Windows 8 Introduces a New Cross-App Data-Sharing System

There's been a lot of attention to the way Windows 8 looks; reader aabelro writes with an interesting look at one way it behaves. The article begins thus: "Microsoft has created a new mechanism for sharing information between applications in Windows 8 called Windows Share. Apps can share text, bitmaps, HTML, URI, files, and other type of data, and the usage scenarios are numerous. For example, the app receiving the information can post it to Tweeter or Facebook[, making] it easy to post information to a social network without actually visiting it." Here's a short (video) explanation at MSDN, too.

mime types

[optymizer]

are obsolete now?

Re:

[gstoddart]

Well, MIME is Multi-part Internet Mail Extensions ... It certainly was never the be-all and end-all of how to work with file formats, just how to send email messages with binary stuff attached.

It's now at least 17 years old. Maybe not obsolete, but there is room for improvement.

The embedded video is Silverlight only

[hey]

I guess I won't watch it.
(Or you can download 312M)

Re:

[im_thatoneguy]

The MP4 will stream. And it's less than 1mbps.

Re:

[bemymonkey]

How exactly? Opening it (the URL) as a "Network Stream" in VLC does nothing, and neither does opening it normally.

Re:

[houstonbofh]

I wonder if they track how many people go to the page and then wander away without futzing with it?

Re:

[moderatorrater]

Probably. It looks like they use webtrends to do their web analytics, and any analytics package worth its salt will give them a bounce rate.

Re:

[shutdown -p now]

To be more precise, it uses HTML5 if your browser supports H.264 HTML5 video. If it doesn't, then it uses Silverlight as a fallback. So you'll get Silverlight in Firefox or Opera.

(same goes for all other videos from //BUILD/)

Android Intents

[bsv368]

I would argue this is not a new idea. The same basic concept exists in Android as Intents [android.com].

Re:Android Intents

[Mekabyte]

I came here to say the same thing. Also, Google and Mozilla are experimenting with making such functionality available to webapps as Web Intents / Web Activities http://webintents.org/ [webintents.org] http://mozillalabs.com/blog/2011/07/web-apps-update-experiments-in-web-activities-app-discovery/ [mozillalabs.com] I hope Microsoft will join the effort rather than making a separate system.

Re:Android Intents

[ToasterMonkey]

I would argue this is not a new idea. The same basic concept exists in Android as Intents.

Windows is so stupidly far ahead of Android and Linux when it comes to sharing rich data between applications, you'd have to have your head deep up your arse to not know that, if you knew anything about this topic.

By "same basic concept" we could also include "open with X" menu entries or registering file types with applications, attaching an 'open' verb to regular files. None of these are the same, and "the basic concept" probably existed before you were born if you want to be that generic.

Re:

[shutdown -p now]

For that matter, doesn't iOS also have something similar?

Re:

[shutdown -p now]

Android's system is very two-way; it allows an internal part of an app (the scanning action inside Barcode Scanner) to be shared with another app, like a library.

You mean, in such a way that it can be accessed implicitly, without user gestures?

Does it, at least, place some requirements on the apps that can thus interact (e.g. both must be signed by the same key, or something along these lines)?

Re:Android Intents

[sourcerror]

It sounds like OLE reinvented for the web.

Only with a stupid name

[transporter_ii]

Try to find out something useful about it by typing "Windows Share" into google (or bing).

Microsoft has a long history of this, as well. Let's call our groups of computers "domains," and our top programming language...let's give it the same name as a top level domain on the Net. That way, our developers will have to weed through a crap load of bad results to find what they are looking for. Developers, developers, developers (throws chair).

Re:

[bill_mcgonigle]

It sounds like OLE reinvented for the web.

This is Microsoft. Every two years they re-invent OLE for whatever is popular.

hmm i wonder.

[Truekaiser]

this sounds a bit similar to dbus. just more desktop & social media oriented.

Re:hmm i wonder.

[Nerdfest]

It sounds very much like Android intents as well, which is one of the big design failings of iOS (from what I understand). Does WP7 have anything this, or is it missing the inter-app ability as well?

