel laptop with similar specs and is probably quite a bit cheaper than Sony's offering at this level. Apple doesn't offer a $500 WalMart PC, it's true...oh wait, scratch that (and don't gripe: you already *have* a mouse, monitor and keyboard).

>second of all. it seems that you're advocating the FOSS power as a
>base or foundation for an operating system, rather than apple's
>talents.

Where are you drawing the line? If I take this statement at face value, you're advocating homegrown-only development without considering that Apple's talent here might consist of being able to *choose* FOSS power. Microsoft seems to have painted itself into such a corner so that this option is not available to them at all. That's not a good position to be in when your whole stated development methodology revolves around interpreting what customers want. OS X is eating Microsoft's lunch in this regard.

The developer in the article is trying to backtrack out of Microsoft's age-old discourse about IE being part of the OS. Well, now they call it an API, big whoop. Semantics aside, the thing (whatever it's called now) that Microsoft has built to express this API is a security-lacking bug-riddled piece of shit. I don't think anybody would argue that, even if they can't think of a way to change it. Bill or Ballmer should be writing these things, and the fact that they aren't should tell you something.

Re:MS needs to change windows fundamentally

[HavokDevNull]

With price of RAM these days, it dose not take that much to run 1 gig or more, I have less than $100 in RAM and currently run 1 gig.

I like to see windows pull this trick.

I have / (root of the drive) mounted in RAM! All my apps pop up instantly, (including firefox) Here is how to do it.

http://forums.gentoo.org/viewtopic-t-296892.html

Re:MS needs to change windows fundamentally

[Aumaden]

I don't think we accept airplane crashes. We don't even accept space shuttle crashes. We want 0 crashes, it's not like "it's ok to have a crash each x number of flights"

"Want" and "Tolerate" are quite different things. We "Want" no crashes, but what is "Tolerated" is quite another thing. The space shuttle program has been grounded for 2 years now. Tolerance there, clearly zero. What would happen if that tolerance was applied to air travel?

I expect much of that is influenced by the media. The space shuttle crashes and you'll see the footage played again and again for days. A major airliner crash will make the evening news for 2, maybe 3 days. Automobile fatalities will rarely make the news at all.

Re:MS needs to change windows fundamentally

[gbjbaanb]

NT 3.51 had that separation of userspace and kernel, and it was completely solid. Of course, it ran the old Windows 3.1 GUI.

NT4 came along and adopted the Win95 GUI, and I guess people at MS thought, lets make this a desktop OS as well as a server one. So, much userspace stuff was merged with the kernel and speed and responsiveness did improve. Of course, this means that the original design is 'broken', but on the other hand, if you consider that NT4s design was that you trade speed for stability, then its not flawed at all.

You can talk about kernel/userspace/rings and design all you like, but all of us live in the real world where real work is done, not in some academic perfect environment where real-life tradeoffs don't need to be considered in an elegant design.

BTW. What about the Linux kernel... not exactly a micrkernel now is it, but no-one's mentioned that. (not that I care - its not what you have, its how you use it that matters to me).

Re:MS needs to change windows fundamentally

[douglips]

Of course we accept airplane crashes. When an airplane crashes, air travel is not affected by any measurable amount - people still travel. The only event in memory that noticeably affected air travel was when a bunch of troglodytes hijacked 4 airplanes in one day and used them in spectacularly heinous attacks.

The only reason we want zero space shuttle crashes is because there are only three shuttles. United Airlines, American Airlines, Continental Airlines, Delta Airlines, and Southwest Airlines have about 3000 aircraft, and let's say they fly an average of 3 legs per day.

If we had a fleet of 3000 space shuttles flying 10,000 missions a day, we certainly would accept 1 crash every twenty years.

Re:MS needs to change windows fundamentally

[idiotnot]

Eh, true to an extent. What NeXT did was really remarkable when you think about it. Mach was really cutting-edge in the mid and late 80s. The BSD layer (single server in user-space in the case of NeXTstep), was added for unix-compatibility, a robust filesystem (FFS), and networking capabilities. The Unix compatibility was important in NeXT's target market -- research.

None of that was remarkable; MS did the same thing when it lifted the BSD network stack for Windows NT. What *was* remarkable...the framework, and completely new programming and display model they built atop mach to use mach's neat features.

If you think the NeXTstep/OPENSTEP libraries were lifted, you're sorely mistaken. Take a look at how long it's taken GNUstep to replicate a fully-published API last updated around 1995.

Microsoft's API is similarly complex, but the underlying OS is about the same vintage (late 80s). MS's difficulties come from programming to a different model....that of a single-user machine, or an insecure LAN. Microsoft's dogmatic dedication to backwards compatibility also hurts matters. I can't honestly expect a 1993 NeXTstep application to run on OSX (please discount the 68k versus PPC difference....), but a 1993 win32 application probably will run just fine on Windows XP.

If they abandonded some of their backwards compatibility, it'd probably be better for everyone involved.

Re:MS needs to change windows fundamentally

Pardon me, but your ignorance is showing. VMS was touted as one of the better OS's in its day. It was stable, running for months at a time. Security was addressed routinely. Many of the features you see in today's OS's were ripped from VMS. I'm not saying that VMS didn't borrow from other OS's, that just to be expected, but you obviously never studied VMS internals or progressed very far in developing software for it. DCL was like any scripting language. It was certainly a hell of a lot further along than any of the *nix scripting languages. It may not have had pipes, but so what... they could be implemented with file i/o (just as pipes were done under *nix).

The NASA worm (WANK) spread at a time when networking was pretty infantile and the assumption was everyone on the network was "friendly". This was a time when computers were used to accomplish tasks, not to serve as playgrounds for groups with an agenda (anti-nuclear, political, etc).

Re:MS needs to change windows fundamentally

[Dr.+Evil]

How are you monitoring the memory usage in Windows? After booting, Windows XP will agressively swap out unused resources and allocate substantial amounts of RAM for drive caching.

It's tough to figure out what Windows is really "using". I suppose I could try booting Knoppix (without a ramdisk) and WinXP side by side in VMWare to compare how small the footprint can get. I recall Knoppix won't even load KDE without 70MB or so free. I figured that out recently when booting Knoppix with 128MB of RAM.

Yeah, there's the ramdisk again.

Re:MS needs to change windows fundamentally

[slackmaster2000]

Mac has come down in price, but they're still much more expensive. At least $500 more for the bottom of the line G5. Their options are pretty poor too as you go up the G5 model line...a $2500 machine with a Geforce FX 5200 video card? Are there any games for mac yet? :)

I don't think that Macs are necessarily "overpriced" though. The quality of the product overall is certainly worlds above any big box PC.

Re:MS needs to change windows fundamentally

[Politburo]

As another poster noted, it is trivial to do this in Windows with a ramdisk and a batch file to copy the files from disk to ram.

Re:MS needs to change windows fundamentally

[Politburo]

Such ignorance.

Yes, IE uses DLLs used by the rest of Windows so most of IE's code is generally always in memory.

No, there is no IE code in the kernel.

Re:MS needs to change windows fundamentally

[farble1670]

the prices have been on par with Intel machines

that is a lie.

from apple's website: 15", 1.5GHz, 512MB, 80GB powerbook is $1999. from dell's website, a 15", 1.5GHz, 512MB, 80GB inspiron 6000 is $1127. i customized the dell to meet the major characteristic of the powerbook ... including wireless support, larger hard drive etc.

if anyone doesn't believe me, go and look on apple and dell's website. it took me 3 minutes.

the dell is nearly half as much. and please don't argue all of the little crap, like that the powerbook has a backlit keyboard. my guess is that to most people, things like that aren't worth $1000. but if you absolutely positively have to have bright colors and backlit keyboards, by all means, apple is for you.

Re:MS needs to change windows fundamentally

[Electrum]

You missed copying the first sentence of that paragraph: "Some say that Windows NTFS does not really offer a journaled file system." Nice FUD there.

That might be trying to say that NTFS doesn't journal file data, which is the case for almost all journaling file systems (or alternatives such as FreeBSD's Soft Updates). Those that do have that feature never enable it by default: the cost is simply too great.

File system integrity (i.e. metadata) is the job of the OS and the filesystem. Data integrity is the job of the application (until it has told the OS to commit the data to the disk, i.e. fsync in POSIX or FlushFileBuffers in Win32). The OS can't attempt to do that on a general level without greatly inhibiting performance for everything. That said, it would be very useful to have a journaling API available that applications could use.

http://www.microsoft.com/windowsserver2003/communi ty/centers/fileservices/fileservices_faq.mspx

Re:MS needs to change windows fundamentally

[toddestan]

Go into Control Panel -> Administrative Tools -> Services. From there, disable the Themes service. While you are in there, it's not a bad idea to disable other completely-stupid-to-have-running-by-default services like Remote Registry and Messenger.

