IE Developer Responds to Mozilla Accusations 782
sriram_2001 writes "Dave Massy, a Microsoft employee who works on the Internet Explorer team has a response to the Mozilla Foundation's Mitchell Baker's comments. Specifically, he responds to the claim that IE is a part of the operating system. 'IE is part of the Windows Operating System so that parts of the OS and other applications can rely on the functionality and APIs being present. To be clear there are no Operating System APIs that IE uses that are not documented on MSDN as part of the platform SDK and available to other browsers and any other software that runs on Windows..'
MS needs to change windows fundamentally (Score:5, Insightful)
And therein lies the heart of the MS development philosophy. Strictly speaking, that's true, but take something like Windows XP. It's is the ultimate case of the kid who cleans his room, ostensibly, but when his mother checks the closet, an avalanche of dirty clothes and assorted toys and things exlpodes from the doorway. I think MS could learn a lot from Apple, as they always have, and should look into utilizing something like BSD to start over. Obviously, they can't come out and say "our products suck; it takes half a gig of ram just to appease the system tray icons in Windows XP...sorry about that." But some way, some time they will have to move away from Windows as it is today.
Re:MS needs to change windows fundamentally (Score:5, Insightful)
How much RAM does it take to get a system tray icon to appear in Gnome or KDE?
Linux on the Desktop can nearly match Windows feature for feature now, but it can no longer claim low resource requirements while doing so.
IMHO, Mozilla or even firefox is a heavier app than IE. Once running, they're faster (to a trained eye) but sometimes, when pulling out of swap, they will still slug along.
No, the reason to go with Mozilla or Firefox is not performance. It, for me, is everything from reasonable error messages, to being able to control the junk which finds its way on to my machine, to standards compliance.
Re:MS needs to change windows fundamentally (Score:3, Interesting)
I refuse to switch to KDE or GNOME because it's easy to use. Hell I still use FVWM without any fluff and my computer kicks ass.
You can take away the fluff of linux. You CAN'T take away the fluff of windows XP.
Re:MS needs to change windows fundamentally (Score:4, Informative)
I like to see windows pull this trick.
I have / (root of the drive) mounted in RAM! All my apps pop up instantly, (including firefox) Here is how to do it.
http://forums.gentoo.org/viewtopic-t-296892.htm
Re:MS needs to change windows fundamentally (Score:4, Interesting)
How are you monitoring the memory usage in Windows? After booting, Windows XP will agressively swap out unused resources and allocate substantial amounts of RAM for drive caching.
It's tough to figure out what Windows is really "using". I suppose I could try booting Knoppix (without a ramdisk) and WinXP side by side in VMWare to compare how small the footprint can get. I recall Knoppix won't even load KDE without 70MB or so free. I figured that out recently when booting Knoppix with 128MB of RAM.
Yeah, there's the ramdisk again.
Re:MS needs to change windows fundamentally (Score:5, Insightful)
Re:MS needs to change windows fundamentally (Score:5, Informative)
-dk
Re:MS needs to change windows fundamentally (Score:5, Informative)
Now as you do want to run multiple apps, even 128MB isn't enough leeway - but I do get by fine with 256MB.
Re: MS needs to change windows fundamentally (Score:3, Interesting)
Well, 512 millibits would indeed be a joke, but if you meant 'MB' for megabytes, then your definition of 'joke' must be different from mine...
I used to run it in half that, and it worked just fine thanks. When I added a load more, it got a lot faster for editing huge audio files or having lots of heavy apps open, but for general use there wasn't that much difference. I wouldn't recommend using less than 256MB, but it's perfectly comfortable with that amo
Re:MS needs to change windows fundamentally (Score:3, Insightful)
Re:MS needs to change windows fundamentally (Score:3, Insightful)
"Want" and "Tolerate" are quite different things. We "Want" no crashes, but what is "Tolerated" is quite another thing. The space shuttle program has been grounded for 2 years now. Tolerance there, clearly zero. What would happen if that tolerance was applied to air travel?
I expect much of that is influenced by the media. The space shutt
Re:MS needs to change windows fundamentally (Score:3, Insightful)
The only reason we want zero space shuttle crashes is because there are only three shuttles. United Airlines, American Airlines, Continental Airlines, Delta Airlines, and Southwest Airlines have ab
Re:MS needs to change windows fundamentally (Score:3, Insightful)
First of all, the price could be argued, second of all. it seems that you're advocating the FOSS power as a base or foundation for an operating system, rather than apple's talents.