Re:

[Truekaiser]

I don't know, i have never seen a windows 7 phone in the wild. it's a rare beast in deed.

Re:

[shutdown -p now]

Does WP7 have anything this, or is it missing the inter-app ability as well?

One of the biggest flaws of WP7 as it stands is complete absence of any inter-app communication for third party apps - you are limited to a few hardcoded entrypoints [microsoft.com] for stock apps only. It doesn't even have what iOS has, the ability to pass files and URLs from app to app. The only way to share data is by uploading it to the "cloud".

Re:

[cbhacking]

It doesn't really. Mango (WP7.5) has something like it, but it's search- or media-oriented. An app can hook into search or into the media hub, but those are native parts of the OS. There's no way for one app to directly call into another app, even through an OS-defined channel.

I know! We can call it Publish and Subscribe!

[island_earth]

It will be revolutionary when it's released [wikipedia.org] in 1991!

Re:I know! We can call it Publish and Subscribe!

[FrootLoops]

That's nothing like this system. Well, they're both generalized clipboards, but in different ways. In Publish and Subscribe, "changes to the original published document would be noticed and updated by the subscribers". In Share, the link between the source and target app dies off as soon as the data finishes transferring. No further updates are sent after the "paste" finishes.

Re:

[catmistake]

I never used it, but was aware of its function. Looked like it would be immensely useful for a team all making updates to some document that was used in other documents. But if it doesn't update my Facebook status, what good is it? -- last part there was sarcasm. Publish and Subscribe is a good idea that helps people get real work done. idk what the Hell this "New Cross-App Data-Sharing System" is supposed to do other than help people waste their lives, and let Microsoft show the world that "Hey! See? We c

Re:

[FrootLoops]

Just because you didn't take the time to understand the potential uses for the new system doesn't make it alright to bash it. One potential use case (among zillions) is to "paste" text into a form email before sending it, using their QuickLinks feature, all in a couple clicks. Or, you could share a picture (or 10) from a photo viewer to a photo editor without going through files. Sorry if I'm coming off angry; I'm just tired of random MS-bashing comments on this story.

What, it took over a decade for this?

[izomiac]

Well, this sounds almost exactly like BeOS's Negotiated Drag and Drop [nyud.net]. I remember Leo Laporte doing an episode of (IIRC) The Screensavers where he showed the BeOS, and demonstrated this by dragging an unsaved piece of data between three or four applications and manipulating it in each. But, all I could easily find was this classic scene [youtube.com] from a demo video demonstrating the concept between Tracker (the desktop application) and the Book application.

Re:

[shutdown -p now]

No, this isn't it. Reading the article linked by you:

In a negotiated drag'n'drop, the drag message does not typically carry the data that defines the object being dropped; for example, if you drop a block of text, the message that is dropped normally does not contain the text that was dragged. Instead, the drag message contains information about the different formats and methods by which the sender application may supply the data to the receiver application, and about which actions the receiver application can request of the sender application.

This is exactly how [microsoft.com] Windows clipboard works already with OLE objects. It has been there since, oh, WinNT 3.1 (1993)?

What's described in TFA, as noted by others, is much more like Android intents.

Re:

[FrootLoops]

They're actually quite different.

Negotatied Drag and Drop requires negotation, where the source and target app "presumably have a common private protocol". However, Windows Share has essentially no negotiation, and explicitly tries to avoid special-case private communication. Here's roughly what happens with Windows Share:

• The user tells the OS "I'd like to share this thing I've (perhaps implicitly) selected from this source program I have running"
• The OS asks the program for the data the user requested, i

Re:

[rvw]

Well, this sounds almost exactly like BeOS's Negotiated Drag and Drop [nyud.net]. I remember Leo Laporte doing an episode of (IIRC) The Screensavers where he showed the BeOS, and demonstrated this by dragging an unsaved piece of data between three or four applications and manipulating it in each. But, all I could easily find was this classic scene [youtube.com] from a demo video demonstrating the concept between Tracker (the desktop application) and the Book application.