Re:MS needs to change windows fundamentally

[batkiwi]

toddestan below my replied about theme service, but do THIS to put windows into "turbo" mode:

Right Click on "My Computer"->properties
"Advanced" tab->"Performance" box->"Settings" button
"Visual Effects" tab->"Adjust for best performance"

Click apply/ok, and enjoy XP which has no eye candy and is even faster than 2k/98.

Re:MS needs to change windows fundamentally

[carl0ski]

IMHO, Mozilla or even firefox is a heavier app than IE. Once running, they're faster (to a trained eye) but sometimes, when pulling out of swap, they will still slug along.

yes regularly using Firefox i spend all day minimising it and sending it to tray for amusement. Firefox is a app that stays active a lot (you read it) and rarely gets minimised, just alt + tab you will feel the effects a lot less and avoid having software made by MS open while using non-MS software (it has priority to the ram no matter what you do) Sending Firefox to the swap is the responsibility of the OS my KDE desktop rarely send my Firefox to the swap (3 or more hours idle) it's is habitual for Windows to send any software that isnt MS to the swap asap. i have 256 MB ram

Re:Automatic Cup Holder

[Xibo]

Read the source code if you even bother. It was ejected by WMP not IE nor the KERNEL.

Not tied?

[ShepyNCL]

IF there are no operating system API's used by the browser, then why did MSFT fight so hard not ot have to remove it from the browser. IT might not use the OS API's, but im fairly sure it works the other way round. Has he ever tried to remove IE cleanly from a windows install?

Re:Not tied?

[Arathrael]

They are operating system APIs used by IE, he says so - just none that are 'not documented on MSDN as part of the platform SDK and available to other browsers and any other software that runs on Windows', i.e. no secret undocumented APIs. So you can rest easy in the knowledge that if someone finds a bug letting them use a malformed website and IE to read files off your local hard drive, IE is only using a documented API to do it.

And he also says that IE is indeed part of the operating system 'so that parts of the OS and other applications can rely on the functionality and APIs being present'. Which presumably would mean a bug in IE could affect those parts of the OS and other applications. Which seems to be to go right along with what I thought the Mozilla guy was saying.

As responses go, it's not the best is it? :-)

Re:Not tied?

[TheRaven64]

The term operating system is not a clear one. In academia, the terms operating system and kernel are used more or less interchangeably, the operating system (OS) is the part that has more privilege than user programs - either a monolithic kernel and device drivers, or a microkernel and privileged servers. In Microsoft's world, an OS is `a kernel, and all of the stuff we pile on top of it and call an OS' (note that this is similar to RMS's definition of an OS, e.g. Linux + GNU tools + X11 + desktop environment). The second is more accurately known as an operating environment (OE) - a kernel and a set of basic libraries and applications that developers can rely on being present. OS is typically used in place of OE, because an OS on its own is not really much use to anyone, and so they are rarely available separately.

Internet Explorer is not part of the Windows OS (kernel). It does not have a privileged status, and makes use of no extra functionality that is not available to other applications. Internet Explorer is part of the Windows OE. Other applications depend on the libraries provided by it (most commonly the HTML layout engine). The most obvious example of this is the Windows help program, which most applications use. As such, it is not possible to remove Internet Explorer without replacing it with something functionally equivalent (i.e. exposing the same API), unless you expect things to break.

Being part of the Windows OE does not inherently make Internet Explorer insecure, this is just FUD spread by idiots. It does, however, mean that flaws in Internet Explorer are more likely to be important (it is tied into other applications, providing multiple attack vectors for an exploit). Internet Explorer has a large number of flaws (a fair number in design, as well as implementation), and I would not wish to be in the position of having to defend it, but claiming that `it is tied to the OS and therefore bad' is just stupid and undermines any rational arguments that may be proposed at the same time.

Re:Not tied?

[ArbitraryConstant]

"When did you ever hear of an exploit caused by the Microsoft help system?

Using mshtml in the help system or as the desktop is NOT a security problem and never has been. You are spouting more idiotic FUD."

When? I believe the last time was January 11, 2005.

"This update resolves a newly-discovered, publicly reported vulnerability. A vulnerability exists in the HTML Help ActiveX control in Windows that could allow information disclosure or remote code execution on an affected system."

Hmmm

[That's+Unpossible!]

I can't figure it out. Is Dave playing dumb, or is he really dumb?

The guy works for Microsoft, so maybe it is willful ignorance. How else can you explain someone that works on IE from trying to claim it is not part of the OS? Oh, we're going to get down to nit picking. Yes, yes, yes IE is not part of the kernel.

However, Microsoft wasn't too interested in this argument when it was fighting for its life in court, arguing that IE was embedded and could not be removed from the OS.

And now we see, they were right. IE may not be part of the kernel, but due to its use (and trust) by many core applications in Windows, it presents many more security challenges when compared to a standalone app like Firefox.

Re:Hmmm

[gowen]

IE may not be part of the kernel, but due to its use (and trust) by many core applications in Windows, it presents many more security challenges when compared to a standalone app like Firefox.

But the same is true of a core Unix library, like libc. It's exposed to data from wild sources, like DNS records in gethostbyname(), and yet it doesn't seem to have the same history. Similarly, the KDE GUI libs and libkhtml (for example -- or the equivalent Gnome ones) perform the many of same functions as IE's DLLs, without anything like as many security holes.

Fact is, IE is a security disaster because it's badly written, not because exposing common rendering components to HTML code in the wild is necessarily a bad idea.

Re:Hmmm

[That's+Unpossible!]

But the same is true of a core Unix library, like libc. It's exposed to data from wild sources, like DNS records in gethostbyname(), and yet it doesn't seem to have the same history.

Uhh ok, well I wasn't defending IE, but anyway I will on this count. Are you honestly trying to compare a full-featured web browser to libc?

Fact is, IE is a security disaster because it's badly written, not because exposing common rendering components to HTML code in the wild is necessarily a bad idea.

My point was if you have many OS components that rely on this poorly written software and interact with it in a trusted way, you are going to have many more severe security issues than with something like Firefox.

Re:Hmmm

[MightyMartian]

Microsoft simply changes the story to fit the audience. To a more technical audience, it denies that IE is part of the OS. To a court that could make its life miserable, it claims deep embedding. If this fellow doesn't like the accusation then perhaps he should go to his betters in Redmond and ask them what they mean by IE being part of the OS. I mean, we're only repeating what MS told a court, and MS wouldn't lie to a judge, would they?

Re:Hmmm

[gowen]

Are you honestly trying to compare a full-featured web browser to libc?

In addition to those other things I mentioned, yes. They provide some functionality in common (DNS stuff).

Re:Hmmm

[drinkypoo]

There have been many holes in assorted portable C libraries. You don't hear about it like you do about IE problems because IE is used by thousands and thousands of people every day and it is on the front lines, where the rubber meets the road as it were. C library problems can be found when a hole manifests itself in any program using it (which is any C program) and when it is fixed for any of them it is fixed for all of them. IE is used by a lot of programs, but not as many as the C library.

Re:Hmmm

[MightyMartian]

Since Windows has always been as much a GUI as a kernel, it's not the simple divide that X is in the *nix world. Yes, the basic Win32 kernel does not at all rely upon IE, but the GUI is such an integral part of the OS that it seems little more than an argument over semantics. I can't specifically to Redhat, but none of the Linux servers that I have built and run at my place of work have X or run any software that relies upon it. They are pure CLI machines.

The IE apparatus is very much a core part of the GUI of Win32/64. You can delete it from the desktop but it's still going to pop-up when you go into Windows Explorer, as can clearly be demonstrated by typing "http://slashdot.org" in the address bar. It's so clearly integrated into the GUI that I'd speak of it as a subsystem rather than as a separate piece of software. The tight integration is easily demonstrated by cranking down the security settings in IE and watching all these delightful spyware programs use ActiveX registration.

So yes, in the strictest sense, IE is not part of the base operating system (storage handling, resource allocation, driver management) but the very nature of Windows itself makes that distinction rather meaningless.

Re:Automatic Cup Holder

[dknj]

Uh, if mozilla supports vbscript then it would be allowed in mozilla or any other web browser for that matter. That does not make use of any unknown undocumented APIs. Try this, paste this code into a text file (hint: it came straight from your website):

Set oWMP = CreateObject("WMPlayer.OCX.7" )
Set colCDROMs = oWMP.cdromCollection

if colCDROMs.Count >= 1 then
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next ' cdrom
End If

wscript.echo "Automatic Cup Holder."

Then run "cscript filename". Oh my god, Microsoft tied vbscript into a stand alone application on your system!!! Give me a break, mod the parent down please

-dk

Re:Automatic Cup Holder

[Timesprout]

Eh no, this is an issue will allowing scripts run with unfettered access to the system. Made IE great for intranet applications but a security disaster on the web.

what i want from Firefox...