Re:MS needs to change windows fundamentally (Score:4, Funny)
Re:MS needs to change windows fundamentally (Score:5, Insightful)
>First of all, the price could be argued
What's not to favor? I don't believe the price *can* be argued. It could at one time, but not anymore. Once Apple incorporated IDE into their machines the prices have been on par with Intel machines. It's true, it's just the perception of Apples as more expensive that persists. I have a maxed out 12" PowerBook that cost $2k brand new. This is about what I'd expect to pay for a nice Intel laptop with similar specs and is probably quite a bit cheaper than Sony's offering at this level. Apple doesn't offer a $500 WalMart PC, it's true...oh wait, scratch that (and don't gripe: you already *have* a mouse, monitor and keyboard).
>second of all. it seems that you're advocating the FOSS power as a
>base or foundation for an operating system, rather than apple's
>talents.
Where are you drawing the line? If I take this statement at face value, you're advocating homegrown-only [wikipedia.org] development without considering that Apple's talent here might consist of being able to *choose* FOSS power. Microsoft seems to have painted itself into such a corner so that this option is not available to them at all. That's not a good position to be in when your whole stated development methodology revolves around interpreting what customers want. OS X is eating Microsoft's lunch in this regard.
The developer in the article is trying to backtrack out of Microsoft's age-old discourse about IE being part of the OS. Well, now they call it an API, big whoop. Semantics aside, the thing (whatever it's called now) that Microsoft has built to express this API is a security-lacking bug-riddled piece of shit. I don't think anybody would argue that, even if they can't think of a way [www.iol.ie] to change it. Bill or Ballmer should be writing these things, and the fact that they aren't should tell you something.
Re:MS needs to change windows fundamentally (Score:3, Informative)
None of that was remarkable; MS did the same thing when it lifted the BSD network stack for Windows NT. What *was* remarkable...the fram
Re:MS needs to change windows fundamentally (Score:5, Insightful)
I think this is unlikely. The underlying NT is quite well-designed (originally by David Cutler of VMS, amongst others, as I believe), and a reasonably flexible system upon which to develop applications. Microsoft's not going to give it up any time soon. It's what's run on top that's wrong with Windows.
Re:MS needs to change windows fundamentally (Score:3, Insightful)
NT4 came along and adopted the Win95 GUI, and I guess people at MS thought, lets make this a desktop OS as well as a server one. So, much userspace stuff was merged with the kernel and speed and responsiveness did improve. Of course, this means that the original design is 'broken', but on the other hand, if you consider that NT4s design was that you trade speed for stability, then it
Not tied? (Score:4, Interesting)
Re:Not tied? (Score:5, Insightful)
And he also says that IE is indeed part of the operating system 'so that parts of the OS and other applications can rely on the functionality and APIs being present'. Which presumably would mean a bug in IE could affect those parts of the OS and other applications. Which seems to be to go right along with what I thought the Mozilla guy was saying.
As responses go, it's not the best is it?
Re:Not tied? (Score:5, Insightful)
Internet Explorer is not part of the Windows OS (kernel). It does not have a privileged status, and makes use of no extra functionality that is not available to other applications. Internet Explorer is part of the Windows OE. Other applications depend on the libraries provided by it (most commonly the HTML layout engine). The most obvious example of this is the Windows help program, which most applications use. As such, it is not possible to remove Internet Explorer without replacing it with something functionally equivalent (i.e. exposing the same API), unless you expect things to break.
Being part of the Windows OE does not inherently make Internet Explorer insecure, this is just FUD spread by idiots. It does, however, mean that flaws in Internet Explorer are more likely to be important (it is tied into other applications, providing multiple attack vectors for an exploit). Internet Explorer has a large number of flaws (a fair number in design, as well as implementation), and I would not wish to be in the position of having to defend it, but claiming that `it is tied to the OS and therefore bad' is just stupid and undermines any rational arguments that may be proposed at the same time.
Hmmm (Score:5, Insightful)
The guy works for Microsoft, so maybe it is willful ignorance. How else can you explain someone that works on IE from trying to claim it is not part of the OS? Oh, we're going to get down to nit picking. Yes, yes, yes IE is not part of the kernel.