BeOS? Or NeverHasBeenOS?! I remember when BeOS was a hype. Has it ever been more than that? Everytime it is mentioned, it seems like some GodOS, which had all and everything anybody could ever want.

Amiga had this?

[damnbunni]

Didn't the Amiga do something like this with ARexx? I distinctly remember someone showing me Lightwave rendering a frame then pushing it to an arbitrary image editor along with some commands to execute on it.

ARexx was primarily for commands and scripting. Maybe they copied the image to the clipboard and referred to it. But the general result was data being shared.

Security concerns?

[Repossessed]

So now viruses can spam facebook & twitter with scam ads?

Re:

[shutdown -p now]

No, they can't, since sharing is always a user-initiated action in this model. There's no way for one app to "force share" with another app behind user's back.

You know, just like any smartphone on the market today?

Re:

[shutdown -p now]

Wait until the malware authors find one. This is a huge entry door and I bet my ass it will be exploitet ad nauseum.

You can't find something that doesn't exist. The argument you're making here is, literally, that providing any way for the user to copy his data anywhere is a "huge entry door" because the malware authors will find some way to exploit it. For one, that's not a given at all, and for another, well now what? are you proposing that, for the sake of the safety of our data, we should just throw away our computers (since, clearly, if we can do anything dangerous with them, then potentially so can malware)?

Re:

[cbhacking]

What's your point? That's already totally possible, assuming the user leaves their browser logged in (equivalent to storing credentials in one of these Social Netowrking apps). Seriously, I realize MS-bashing is popular around here, but stop and thing for a couple seconds before you post.

Re:

[LordLimecat]

Yes, because they totally cant manage that now.

How is this different from Android intents?

[sabernet]

Seriously, it looks like the "Share with" feature in the Android browser as well(which leverages the Intent system).

Not saying it's a bad thing(I love the idea)...I just fail to see how this is a "New Cross-App Data-Sharing System"....heck, if Google tended to play this game as dirty as Apple and MS do, they'd probably be doing a software patent suit by now O_o

Re:

[shutdown -p now]

Is different from what was available in Windows before, hence title of TFA is "new data exchange mechanism in Windows". It's not something completely new, of course.

"short"

[FrootLoops]

The "short (video) explanation" is an hour long. If you just want some demos, they start at about 10:33, 12:19, 14:14, and 17:44.

already have this

[mister_playboy]

I've already got this in my CLI... it's called a pipe.

OpenDoc?

[nbvb]

Welcome to 1992. ... What's the codename for Windows 8? Pink?

The revenge of Taligent.

What's next? Microsoft CyberDog?

Re:

[NJRoadfan]

or Object Linking and Embedding (OLE)...better known these days as ActiveX?

Re:

[pbjones]

Apple Events would have done the same. I loved CyberDog, so sad when it stopped working.

I already have this

[NoobixCube]

Taking data from one program to another? Resharing text, images, that kind of thing? Isn't that copy and paste?

Re:

[cbhacking]

You would typicaly need to manually launch the other app and paste the content in there, but in a generalized sense, yeah, that's what this is. The difference is that it provides a way for an app to say "Share with me, and I will with it." For example, a Facebook app could say "Share Text with me, and I will do a Status Update with it" and "Share An Image with me, and I will Add It To An Album for you".

The ability for either the user or the developer to do things like this is not new at all. What is new i

Re:

[jbengt]

I don't get it. How will the receiving application know what to do with the shared content if I don't open it up and tell it what to do? Maybe I just don't use enough brain-dead apps to understand.

Re:

[FrootLoops]

I think the hope is that it'll be a more convenient and powerful copy&paste. For instance, I write a weekly email containing a list I've jotted down in Notepad. Those notes get injected into a form email before being sent off. Right now, I actually edit a copy of the previous week's email, which works but takes, oh, a dozen clicks/key presses--getting to the sent mail folder, getting a copy of the message up, removing last week's list, and finally pasting in this week's. This way, if my email app is cle

So, dbus, basically.