[H8X55]

I would never use I.E. again if Firefox could do one thing (more), to be able to navigate to other (windows) boxes using my browser (like i can in I.E.)

by typing \\servername or \\ip address

my understanding was that this functionality was part of the API that is not available? this is the only thing keeping I.E. on my windows desktop.

Re:what i want from Firefox...

[LEgregius]

You can do that from windows explorer, and you could before IE was "part of the os," so that's a windows core function, not an IE function. As for browsing pages from a server like that, click on the files in the browser once you navigate to them.

Re:what i want from Firefox...

[Ironsides]

I'm not sure if the is I.E. or File Explorer that allows you to do that. I do know that when I launch file explorer I can do that and go to the other computer and the same with I.E.. I also know that you can do the same thing using Total Commander. Then again, I'm pretty sure that I.E. and File Explorer are the same program.

Re:what i want from Firefox...

That should never be supported by a browser because that is not an internet standard and a big security risk. A browser should only work with valid URL's.

Re:what i want from Firefox...

[mzwaterski]

Similar note, does FireFox has a "Web Folders" style add on for browsing FTP sites. About the only thing I still use IE for is quick drag and dropping on FTP sites.

Re:what i want from Firefox...

[I+confirm+I'm+not+a]

I would never use I.E. again if Firefox could do one thing (more), to be able to navigate to other (windows) boxes using my browser (like i can in I.E.)

by typing \\servername or \\ip address

You can! just use "\servername" instead of "\\servername". Works for IP addresses too: "\192.168.0.1" instead of "\\192.168.0.1".

"Firefox" - not just secure, it also saves you typing an extra backslash!"

Re:what i want from Firefox...

[jd142]

\\servername does NOT work for me, FF 1.0.2

\\servername\dir DOES work

\\servername\c$ DOES work

So the only thing that FF can't do that IE/Explorer can is browse to the server root, \\servername.

Re:what i want from Firefox...

[Sentry21]

Are you talking about \\servername (Windows networking, which is part of Windows Explorer, not Internet Explorer), or http://servername/ (just a DNS issue)?

IE has nothing to do with \\servername - that's the built-in Windows networking that uses the file explorer capabilities of Windows, not IE.

Re:what i want from Firefox...

[shutdown+-p+now]

What about \\servername\ ?

Re:what i want from Firefox...

[jd142]

Nope, that didn't work either.

Re:what i want from Firefox...

[I+confirm+I'm+not+a]

Doesn't work for me.

Looks like I jumped the gun - it works for "\server", but not "\server\share". Apologies for the confusion I've caused :-(

Pure PR crap, anyway.

[aug24]

As we develop IE we go through very thorough and stringent security reviews to ensure that every change is secure and does not expose the user to attack.

This is not meant to be read by geeks, it's for PHBs. Either that or I'll have some of what he's smoking.

Justin.

i am reminded of the opening of the hhgg

[silid]

"But Mr Dent, the plans have been available in the local planning office for the
last nine month."

"Oh yes, well as soon as I heard I went straight round to see them,
yesterday afternoon. You hadn't exactly gone out of your way to call attention
to them had you? I mean like actually telling anybody or anything."

"But the plans were on display ..."

"On display? I eventually had to go down to the cellar to find them."

"That's the display department."

"With a torch."

"Ah, well the lights had probably gone."

"So had the stairs."

"But look, you found the notice didn't you?"

"Yes," said Arthur, "yes I did. It was on display in the bottom of a locked
filing cabinet stuck in a disused lavatory with a sign on the door saying
Beware of the Leopard."

Stop. What's that sound?

IIIIIIIIIIEEEEEEEEEEE!!

That's the sound lusers make as they get their so-called browsers hijacked and spywared to death.

They're working on that.

They're working on that. It's called Longhorn. Maybe you've heard of it?

Whether or not they'll achieve any or all of their goals for Longhorn is, of course, open for debate based on past events. But the goal from the beginning has been to de-cruft Windows (and "improve" the user interface by making even more of it task-based. Joy!).

But frankly, my money at this point is on Longhorn being another Windows ME. Big on promises, half-assed changes, and lots of bugs. Maybe I'll be pleasantly surprised.

Re:They're working on that.

[wootest]

I've heard the Windows ME point to death. Do you know why they made Windows ME? Because 98, even with 98SE, wasn't up to snuff for the people that weren't ready to jump to the NT platform yet (which was where they were going with Whistler - which is what XP was known as back then). I think they just rushed it and it was a good base of half-baked ideas, but it was certainly a lot buggier than any other Windows release in recent history.

Contrast this to Longhorn - for once, Microsoft has bet the lion's part of their resources on one project to overhaul the system. If I understand this correctly, this includes making the kernel run as managed code - a huge undertaking in itself - but also revamping or replacing vast parts of what's under the GUI but above the kernel.

It's been big on promises both under the GUI (ie system features) and other, more advanced features that you actually use directly as applications. They realized that it'd take freaking forever, cut a big chunk of the touted advanced features and are now focusing on what's left. It's not going to be rushed and it will bring a big deal of new stuff, including vastly improved stability. So yes, if you're expecting Windows ME, you'll be pleasantly surprised, because this time, what's new in there isn't half-baked, isn't unstable and actually changes the core of the system to be more secure. They were very big on promises, and this seems like a major mistake now, but I think you're going to get your money's worth.

Re:They're working on that.

[wootest]

My basis on thinking that it'll be more stable and secure is that - if I've gotten this right - major parts of the actual architecture will run as managed code and it will therefore be easier to 'throttle' any bugs or exploits.

I love Linux as much as anyone here, but seriously, saying that "3D stuff on the desktop isn't anything new and we have it already running on linux." is just meaningless. Lots of technologies already exist. However, the vast majority don't use them. Are you willing to bet that even 5% of Linux *desktop* users use "3D stuff on the desktop"?

WinFS may not be coming, but there's certainly plenty of stuff available. Paul Thurrott has a nice article about some of the new stuff, and I like the look of things like Stacks. (Advocates, take note; Paul Thurrott is a semi-Microsoft advocate. ;)) Syncing and searching are always nice, as is competent permissions - Windows will actually put up a dialog asking for temporary administrator permissions when doing stuff like installing programs; the way it's done in OS X, BSD and *nix, and about damn time, too. (The link above had a screenshot of this earlier and I think it's been removed.)

Microsoft might have had to tighten a lot of security screws all over the place, and might have had to restructure a lot of the internals as well, but I don't think the "Applications" team have been noodling since the release of XP.

Otherwise we'll have to wait until it's released to say anything good or bad about Longhorn. In the meantime there are anough things to say about XP. Both good points. But all I'm saying is that for something that will have been in development for over five years (at the time of release) by one of the largest companies in the world should not reasonably be assumed to be as crappy (or even half as crappy) as a rushed Windows version that too at most two years to finish and mainly served as a good reason to upgrade to XP**. I don't want to glorify Microsoft - they've done enough to warrant my outright hatred and very little to make up for it - but I'm just saying that it's not very logical to underestimate them either.

(In the interest of full disclosure, I'm writing this on a Mac, and my other two computers run XP and Fedora Core respectively. I try not to be biased but judge everything on its merits rather than on its supporters or its history. I've also never tried out Longhorn myself.)

(** The Douglas Adams in me wants to add "where of course new exploits await your pleasure" here, but I opted against it because this comment is long enough already... what's that? Oh. Crap. ;))

Re:They're working on that.

[ckaminski]

No, windows millennium was a stopgap that forced most software vendors into realising that the end of the road for perfect DOS support was coming, and coming fast. The few home owners who got that piece of shit made it real clear real fast that things had to change. The fact that most vendors didn't adopt Millennium for long drove home the point just a little quicker. Time to evolve. The days of not functioning on an NT core are coming to a close.

What is sad is that I had to support that monstrosity. Thankfully, not many WindowsME machines made it into the wild, and most are quickly and violently disappearing under the influx of XP Home. (THANK GOD).

Microsoft cannot evolve the platform fast enough anymore. All their innovations (evolutions) will be done in the backoffice. Desktop is not going to change that much.

Dr Seuss explains IE

[TommyBear]

If a packet hits a pocket on a socket on a port,
And IE is interrupted as a very last resort,
And the address of the memory makes your FireFox abort,
Then the socket packet pocket has an error to report.

If your cursor finds a IE link followed by a dash,
And the VBScript code puts your windows in the trash,
And your data is corrupted because IE and Firefox clash,
Then your situation's hopeless and your system's gonna crash!

Re:Dr Seuss explains IE

Nice. I read that in mud help files in 1994, only substitute all the modern technologies with mainframe jargon. I don't mind the update, but don't hijack it, paste a new face over the top of it, and try pass it off as your original work. That's very Microsoft of you.

Re:Dr Seuss explains IE

[juggleme]

Yup. And the original's a whole lot longer.

Here's a link to a copy of the original.

I'm Confused.

[itsNothing]

I mean if

... there are no Operating System APIs that IE uses that are not documented on MSDN as part of the platform SDK and available to other browsers and any other software that runs on Windows..

Then how is it that ...

IE is part of the Windows Operating System so that parts of the OS and other applications can rely on the functionality and APIs being present.

These two statements seem to contradict each other. Either:

It's part of the OS and uses "internal" or protected calls that provide it a significant advantage OR It uses the exact same interface as any other program in which case it can be pulled out and replaced without affecting anything else in the OS.

Re:I'm Confused.

[Richard_at_work]

They dont contradict each other. What it is saying is that IE is implemented using publically available OS API calls only, not secret ones as people have surmised, and that it is PART of the OS in order to provide some DIFFERENT API calls to third party applications.

The two statements bear no relation to each other, other than that they both relate to IE and APIs.

Re:Automatic Cup Holder

[grasshoppa]

Uh, if mozilla supports vbscript then it would be allowed in mozilla or any other web browser for that matter

Er...isn't that sorta the point?

Why do people willfully make this silly argument?

People just love to makethe definition of "OS" whatever is best for them to bash MS.

The MS guy is right. Microsoft was right in court. It's not rocket surgery, haters.

IE is part of the business component "Microsoft Windows". It's "part of the OS" in terms of customer expectations, developer expectations, and the business defintion of what Microsoft defines as an OS. Actually, nowadays it's finally recognized as absolutely ridiculous to ship an OS without a browser.

It is _not_ a part of the OS proper in a CS/technical definition. It is not required for functionality of the kernel or core OS services.

erm...

[carpe_noctem]

"IE is part of the Windows Operating System so that parts of the OS and other applications can rely on the functionality and APIs being present."

So why not just have an html rendering library and make IE an optional add-on? Plenty of other OS's seem to get by with this approach; I guess that none of them are so hellbent on pushing out a particular product...

Re:erm...

[INeededALogin]

Exactly... this is most likely why Microsoft was found a monopoly... the .exe is not providing the OS API for 3rd party and other windows components, it is the html rendering library.

OS X has its WebCore and Safari is built on top of that. Anyone in the world could use the WebCore libs and make their own browser out of it.

Same for FireFox... Why do you think Netscape is so easily able to use the Mozilla renderer... because it is a library.

Microsoft's argument for not detaching IE is retarded as the executable is so not needed for anything. If they had been asked to remove the libraries, then they would have a problem.

Now, for the courts of course... Microsoft would always want to remove everything that is IE to prove that it has a huge purpose.

Re:Automatic Cup Holder

[MindStalker]

Thats the point though the IE gives websites access to the APIs of other programs like WMP without asking the user.

IE's Win Connections arethe Problem

[sjvn]

IE is part of the Windows Operating System so that parts of the OS and other applications can rely on the functionality and APIs being present.

Guys, uh guys, that's The Problem.

http://www.eweek.com/article2/0,1759,1776387,00. asp

To sum my thoughts in that story up, you have a gateway, IE, to the Internet that has deep, Inadequately Protected, connections to the core operating system.

IE, in specific, and Windows, in general, cannot be secured.

Microsoft's one seamless whole is really one giant security hole.

Steven

Re:IE's Win Connections arethe Problem

[Swamii]

That's a common misconception by the uninformed.

When we say it's "integrated into the OS", we mean to say that the html rendering engine (mshtml.dll & SHDocVw.dll), along with the simple GUI app that uses these interfaces (IE) are installed with the OS. They don't have "deep ties" or "connections to the core OS"; the Windows kernel has zero knowledge of IE. By installing the html rendering APIs and making them public, 3rd party applications are free to use the rendering engine for their own purposes.

Re:But, I thought IE WAS part of the OS

[danheskett]

It is part of the OS. That's the part of the post he made.

IE is part of the OS primarily because it is an API that is relied on by other parts of the OS, and other 3rd party apps.

It is rightly described as "middle-ware". Clearly, it's not a driver, or the kernel, or whatnot.

But also clearly, it is not a single executable strapped on top.

It's integrated, but using only methods that and API that are available to anyone to use.

From a web developers eyes.

[dacoto]

As part of the testing phase when I design a new web site I have to point out that the majority of my time is spent "tweaking" the site to display correctly in IE. While on the other hand I can take the same site and test it in Mozilla, Firefox, Konqueror, Safari, Netscape, etc. on various platforms (Linux, Mac, and Windows). I don't see why all browser developers can not or will not just design browsers to be equally compliant. With all the market share MS already has in my opinion they should, as atleast an act of good faith, build IE to conform with standards. I can not see any reason not to, I mean come on how difficult is it.

Re:From a web developers eyes.

[mankey+wanker]

I agree with the above poster, that's the main problem right there: non compliance with standards.

Security is also an issue, certainly. It's less of an issue if you aren't a complete bonehead.

Re:From a web developers eyes.

[MemoryDragon]

You dont know Microsoft my friend. That has been their tactics since the mid eighties. They call that embrace and extend a standard. Which is the standard way for them to take over existing standards.

First they follow the standards, then they start to extend them with Microsoft only stuff, then they add bugs to their implementations which they never fix, and in the end you have to do twice the work, once for Microsoft which by then usually has the significant market share and once for the rest of the world which still follows the standards. If you just follow the standards then you get the heavy beating of the users. Most people simply due to cost reasons then do Microsoft only versions and basically cement the monopoly of Microsoft. This is not done due to lazyness but often due to cost reasons.

The last step of this approach is to take over entirely, close the standard, break it in every possible way and put NDAs patents etc.. on it so that nobody outside of the Windows world really can use it.

This tactic has worked with SMB so far, Corba was another thing, OpenGL as well which basically was the base for the first really usable Direct3d version. With HTML Microsoft already has started to do it by not implementing a properly working CSS1 and totally ignoring CSS2 and 3.

They already work on a closed replacement called Xaml which should by pushed by not doing anything they speced themselves in the W3C. They already broke SVG with an incompatible implementation which they called differently and plasted with patents although only a few commands are broken, and the next step on this road probably will be the breaking of the newly specified open document format.

Kerberos was such an issue as well, they added a few bytes to the standard implementation and put everything under an NDA.

So what does this say to you. Dont expect anything from Microsoft, and the last you can expect is some decency and goodwill regarding the usage of standards, they only follow standards as long as they have less than 30% market share.

Also dont expect anything from your users, the average user is not aware of this whole mess caused by them, they just want things to work, the problem is they most of the times want to work with half working soft which has nice UIs and the tag of microsoft on top of it.

Which basically means you run constantly into problems and cannot move towards working alternatives.

If I count all the time together in the last 10 years, I probably have spent around 30% of my working time to navigate around problems Microsoft deliberately has caused and never fixed. The percentage probably would have been much higer if I had not used java and other cross platform stuff in the last few years, which normally just works.

And I am probably not the exception, count towards all developers in the world which have to deal with Microsoft platforms and the problems caused by them and you probably end up with the sum Microsoft has in the bank calculated from the loss of worktime over their deliberate breaking of standards.

So in the end my conclusion is that lots of the earnings by Microsoft are basically indirectly drained from the worktime of others to bypass their monopoly game on the technical side to make things work again. This is not a false conclusion since their non standard conformity tactis have been used by them since the mid eighties on a regular base.

They lied about it last time

[truthsearch]

An article from 2003:

Microsoft allegedly opened up Windows APIs last year... Now, Devos claims that Microsoft's disclosures remain sufficiently inaccurate and incomplete for developers to continue using his own documentation.

Devos claims that Whirling Dervishes has discovered hidden Windows interfaces that are crucial for the development of such applications, but whose existence is denied by Microsoft. Not much change there then, post-lawsuit. These and other interfaces which Devos says should have been part of the API disclosures are used in NSELib, and he proposes to make public full documentation on how to use them.

Re:They lied about it last time

[kahei]

Given that the shell namespace interfaces (which appear to have been what Devos meant, although he never really said) ARE documented, which is how come people write SOFTWARE with them, and that Devos never actually came up with a single instance of an undocumented API or interface, and that the area is really pretty well explored and understood, and that Devos' products just happened to include Windows API documentation and utility libraries... which he had to persuade people to buy somehow, even with the regular MS libraries and docs already available... ...no, actually, go back to believing what you believed before. It's easier, right?

Microsoft = pure genius

[XeRo_X4i]

The employees at Microsoft are pure geniuses. I mean, look how long they have been able to pull off shit like this and still profit. Either that or the general public is stupid, which makes Microsoft look intelligent.

Microsoft Unfairly Competes

[MojoRilla]

To be clear there are no Operating System APIs that IE uses that are not documented on MSDN as part of the platform SDK and available to other browsers and any other software that runs on Windows.