[Snafoo]

'innovation'

OpenDoc

[mr100percent]

Sounds a lot like Apple's proposed and failed feature called OpenDoc [wikipedia.org]. Or is it more like Metro, and this is like Objective-C?

What could possibly go wrong?

[Animats]

It's yet another publish/subscribe system, of course. The new thing will be that it's "social" or tied to every social network and advertising system within reach.

Hopefully it does not continue the Microsoft tradition of executing anything executable that appears in any data stream or comes in any data port. Microsoft has had trouble with that on everything from Word documents to USB devices.

Re:

[shutdown -p now]

No, it doesn't. If you watch the video, "sharing" is explicit - user has to bring up the system menu, tap "Share", then select the app to share with.

My predictions on Windows 8

[erroneus]

I rendered predictions on Windows Vista and 7 in the past. I predicted Vista to be the next Windows ME largely because of all the features which were removed, the steep hardware requirements and the ridiculous DRM support. Despite the logical reasons, quite a few people modded my comments to that effect as troll -1. Okay. Who's troll now? I also predicted 7 as a "return to Windows XP but with a Vista look and feel." Not too far off. 7 is still different enough that you can't call it a return to XP exactly, but it will "stay" as long as XP has, I believe.

My predictions on Windows 8 are that the industry is pretty annoyed with Microsoft and it will not matter how awesome the new things Windows 8 will have are. Developers will be reluctant to use them with their updates of the current software as they will want to keep doing things the way they did in the past and whether or not it is completely true, they will claim the need for backward compatibility as the cause. IT shops are stuck and entrenched with Windows XP as many have still not migrated to Windows 7 and 64 bit is still a bit of a dream for them. IT shops are simply too occupied with establishing a stable and reliable environment with what was new a few years ago to risk destabilizing things further with what's new tomorrow.

Microsoft's days of "innovating" are pretty much over. The people DON'T WANT IT. What's more, people have long since gotten over the idea that "newer is better" and are more interested in actually getting work or play done than using the newest methods of doing it.

I let the malware share my files

[sl4shd0rk]

It's more stable anyhow.

oh wow

[smash]

they invented pipes?

"the usage scenarios are numerous"

[John Hasler]

And I'm sure the malware authors are studying them intently.

Where have I seen this before?

[ecki]

Right: NewtonOS 2.0, ca. 1995:

http://manuals.info.apple.com/Apple_Support_Area/Manuals/newton/NewtonProgrammerRef20.PDF [apple.com]

Chapters 18 and 19, routing and transports.

Re:

[Anonymous Coward]

When will MS work out that what we really want is a simple, stable platform, not more and more OS-integrated bells and whistles that, by the very nature of software itself, must introduce further bugs and resource consumption.

Not to mention all the wonderful opportunities this opens to script kiddies. Imagine having all your emails posted to Twitbook by the inevitable malware infection.

Re:

[Truekaiser]

Yea that's what i was thinking. it's a interesting concept, but i can't see how they can secure it against such uses as it is designed.

Re:

[camperdave]

When will MS work out that what we really want is a simple, stable platform, not more and more OS-integrated bells and whistles that, by the very nature of software itself, must introduce further bugs and resource consumption.

If they want to get Windows to the point where it is popular, ditch all of the ridiculous embellishments and build a core platform that just works consistently and reliably. We can look after our own bloody social networking.

"But it works with Windows 8, Windows 7, Vista, and XP. What other Operating Systems are there?" - Microsoft.

Re:

[MightyMartian]

Sounds great. So your wife can read posts like "Just opened gaybuttfucksex.avi in wmplayer.exe" "Rewound to 18:55 of gaybuttfucksex.avi" "Rewound to 18:55 of gaybuttfucksex.avi" "Enlarged 18:55 of gaybuttfucksex.avi to 250%"

Re:

[houstonbofh]

My first thought as well. How much trolling will any Google app do with this? {FacePalm}

A fully automated social netowrk

[goombah99]

Cool, now I don't even have to go to face book or read face book to have my digital avatar chat with my freinds digital avatars.