This is always the standard Microsoft defense. Our products are written with the same API's as are available to everyone else. Everything's fair.

Except that Microsoft developers get access to the people who wrote the specifications. They can influence the specifications to change. In fact, according to a friend of mine who works at Microsoft, they have a tool which highly optimizes their code after compilation, by, among other things, moving the infrequently used code like error handling routines to the back of their DLL's, etc.

The fact that this tool hasn't been released to other developers is proof that they unfairly compete.

Re:Microsoft Unfairly Competes

[bpbond]

The fact that this tool hasn't been released to other developers is proof that they unfairly compete.

What? How is that unfair? They must document and release all APIs, sure, but all their in-house development tools too? That's quite a standard, and I bet not one you'd put on any other company in any other industry. Assuming those tools use some clever coding and those same public APIs, what's to stop anyone else from making their own super-DLL-optimizer?

I agree with the basic subject of this post ("Microsoft Unfairly Competes"), but this seems ridiculous.

From the blog..

[tmasky]

"As we develop IE we go through very thorough and stringent security reviews to ensure that every change is secure and does not expose the user to attack."

I would have loved to be at the party they must have had when ActiveX went through it's security reviews.

Seriously though, that post was a load of bollocks. But hey, I pity the guy.. in a way. He can't turn around and admit the architecture's a piece of shit.

Complete nonense

[gilesjuk]

What he means is parts of the Windows desktop environment rely on the HTML engine which is also part of IE.

It's like saying KDE can't work without Konqueror and KHTML. Of course it can, you use Gecko.

Also they obviously mean IE is part of the Windows distribution package. Are they going to say MSN/Windows Messenger is part of the OS next?

Honestly, it is this kind of technical retardedness that stops me using Windows.

Re:what?!!

[TommyBear]

Yes but that is just explorer. explorer is an app in windows just like anything else. You don't need explorer to run windows, in fact you can replace it. So no IE isn't REALLY part of the OS but it is reused heavily in primary apps on the windows desktop.

Re:It IS part of the OS

[RailGunner]

ls is an application. It's a utility, not part of the kernel.

The reason IE is part of the Windows operating system is because of mshtml32.dll, shdocvw.dll, etc. - System DLL's that explorer.exe uses. Really, all IE does is to wrap the browser control and provide bookmarks, etc.

In all seriousness, this is not a bad thing - it promotes code re-use in the Windows code base and prevents Windows developers from having to continually re-invent the wheel (or browser). The problem is that IE (ahem, the Internet Explorer_Server Window Class) is a complete piece of vulnerable, buggy, garbage.

It's really easy to use though - Anyone can write a simple MFC based browser - just use CHTMLView for your view class, add an address bar, implement navigation buttons, and hook it up to either the correct CHTMLView member function or the correct COM call if you're doing it that way, and you're done. Should take 2 hours tops.

Damage caused by removal

[bnisonger]

I have a friend with whom I go to Rutgers Law at night. Said friend (he is a good guy, just not technically savvy) likes, shall we say, a particular kind of Web content. Sites which contain said content often contain "helper" applications. He noticed them and decided to install FireFox so as to not be so vulnerable (rather than just hiking his browser security settings when visiting such sites). Decided further to remove IE from his Windows XP SP2 machine. Result: Machine no longer will get on a network, even when all NIC drivers are reinstalled and connectivity parameters are entered manually.

Granted his machine is a bloody mess, riddled with SpyWare but, prior to the uninstall, at least he could connect to a network - which would make my thankless task of resurrecting this poor abused box much easier.

Lesson: Sure, IE isn't part of the operating system, provided you don't count a working TCP/IP stack as a necessary part of the OS.

(Un)documented API Functions

[kiveol]

I was speaking recently to a developer working on Longhorn and he gave me the following information: IE cannot legally, since the court battles, use any undocumented system API calls. Therefore all of the calls that IE used have been made public on MSDN. They may have strange names and actually do other things than the documentation strictly says, but Microsoft has been forced to announce what "they do" to the public at large.

Re:Automatic Cup Holder

[Xiaran]

(Actually, this might not work on IE 6.0+. Can you believe they actually fixed the problem.)

Still not fixed, at least its not fixed as of IE version 6.0.2800.1106

Riiight...

"To be clear there are no Operating System APIs that IE uses that are not documented on MSDN as part of the platform SDK and available to other browsers and any other software that runs on Windows..."

Several points to this:

One, the MDSN documentation is horrific. There are few examples and fewer cross references. So you get into a game of "find the API" call you want.

Second, many of the API's are horribly quirky and have known bugs. The bugs tend to stay because programs become dependant upon them. But the MSDN documentation NEVER DOCUMENTS these "quirks". I'm sure IE has plenty of workarounds for these... but still use the "documented API's"

Thirdly, Microsoft will change the OS calls to suit their whim. Then bury it in the documentation with maybe a one-line blurb buried with about a dozen under changes in the latest MSDN release. (EG The new list control grouping features for XP or when they implemented "coolbars" for IE) And then there were few examples of usage. So general acceptance doesn't occur until some kind soul has trudged through the pixel mines and figured out how the new control API's work.

Lastly, IE functionality may only use ONE OS API call (CreateWindow) and have all custom code written for the rest of the app...er..kernel module...

Re:Careless?

[theMerovingian]

I see you're trying to counter the open source movement... Let's get started! Would you like to:

-Spell check

-Grammar check

-Print this document

-Connect to Microsoft Office Online

[/CLIPPY]

Re:Automatic Cup Holder

[grasshoppa]

What, Mozilla does security through lack of features?

If the "features" are insecure, would you want them?

Re:Careless?

[natrius]

You might want to check your spelling when you're making a very public argument about how your software is not more prone to vulnerabilities than another.

Who proofreads blog entries? That's like clicking the Preview button on Slashdot.

Hee Hee

[mattyrobinson69]

kind of offtopic, i know but anyway. i was bored in college once, so i wrote a VB app in about30 seconds with a textbox, a go button and an IE OCX. the code was this (might not be perfect, ive not done any VB for a long time now):

sub command1_click()
iecontrol.navigate2 text1
end sub

And it was suprising how the security of IE is tied to the address bar and the rendering portion of the browser allowed me into c:, which i wasn't allowed to do in windows explorer. i cant remember if i was able to add/edit/delete files or not though.

Really. .. ?

[abhinavmodi]

To be clear there are no Operating System APIs that IE uses that are not documented on MSDN as part of the platform SDK and available to other browsers and any other software that runs on Windows.. How do we know ? You did not show us the code ;)

Newspeak

[inKubus]

'IE is part of the Windows Operating System so that parts of the OS and other applications can rely on the functionality and APIs being present. To be clear there are no Operating System APIs that IE uses that are not documented on MSDN as part of the platform SDK and available to other browsers and any other software that runs on Windows..'

But was this case 7 years ago when Win98 came out with the integrated browser? NO. Only now that they've faced anticompetitive presures have they been willing to document certain "secret" api's.

Most of the best software available between 98 and 2002 (when they started releasing api's to the public) was designed by former microsoft alumni or other big companies working in close collaboration with MS. What little information that was available was only available in the "Microsoft Press" books.

This is just another case of Microsoft newspeak, ie: Documentation for most of our API's is available for free, (implying) Documentation for most of our API's has ALWAYS been available for free.

Re:Newspeak

[man_of_mr_e]

Uhh.. No. The MSDN program started in 1993. In particular, the IE API's have been available on MSDN since IE3, which was before MS had "integrated" it in the OS.

Humility

[sriram_2001]

I'm the guy who posted the story to Slashdot. One thing I noticed and which got edited out was that - nowhere in the post, does Dave Massy criticize Firefox itself. Though it is his own personal blog (it is not the IE team blog), he never mentions anything about Firefox. On the other hand, we have various people associated with Firefox badmouthing IE every chance they get.

I'm sure Dave could have pointed out with glee Firefox recent security problems (IDN, GIF handling ) or update-rollout problems. Can you imagine a Firefox dev not jumping on similar problems with IE and making fun of them?

Re:Humility

[bluGill]

They are tying like everything to ignore FireFox, while responding to the threat. They will be forced into the next step, but not until we get firefox a lot more popular.

I'm not helping though. I like Konqueror much more than firefox.

Antisocial Engineering

[Doc+Ruby]

I worked with a guy last year who came from the IE6 team at MS. He wasn't a programmer, but he agreed that it was common knowledge on the team that IE used secret APIs for better performance/quality, which competitors like Mozilla couldn't. He also said that this was also true about MS SQLServer, though he didn't have direct knowledge. And that these secrett APIs weren't controversial, or just gossip - they were assumed by everyone talking about development strategies for those products.

This MS developer is lying. I used to talk with people programming VB6, when I was project lead for a big NYC insurance project that MS was hot to get started in the industry through. They would routinely lie to me about internal code paths that were triggering bugs, especially in printing. When I would analyze them into a deductive corner, they would tell me a little truth. Their big mistake was their managers' greed to get into the industry, which put me in direct, unmediated contact with the programmers, combined with their technical inadeqacy to keep up with the discussions enough to mediate them.

I suspect that the MS claims of "national security" interest in keeping their code secret is based partly on the political havoc that would ensue (pun intended) if we could see just how much MS code is written to protect their anticompetitive abuses. The Department of Justice would have a lot to answer for, and it certainly wouldn't stop there. Especially if the ripples could prove how many Congressmembers were bribed to keep their monopoly "remedy" decisions untouched by human hands.

Re:Antisocial Engineering

[the+eric+conspiracy]

This MS developer is lying. I used to talk with people programming VB6, when I was project lead for a big NYC insurance project that MS was hot to get started in the industry through.

Given the history of Microsoft on this issue I cannot imagine that anyone would take ANY pronouncements of this sort at face value until you can go into Add/Remove and uninstall IE and seemlessly replace it with another browser. If IE is only providing services to other applications in the manner they describe, MS should publish the API so alternatives can seamlessly replace IE.

If somebody from Microsoft is making pronouncements of this sort without first getting them approved by MS and their legal team there are either nuts or looking to be fired/sued. This developer should be viewed as the Mouth of Sauron until proven otherwise.

Re:Antisocial Engineering

[IamTheRealMike]

Yeah, I mean seriously. IE only uses documented APIs? What's this then?

Can somebody - Dave? - point me to the API that let IE4 add a "Favourites" item to the start menu in Windows 95? I don't mean something that was documented last year, I mean something that was documented ... in 1995. I don't think there is such an API. I don't think there ever was.

Can somebody - Dave? - tell me why the IE installer calls the undocumented Extract cabinet.dll function?

As far as I'm concerned this is all very simple. Could Netscape have done to Windows 95 what Microsoft did with IE4? Obviously the answer is no: IE did things that weren't just *adding* APIs, they were replacing core parts of the OS like Explorer in order to add the Favourites menu, Active Desktop etc etc. Dave is full of shit and the sad thing is, he probably believes his own story.

Re:Antisocial Engineering

[BAILOPAN]

It's not magic, Raymond Chen debunks some of those assumptions in his article. He specifically notes many people view this as undocumented APIs.

Re:Automatic Cup Holder

[Zaiff+Urgulbunger]

But you *can't* fix them! Those bits use proprietry MS code. What MS is saying is that anyone _could_ hook into their code, and therefore, arguments that IE is tightly integrated with the OS are rubish.

But the counter argument being made here is that, yes, Mozilla (for example) could integrate with these MS "features", but doing so would result in an insecure browser.... so probably not a good idea.

I'd venture that MS can't _un-integrate_ them from IE because and bunch of other code (from MS office to Encarta) depends on this functionality.

And I'd further venture that the "..get them fixed.." idea has occured to MS but that this isn't easy to do due to poor design.

And hasn't that been the argument all along?!

Re:Gone to the dogs

[Myen]

Especially considering that it's not VBScript's fault, is the WMP ActiveX control. That particular piece of code can be translated into JScript rather trivially and work just as well.

It will not work without Windows media player.

It does not involve any privlege escalation either - it was designed to do that (even if rather stupid).

Kinda wish the modded-Informative post-bashing would at least get their facts right... Yeah, I know, never going to happen.

Re:Automatic Cup Holder

[dasunt]

If the "features" are insecure, would you want them?

User: I want to be able to log in without a user name or a password! Remotely!
Tech: That's horribly insecure
User: I don't care! Its easier that way!
Tech: * finds rusty knife and commits seppuku *

And that, boys and girls, is one of the reasons why Microsoft is the 800 lb gorilla. It understands that users are more than willing to sacrifice security on the altar of 'its easier that way'.

I confused

[asoap]

I'm not all that technical, so I might have gotten this wrong. But did this person just admit that IE is not apart of the operating system, but it just relies on APIs built into the opeating sytem? Therefore it can be removed from the opeating system?

Hello? Wasn't this an issue of the monopoly law suit? That it CAN'T be removed from the operating system?

I must be wrong, so somebody please clear this up for me. Can somebody explain this to me in lamen's terms?

Also, he says that the IE development process prevents them from introducing bugs into the software? Then how does stuff like viewing .jpgs become a security flaw? Is it that there development process is just not up to snuff? Or is it the APIs that the use from the operating system that are flawed? So it's not the browser, that's flawed, it's the operating system? That makes me feel better. Also regarding a user experience the difference between the operating system is null?

I confused.

interesting comments

[rizzo420]

the blog was obviously microsoft-centric, considering it was written by an employee. however, the comments were pretty interesting and thought-provoking until you got to the ones posted today after this was posted to slashdot. why must all the people on slashdot be out to get microsoft? as a company they are not evil. a lot of the comments to the blog just make open source advocates out to be a bunch of complete idiots. one comment in particular... "move away from closed source, that's always been microsoft's downfall". microsoft doesn't seem to be collapsing or losing money to me... apparently closed source works for them. come on now people, get real...

Re:interesting comments

[HerbieStone]

Changing Windows 3.1 so it would show an error-dialog when started from DR-DOS is evil in my book. From then on they lost my trust and I guess I wasn't the only one.

Re:Automatic Cup Holder

[iamacat]

I would, if only MS didn't claim EMBED tags are their OS.

Windows Updates

[flood6]

Dave Massey: "IE in turn relies on Operating System functionality to do it's job. To be clear there are no Operating System APIs that IE uses that are not documented on MSDN as part of the platform SDK and available to other browsers and any other software that runs on Windows."

Really Dave? Great, so i can use Firefox for Windows updates?

Re:Windows Updates

[man_of_mr_e]

The only thing preventing Firefox from being used for Windows Update is the Mozilla foundations refusal to support ActiveX, which is patently stupid because Mozilla extensions are exactly the same thing.

Microsoft could, if they wanted to, write a Firefox/Mozilla extension for Windows Update, but there's nothing compelling them to do so right now.

Re:Automatic Cup Holder

[steve_l]

The specificness here is that the ActiveX control that comes with windows media isnt smart enough about handling running in an untrusted container.

there are win32 api calls that manage this (you have to implement some other interface in your COM object to get told about security zones), but nobody ever does.

ActiveX is the underlying problem here. They took something that worked in a constrained role -OCX controls for adding functionality to VB apps, and made them -as you note- scriptable by web pages.

the worst part: they dont give up. Even IE6SP2 leaves activeX at "prompted" in the internet zone. Since windows update sites are in that zone, you cannot run windows update without saying yes to prompted downloads. If you disable AX in the internet zone, bye-bye security patches. I despair.

Re:Automatic Cup Holder

Or perhaps your scenario indicates the failing of the technology industry to find a solution that does not place undue burden on the user?

What are these APIs they found?

[Len]

It's nearly two years ago that Whirling Dervishes said they'd found these secret functions and promised to release documentation on them. But I can't find any documentation or specific info on their web site.

Patches on Security Patches?

[nacredata]

I'm not sure what to blame, but I just compared IE and FireFox side by side on a PC isolated to my local network. FireFox loaded many pages many times faster. Then I uninstalled all the virus protection (Norton) software on this newly aquired PC (as it will always be isolated to my local network for in-house testing) and IE performance improved dramatically.

HE IS A LIAR

He says, "To be clear there are no Operating System APIs that IE uses that are not documented on MSDN", because he knows we cant go and check the source to ensure he isnt lying, BUT HE IS LYING.

http://www.desktoplinux.com/articles/AT7614463206. html

Jeremy White (CEO of CodeWeavers) who actually got IE to work under wine says so:

Lehrbaum: Did the issues that needed to be addressed relate to undocumented Windows functions used by the app, or non-API functions and/or environmental considerations expected by the app?

White: In the case of Quicken and QuickBooks, no. For Visio, you can see that the programmers at Visio had used some rather interesting pieces of the Windows API. These required new implementations or new understandings of the Windows API, and a reworking of Wine. For the undocumented API calls, the king is Internet Explorer!

Re:HE IS A LIAR

Yeah, because White stands to gain..um, err..nothing at all from lying?

Re:HE IS A LIAR

[Teddy+Beartuzzi]

Riiiight, Microsoft is the paragon of virtue, and has nothing to gain from lying?

I don't even know this guy White, but he's certainly got a way better reputation than Microsoft, with their history of nearly 30 years of deception.

Come on now

[FyberOptic]

Everyone keeps whining about not being able to remove IE from Windows. But did you ever stop to think about just how many applications actually use IE's API, and integrate html and web pages into their programs? So even if it were possible to rip IE out of Windows, which so many people seem inclined to do for whatever reasons, those programs just wouldn't work anymore.