It's a social network. The huge virtue of it is human communication at human speeds. not a data firehose to douse my freinds. The less often I have to visit face book to update it the less social it becomes.

brilliant!

Re:A fully automated social netowrk

[Opportunist]

In the end, your application will tweet and use facebook with your friend's application while you can go and do something entertaining.

It's like buying two chess computers so they can play against each other while you go to the movies.

Re:

[HermMunster]

It's called "the clipboard". OLE!

Re:

[Short Circuit]

OLE has the problem of having to run some other process's code in your own address space in order to read the data. I haven't RTFA, but I imagine that's one thing Microsoft wanted/wants to fix if they were going to do a full platform rearchitecting.

Re:Akonadi

[shutdown -p now]

OLE has the problem of having to run some other process's code in your own address space in order to read the data.

OLE never did that. If you were passed a COM object implemented by some other process, then your method calls would simply be marshaled across processes, in the same way as they are when you e.g. access Word from VBScript (between winword.exe and wscript.exe).

Re:Akonadi

[jrumney]

Looks more like DDE than OLE to me. Hopefully they've fixed the misfeature that makes the whole desktop lock up along with the sending program if the program that is supposed to receive the DDE request doesn't process it right away.

Re:

[HermMunster]

I wasn't saying that it was object linking and embedding. I was joshing. I doubt anyone will use that tech anyway except maybe Microsoft. People are weary of lock in technologies.

Re:

[FrootLoops]

Every time I get close to the meaning of your post it slips away from me. Are you worried about some sort of privilege escalation attack carried out by a malicious program sharing things? A larger code base basically always exposes more attack surface, so I don't see why somebody would bring that up unless there was particularly good reason (which I don't see here). Sharing seems user-initiated in all cases, so such an attack would be awkward. Ah, perhaps shared information could be inspected by a malicious

It's just trolling

[Sycraft-fu]

He's not watched the video, and has no idea how Windows handles security in general. It is just generic Microsoft hate. You see it all too often on Slashdot.

One of my favourite was someone hating on Windows for not offering a way for a browser to run at a lower privilege level... When in fact it DOES offer that and IE does it by default. The poster had, of course, not looked in to it and was just hating on MS.

Re:

[waddgodd]

It's a variant of the MPP attack you can do now, basically, find something shared by system, and append bad stuff to it. Nontrivial in theory, not so much in practice, because of the inordinate amount of things that are running as system that really shouldn't.

Re:

[FrootLoops]

The phrase "MPP attack" appears non-standard (0 Google hits, for instance). As near as I can tell MPP stands for Massively Parallel Processing and a few other esoteric things. What precisely did you mean? And what does appending bad stuff to something shared by the system have to do with admin privileges?

Re:

[KGIII]

I have been a slashdot slacker lately. Wow. Some things never change. I guess, to fit in, I have to hate all things DRM and all things Microsoft. While both may have a history of abuse and causing hardship, neither is inherently evil or bad or even without good qualities.

I am not a fan of either but I am a fan of reality. It is along those same lines that caused me to be a slashdot slacker. Mouth-breathing parrots who cluelessly bash what they can't understand simply to fit in do not make for a good exchang

Re:

[FrootLoops]

Oh, I would love it if computer nerd culture included mechanisms for admitting ignorance. No; ignorance is to be hidden where nobody can see it, where it can quietly mangle your view of reality and the quality of your work. In computer nerd culture, you can make mistakes--how couldn't you when even the best have (by default public) bugs?--but you can never admit a lack of understanding or ask for clarification without sounding too stupid to be listened to. GRARGH, I get so tired of the huge egos that being

Re:

[KGIII]

Rant away... Rant away... It is unique to the group. The only other "group" I see that behave similarly are the politically active or political debaters. The thing is that there are some of us that don't want the echo chamber. Sure it feels good but, really, instead of using what is popular among peers or the vocal why not find what works for your style and needs? Why not allow other people the freedom to pick without feeling a need to opine?