And you know why? Because nobody else has developed such an API for Windows. It's not impossible for one to replace IE's API if they really tried. I know that many of the open source software developers are a clever breed, and can work around any obstacle presented to them. It's just that nobody's done it, or even tried to do it that I know of.

So don't whine about not being able to remove IE if you don't have an adequate replacement to prevent many other pieces of software from breaking. It would become a tech nightmare if IE WAS removable, because then every dummy would be trying to uninstall it to hate on Microsoft like all the "cool" people, then be crying for someone to come fix their machine when all their instant messengers stopped working.

I mean seriously, if you hate IE that much, why are you even still using Windows?

It's not that confusing really

[Craig+Ringer]

Consider OpenSSL. OpenSSL is a Linux operating system; however it is a fairly independent library implemented using only public APIs. Many parts of "the operating system" depend on OpenSSL and would break upon its removal.

Ditto MSIE.

IE uses public APIs from the OS. Other parts of the OS use public APIs of IE. Thus IE cannot be removed from the OS without removing or altering the components that depent on it - such as, AFAIK, Windows Explorer (the file manager).

We can question the decision to make other parts o f the OS depend so deeply on IE, and we can question the decision to make that dependency on IE rather than an abstract "web browser API" that could be implemented by other tools. That doesn't change the fact that it's still a part of the OS.

Re:Automatic Cup Holder

[Hachey]

Eh no, this is an issue will allowing scripts run with unfettered access to the system. Made IE great for intranet applications but a security disaster on the web.

Oh, I'd say less of a security disaster and more of a security mushroom cloud. It is pretty much the source for most security problems on the internet.


-----
Check out the Uncyclopedia.org , the only wiki source for not-semi-kinda-untruth about things like Kitten Huffing and Pong! the Movie!

Re:Automatic Cup Holder

[DavidTC]

Or, in the case of automatially installing malware, any burden on the user!

Re:Automatic Cup Holder

[n0-0p]

Someone please mod this post up. It's the only one that addresses the real issue. When people talk about IE's integration with the OS they are referring almost entirely to ActiveX and Browser helper objects. These are the real root of IE's security and malware holes.

Re:Gone to the dogs

[bonch]

Where have all the great OSS zealots gone that could argue down windows folk with a brilliant point of logic.

They bought Macs and are too busy actually getting things done to post here about the latest response from an IE developer.

/. is overrun with Microsofties.

[khasim]

This is going to get mod'ed down, but so what.

The fact is, there are more uninformed people out there than there are informed people (just read the crap in the original article).

Another fact is that there are more Microsoft fans than there are Open Source fans (right now).

So, the intersection of those two groups means that there are more uninformed Microsofties than there are informed Open Source fans.

And those Microsofties, for whatever reason, have decided to hang out on /. and farm mod points so they can step on things they don't agree with.

Get used to it. That's the same way it will be throughout most of your life, unless you restrict yourself to very exclusive groups with very high entrance requirements (/. is not one of them).

Where have all the great OSS zealots gone that could argue down windows folk with a brilliant point of logic.

You can't argue them down. They don't know enough of the material to know how ignorant they are.

I've argued here with people who swore that SMTP did NOT have authentication. Even after I posted links to the RFC's.

Re:They are not serious

[timjdot]

Yep, once the megalith recognizes the upstart then the upstart has succeeded. That is how we can surmise FF and Linux are ending M$FT's strangle-hold on technology advancement. Viva la software developer, maybe a time of advancement awaits!

Re:Gone to the dogs

[dknj]

Hold on hold on, let me get this straight. You originally said that IE is allowing secret hidden APIs (at least that is what is interpreted from your quote) because there was a security hole that allowed VBscript to load arbitrary ActiveX controls. Yet you failed to give any example of how Microsoft has kept developers from integrating VBscript into their own applications (for sake of argument, we will say Mozilla). Then you went to change your argument to how MS is so bad because they allowed such a glaring security hole. Do you see the topic jump there? We've gone away from talking about these secret hidden APIs that supposedly exist to bashing MS because of an old security hole.

3 years ago your post would have been -1 troll or flamebait and no one would have cared to argue with you. Times have changed and moderators are not moderating properly and have given you +5 interesting for a comment that is IRRELEVANT to the article. I am a windows supporter in the fact that I use it on a daily basis. I am also an OSS zealot in the fact that I use and contribute to many OSS projects.

I have yet to see a valid comment about how Microsoft his hiding secret apis from developers. Instead I see this post-apocolyptic wasteland created from your comments and the moderators that are falsely promoting your FUD.

-dk

I'm a happy user of MS products, but...

[hkb]

I'm not your typical Slashdot-fanatic, M$-hating, L1nux d00d. I love most of the latest MS products and think they're solid (as long as you're clued).

However, I literally laughed out loud when I read the following comment by the blogger:

As we develop IE we go through very thorough and stringent security reviews to ensure that every change is secure and does not expose the user to attack.

Which version of IE is this?! Nearly every released version of IE has had laughable (keep in mind, I'm not a Linux bigot) security flaws. I'm sorry, but you can't feed the sheep their own shit. They know, they KNOW.

He goes on to say:

The security of any browser is irrelevant to if it is part of the operating system.

That seems to be Microsoft's mantra. However, any security engineer or person with common sense would disagree.

If we are to debate security of browsers then let's bring in relevant arguments and accurate details about different possible attacks rather than rely on the irrational fear that because IE is part of the operating system it must be exposing OS functionality to the web.

Are you fucking joking? There is documented exploit after exploit demonstrating this. People aren't pulling it out of their asses. It's backed by fact, something you appear to be ignoring.

I'm a somewhat-loyal MS customer, but I've got to say I don't like reading tripe like this. What I do like reading is "we're going to fix IE's security model and this is how we're going to do it, what does the community think?".

Perhaps the IE team needs to review their security procedures, because they fuckin' suck hard.

Way to go Slashdot.

[KarmaMB84]

I could tell that Slashdotters were posting half way down the page when the comments turned into "OMGF OSS" and "But in the anti-trust case..." bullshit repeated over and over again.

My Problem Isn't With "Secret API's"...

[Carcass666]

Frankly, I could give a rat's ass if IE uses super-secret API calls. Other browsers seem to do just fine without them.

To me, the larger problem is the level at which other applications leverage IE's COM interfaces (IWebBrowser, etc.). These interfaces are published in the Platform SDK as part of the Windows development environment, without much mention of IE (that I could find). But using them requires IE to be on the system, since Microsoft makes it difficult (imposible?) for other browser applications to expose these interfaces and to be used instead of IE. Quickbooks is a great example, it uses these COM interfaces to include web pages in its application, requiring keeping IE on the computer in organizations that would like to purge IE. Sloppyness on Intuit's part? Perhaps. But is it really in their best interest to wedge support in for say, Gecko, when IE is pretty much guaranteed to be on the computer?

While it might be a misnomer to say "IE is part of the Operating System", it might as well be since developers are guided with a club toward it.

Insecure features

[CDarklock]

Features are not insecure, users are insecure.

There is an old saying: UNIX doesn't stop you from doing stupid things, because that would stop you from doing clever things.

We used to complain that you couldn't do clever things on Windows. Now we're complaining that you can do stupid things on Windows.

Meanwhile, Linux continues happily letting people do even stupider things, and whenever these people complain -- we respond that it's their own stupid fault for not being smarter.

So why is it always the user's fault on Linux, but always Microsoft's fault on Windows? It seems to me that all the recent email worms need some dumbass to actually RUN THE PROGRAM. On Linux, we would say this user was stupid. But on Windows, this user was victimised by Microsoft's insecure operating system? I don't think so.

Security is the reciprocal of convenience, and the developer is simply unqualified to determine what security I need and what convenience I don't.

Re:Insecure features

[moderators_are_w*nke]

Thats simply not true. Linux does let you do incredibly stupid things, but only as root. Its also designed in such a way that you mostly don't need to be root. It is therefore a reasonable assumption to make that a person running as root will be (i) Cluefull and (ii) careful.

Windows, however is setup in such a way that if you want to do pretty much anything that you need to run as 'root' to do anything, as gaining additional privilages for a single command on windows is a pain in the ass (actually, this is getting better see RunAs). Therefore Windows is forced into a dumb compromise which pleases nobody where superusers get training wheels and morons get the ability to screw things up royally.

FireFox will Burn

[PaulQuinn]

I use FF now, but I have a preminition:

IE will get fixed, people will accept it and the world will move on. FireFox will go down as a footnote in history as the browser that fixed IE.

Great comment:

[Steve+Cowan]

The linked article is Dave Massy's blog entry with comments at the bottom. Dave attacks the Firefox site's assertion that it is more secure because it is not "rolled into the OS" like IE is. In the comments at the bottom, this one by Dave Thomas puts it up so well...

"Now I'm pretty confident that Mitchell doesn't actually know the details of how IE is developed so I don't fully understand the basis of the statement."

The basis of the statement is:

(1) That Microsoft itself argued in a court of law that IE was embedded in the operating system.

(2) That many Windows apps, such as Explorer and the Help System, use the guts of IE to render content.

This is why people say IE is in the operating system. Because IT IS. No, not from a "I'm a kernel hacking geek" point of view, but from a practical one.

And why does this matter in terms of security? Because when IE gets hacked, it means all those programs that make up the OS environment are now vulnerable, and in many cases, now present new vectors for the attack, and more importantly, hacking IE can present a person with many channels into core OS programs.

This does not happen with Firefox. If you find an exploit in Firefox, you have exploited Firefox.

Insane MS Bashing

[Rac3r5]

Its interesting to see the the insance amount of MS bashing that goes on her everytime a MS related article is posted.

Just to clear the air b4 someone calls me a MS agent, I'm a HW/SW developer that works for a bioTech comany and I do all my development work on *nix.
And no I'm not trolling, I'm just trying to state some facts.

I hear a lot of crying about IE being sucky etc etc. Fine, there are a lot of holes in it that are discovered routinely. But have you guys stopped to think that most of these holes are discovered because the browser is very popular. FireFox is becoming popular and it is starting to get attacked too (I've started to get pop ups in FireFox). But this concept applies to anything, if you live in a house facing a busy street, i.e. main road, your house will be more susceptible to crime, but when you move the same house to a quiet street, the house becomes less susceptible to crime.

About the whining that it comes packaged with windows, I say why not, when you buy a car, wouldn't you like it to come with free goodies instead of you having to pay extra for everything from floor mats to a CD player?
MS Windows also comes packaged with MS Media player, but why are there still so many users of WinAmp? I've been using Winamp for the past 7 yrs. The same thing applies to other pieces of software that come prePackaged with windows and yet has ppl using other solutions. The fact of the matter is if someone doesn't like a product and finds a better one they will go and get it. This even applies to cars, if ppl don't like what they have they buy stuff like CD decks, speakers etc.. The same applies to IE.

Re:Insane MS Bashing

[cranos]

A couple of points, IE is not just bundled with windows, it has been made part of the OS, thus when a hole is found in IE, it is a hole in the OS. Secondly if your main problem with Firefox is that you are getting popups, as opposed to the routine discovery of root access exploits with IE then your laughing.

Re:Gone to the dogs

[Xiaran]

I have yet to see a valid comment about how Microsoft his hiding secret apis from developers. Instead I see this post-apocolyptic wasteland created from your comments and the moderators that are falsely promoting your FUD.

Youre confusing me. You keep going on about the hidden APIs issue and I dont think that was what was being implied... Im assuming you mean this quote

IE is part of the Windows Operating System so that parts of the OS and other applications can rely on the functionality and APIs being present. To be clear there are no Operating System APIs that IE uses that are not documented on MSDN as part of the platform SDK and available to other browsers and any other software that runs on Windows..

You also start the parent post with

Hold on hold on, let me get this straight. You originally said that IE is allowing secret hidden APIs (at least that is what is interpreted from your quote) because there was a security hole that allowed VBscript to load arbitrary ActiveX controls. Yet you failed to give any example of how Microsoft has kept developers from integrating VBscript into their own applications (for sake of argument, we will say Mozilla).

I didnt interpret his post this way and I dont think others did either(I could be wrong of course). I thought that the grand daddy post was making the point was that it was actually a good thing that Firefox et al dont have access to these APIs or else the browser can start accessing things it has no right to access.

Sorry if Im wrong... but I dont think its a issue of hidden APIs that Mozilla cant implmement is the issue. The issue is these APIs are documented fine, but we shouldnt implement them.

As to how this relates directly to the article being discusssed... specifically the original quote. He is arguing(I think) that the idea of intergrating something as netward facing as a HTTP client with core functionality is "stupid".

Re:Automatic Cup Holder

[plague3106]

Actually I blame that on the browser; it shouldn't allow access to objects just because a web developer says they want to.

But as I stated before, MS seems to have 'fixed' this, as I get a permissions denied error in IE when i open the link.

Re:Gone to the dogs

[plague3106]

Getting firefox WILL make you more secure, because one of the larger avenue of attacks is simply gone. You can't create ActiveX controls using script in FF. True there may be other exploits, but one of the larger ones is not there be design.

Given that they purposefully left out ActiveX scripting tells me they are at least learning from MS' mistakes, which creates some trust for them in me.

Security vs Convenience

[Pfhorrest]

Security is, by its very nature, nothing more than making certain things a pain in the ass in order to prevent them from being done. This applies to computers, to the physical world, everywhere. The stronger the security, the less the convenience, and vice versa.

Granted, the degree of inconvenience and thus security is (intentionally) disproportional from authorized users to authorized users - those who have/know the key are less inconvenienced and thus less restricted than those who don't - but there is still the inconvenience of having to keep or remember the key, and to unlock the system when you want to use it. If you use a multiple-key solution, the security gets even better but it's even more inconvenient. That's the nature of the beast.

The only perfect security is to "completely inconvenience" everyone - just kill 'em all, or destroy whatever they're trying to access. The only perfect convenience is to completely unsecure the system. These are obviously unwanted polar extremes, and the solution lies somewhere in between them - where depends entirely on context. You'd just got to find some system which makes certain things inconvenient enough that most security breaches won't be likely.

This could be a combination of physical and digital systems, even - say local login requires no authentiation but remote login is restricted, that way you've got to break the physical security in the building or the digital security over the net, but either way there is some security keeping unauthorized users out.

But if you've got the GP's hypothetical "I want to be able to log in from anywhere and do whatever I want without authentication!" user, then *anything* that will grant their wish will allow *anyone* to log in from anywhere and do whatever they want. There is no solution which could give them what they want and keep any semblance of security. The technology hasn't failed: the specs being demanded are flawed and impossible to match.

It's like designing a house without any locks because those damn keys are just so inconvenient - fine, but don't expect the doors to magically keep people out of the house while you're away. There is no lock that could possibly be created that will keep something secure without inconveniencing the user to provide some sort of key.

Is The Browser Part of the Operating System?

[swm]

Is The Browser Part of the Operating System?

An exercise in misdirection

I think the API's are published

[jesterzog]

Except that Microsoft developers get access to the people who wrote the specifications.

I don't know how accurate your source is, but my friend at Microsoft is quite adament that people working on different products at Microsoft are hardly even allowed to talk to each other. After all the court action in the past, Microsoft's set an in-house policy that basically says that each product team is only allowed to access other teams' specifications that have also been released in public.

Having said that, it wouldn't surprise me the slightest bit if executives make decisions from time to time that completely ignore this policy, if they think they can get away with it. But in the general case, programmers at Microsoft aren't allowed to talk to each other about the internal workings of independent projects except to distribute already published material. I suspect that this would be enforced quite a lot between the Windows/IE barrier, given all the accusations in the past.

Personally I think the bigger problem is getting Windows to stop bundling, loading and using IE at every opportunity if and when it's not wanted. I haven't used Windows seriously for several years, but it can't be that easy to change the assumption that many Microsoft and Third Part applications seem to have, that IE will always be available on a Windows system.

My understanding was that this was the whole issue. If IE were to be removed, many applications would simply break. Windows would also break, since it uses IE's API (which, by the way, is published for any operating system to use) to do so many things.

Is this still a problem? I haven't used Windows seriously for several years now, although to me XP appeared that Windows Explorer and Internet Explorer were still based on the same engine, even when I'd changed my default browser.

Re:THANK YOU

[Doc+Ruby]

Undocumented APIs are APIs that are not documented. Their use by other apps is "cheating". How do you know that MS apps don't call those APIs? BTW, making methods public that aren't to have external linkage is known as "really bad programming", or "unstable hack".

There ARE undocumented APIs

[jonwil]

Depending on which components you consider as part of "IE", there ARE undocumented APIs used by those components.
Some of them have since been documented by microsoft as part of the DOJ decree.
But not all of them.

Re:Hmmm ..

[madcow_ucsb]

I wish I could say that about *any* stack.

All the kernel mode stuff is downright maddening. Maybe I'm just stupid, the whole notion of an IRP just seems like a pain in the ass. Ok so it's asynchronous. The the code to deal with it is huge and if things don't work, it's damn near impossible to figure out *why*.

And, as a USB developer, it boggles my mind that the XP DDK comes with a "simple" USB BULK transfer driver example: it's 8492 lines of code in 6 C files and 7 headers. 2751 of those lines are for Windows PnP support. 1686 are for power management (USB only supports three states! Connected, suspended, disconnected!)

And it does damn near the same thing as the 349 line usb-skeleton.c in Linux (essentially allows simple read()/write() access to a bulk endpoint pair).

Well-designed my ass. We're talking a factor of 24x more code to do the same thing.