I could throw comments (I see some digression coming) out like, "L

Re:

[FrootLoops]

Why did I post? Two reasons. First, in both cases I wanted the truth--I wanted to see if there was any merit to the vague claims made that I had missed. If so, great; I wouldn't miss similar ideas in the future. If not, their posts would at least be flagged with an element of doubt, and perhaps they would even be flagged as nonsense through some more discussion. For instance, this thread's first comment, which I initially responded to, currently has a rating of 1, and that only because of "Funny" ratings. O

Re:

[KGIII]

Do they realize they have no content, so to save face they simply don't respond? Maybe; I can hope. It's my best answer so far, at least.

That is my guess. I think it may be said in hopes that nobody calls them on it. If they throw enough proverbial poop...

Re:

[RobbieThe1st]

*sigh* See, that's what you are missing with DRM: It's not inherently bad, so long as you, the owner of the machine in question, have complete control over it. If I chmod something on my machine, it may be drm, but it's DRM *I* control. However, have you *ever* seen a DRM system that put the *user* in control? No. Using the car analogy, it would be like having a black-box in your car that would only allow it to drive a certain number of miles, or only start at certain hours of the day... That being said, yo

Re:

[KGIII]

CHMOD. A password. Those are examples of DRM. They aren't inherently evil. Corporations run by ignorant puss nuggets are potentially inherently evil. You could even say compiling and encrypting apps and not giving the source is a form of DRM. That's all well and good - unless one is an OSS zealot who thinks that all companies must adhere to their view. A topic for another day...

And to use your car analogy? I wouldn't buy it. I'd research it before making that choice. It isn't I who is missing that it isn't

Re:

[ultranova]

Why not allow other people the freedom to pick without feeling a need to opine?

Because discussion - or "opining" - is the whole point of Slashdot?

Re:

[KGIII]

Is that discussion? What we have here, now, seems to be though. ;)

Re:

[marcello_dl]

> I have been a slashdot slacker lately. Wow. Some things never change. I guess, to fit in, I have to hate all things DRM and all things Microsoft.

Or you can repeat past gen's mistakes with microsoft.

But people wise up, and will instead repeat past gen's mistakes with apple or google.

As for whatever TFA says, data exchange is a problem already solved by "standards", that worked already in the time when tablets were made of clay. MS is going the "new standard controlled by us as soon as we have enough sha

Re:

[waddgodd]

it was late, it's actually MPI, message passing interface. For some reason, I always call it message passing protocol

Re:

[FrootLoops]

"MPI attack" is also non-standard (20 Google hits, only one source apparently referring to your use of the phrase). Could you simply give an example of what you mean in the context of this particular, new system?

Re:

[FrootLoops]

I can only suppose you're trolling. How could some random (and poorly articulated) complaint about DRM have anything to do with malware and privilege exploits?

Re:

[Grey Ninja]

What part of ethanol fueled didn't you understand?

Re:

[Opportunist]

There are those moments in life when you hit something you're unprepared for, and it shocks you. Like seeing a dead kitten filled with maggots behind the cute one you just picked up.

And this is one such moment! I thought I'd never say that, but now I know there is actually information that I do NOT want to know.

Re:

[KGIII]

Too bad. ;) Information wants to be free.

Re:

[ColdWetDog]

And here I thought apps already had a way to share data.

What, you mean the file system? This is the 21st Century, buckoo. We'll have none of that old thinking around here.

Re:

[martin-boundary]

Potayto, potahto.

If you want to share your photo with a web app through an new interchange mechanism, you'll have to wait until that app implements the relevant function to access the data before you can do the sharing. If you want to share your photo through the filesystem, you'll have to wait until that app implements the relevant function to access your filesystem.

There's no magic, it's all just client/server code.

Re:

[FrootLoops]

Sort of. This mechanism allows significantly more customization of how data is transferred (using the QuickLinks feature or using custom "data import" UIs) than generic filesystem data transfers like what the GP mentioned. Everything is also much more tightly integrated. Rather than saving data from the source app, opening the target app, and opening the data, you can use the share button--much like right clicking on a picture and getting a list of installed photo editors is more tightly integrated. It's mo

Re:

[im_thatoneguy]

Speaking as a WP7 user who uses a similar system already this goes well beyond the filesystem. Here is a real example of how this would work.

You open your photo app and you bring up a photo from facebook. You now want to share this through email.

The Photo App just is holding the photo in RAM after streaming it down from the internet. The Email app has no file to reference.

This lets you reference assigned memory in one app to another without exposing huge security holes since it passes through an intermedi

Re:

[iONiUM]

You just.. Please just stop using the $ in the Microsoft abbreviation.. I'm asking nicely. It makes it really hard to take your point seriously. I know it was all cool and shit a decade ago, but come on.

Thank you.

Re:

[FrootLoops]

I agree. "M$" just seems juvenile and petty to me. Moreover it's non-standard, which is more than a little ironic. When is any other greedy entity with S's in the name or abbreviation spelled with $? $CO anyone?

Re:

[Trilkin]

Funny enough, Penny Arcade [penny-arcade.com] already commented on this... nine years ago.

Re:

[iONiUM]

I made this account when I was 12... Slashdot doesn't allow me to change it. If anything, that's just more evidence on the fact that using the $ is stupid.

Re:

[martin-boundary]

Those who don't learn from history are doomed to repeat it.

(Teal'c: Indeed.)

Re:On behalf of every trojan creator on the planet

[shutdown -p now]

You do realize sharing the data this way requires explicit action from the user, right? He has to bring up the system menu and tap a button inconspicuously labeled "Share" on it, then select the target app.

It kinda helps to RTFA and watch the linked video, so you have some idea what it actually is before posting (this also applies to moderators, BTW). Hint: it's exactly what we've had for 3 years now on Android, only there it's called "intents".

Indeed, the whole point of this feature is to otherwise sandbox the apps completely so that they don't get any access to user's file system outside of their sandbox by default, not even read access (they can get access to standard folders such as "Documents" and "Pictures", but this requires an explicit confirmation from the user). Without such sandboxing, it's very typical for desktop apps to all run under the same account (on all platforms), and therefore their config files - with passwords, history, and other interesting stuff in them - are completely exposed. With a sandbox, like in Win8 (or WP7, or iOS, or - partially, if you forget /sdcard - Android), you need some way for apps to communicate for those scenarios where a task involves passing data from one to each other - and this thing is what enables it while, again, requiring explicit user interaction for every such communication.

Re:

[FrootLoops]

Now I feel like making some random anti-MS rant. Those all seem to be +4 Insightful today.

Did you watch the video or read the summary article? What in the world do you mean by "add an API-call to tweet something"...? You do understand that the underlying mechanism to tweet some line of text from IE would be the same as the mechanism to stick the same text into a word processor, right? There's certainly no Twitter-specific API embedded in Windows' end of this mechanism; that goes only in the relevant target

Re:

[ShakaUVM]

>>What is being proposed here is not new and in fact has been implemented on other devices before.

Right. And as a friend of mine pointed out in her Defcon talk this year, Android Intents are open to a wide range of abuse.

http://www.eecs.berkeley.edu/~emc/slides/SevenWaysToHangYourselfWithGoogleAndroid.pdf [berkeley.edu]

>>But there's one thing we haven't seen you meantioned in your comments, all the supposed keylogging and password stealing.

Just because you haven't seen it doesn't mean it is a massive security

Re:

[FrootLoops]

Just because you haven't seen it doesn't mean it is a massive security threat.

And just because you make a short declarative sentence doesn't mean you've proven your point.

The Intents-based exploits listed (which were only 3 of the 7 total exploits) don't work well here. Android apps use Intents on their own, while with the Windows version the user has to tell the OS they want to Share something. They initiate everything. The exploits listed were also pretty weak. They required a malicious program on the phone in the first place; if they can intercept sensitive data, it's the sending