However, Microsoft wasn't too interested in this argument when it was fighting for its life in court, arguing that IE was embedded and could not be removed from the OS.
And now we see, they were right. IE may not be part of the kernel, but due to its use (and trust) by many core applications in Windows, it presents many more security challenges when compared to a standalone app like Firefox.
Re:Hmmm (Score:4, Insightful)
Fact is, IE is a security disaster because it's badly written, not because exposing common rendering components to HTML code in the wild is necessarily a bad idea.
Re:Hmmm (Score:5, Insightful)
Uhh ok, well I wasn't defending IE, but anyway I will on this count. Are you honestly trying to compare a full-featured web browser to libc?
Fact is, IE is a security disaster because it's badly written, not because exposing common rendering components to HTML code in the wild is necessarily a bad idea.
My point was if you have many OS components that rely on this poorly written software and interact with it in a trusted way, you are going to have many more severe security issues than with something like Firefox.
Re:Hmmm (Score:3, Informative)
Re:Hmmm (Score:5, Insightful)
Newspeak (Score:3, Interesting)
But was this case 7 years ago when Win98 came out with the integrated browser? NO. Only now that they've faced anticompetitive presures have they been willing to docu
Re:Newspeak (Score:3, Informative)
Re:Hmmm (Score:3, Insightful)
The IE apparatus is very much a core part of the
what i want from Firefox... (Score:3, Interesting)
by typing \\servername or \\ip address
my understanding was that this functionality was part of the API that is not available? this is the only thing keeping I.E. on my windows desktop.
Re:what i want from Firefox... (Score:5, Informative)
Re:what i want from Firefox... (Score:3, Insightful)
Re:what i want from Firefox... (Score:5, Insightful)
Re:what i want from Firefox... (Score:3, Interesting)
Re:what i want from Firefox... (Score:3, Informative)
I would never use I.E. again if Firefox could do one thing (more), to be able to navigate to other (windows) boxes using my browser (like i can in I.E.)
by typing \\servername or \\ip address
You can! just use "\servername" instead of "\\servername". Works for IP addresses too: "\192.168.0.1" instead of "\\192.168.0.1".
"Firefox" - not just secure, it also saves you typing an extra backslash!"
Re:what i want from Firefox... (Score:3, Informative)
Doesn't work for me.
Looks like I jumped the gun - it works for "\server", but not "\server\share". Apologies for the confusion I've caused :-(
Re:what i want from Firefox... (Score:5, Insightful)
\\servername\dir DOES work
\\servername\c$ DOES work
So the only thing that FF can't do that IE/Explorer can is browse to the server root, \\servername.
Re:what i want from Firefox... (Score:3, Informative)
Re:what i want from Firefox... (Score:3)
IE has nothing to do with \\servername - that's the built-in Windows networking that uses the file explorer capabilities of Windows, not IE.
Pure PR crap, anyway. (Score:5, Funny)
This is not meant to be read by geeks, it's for PHBs. Either that or I'll have some of what he's smoking.
Justin.
i am reminded of the opening of the hhgg (Score:5, Funny)
last nine month."
"Oh yes, well as soon as I heard I went straight round to see them,
yesterday afternoon. You hadn't exactly gone out of your way to call attention
to them had you? I mean like actually telling anybody or anything."
"But the plans were on display
"On display? I eventually had to go down to the cellar to find them."
"That's the display department."
"With a torch."
"Ah, well the lights had probably gone."
"So had the stairs."
"But look, you found the notice didn't you?"
"Yes," said Arthur, "yes I did. It was on display in the bottom of a locked
filing cabinet stuck in a disused lavatory with a sign on the door saying
Beware of the Leopard."
Stop. What's that sound? (Score:5, Funny)
That's the sound lusers make as they get their so-called browsers hijacked and spywared to death.
Dr Seuss explains IE (Score:5, Funny)
And IE is interrupted as a very last resort,
And the address of the memory makes your FireFox abort,
Then the socket packet pocket has an error to report.
If your cursor finds a IE link followed by a dash,
And the VBScript code puts your windows in the trash,
And your data is corrupted because IE and Firefox clash,
Then your situation's hopeless and your system's gonna crash!
Re:Dr Seuss explains IE (Score:4, Informative)
Re:Dr Seuss explains IE (Score:5, Informative)
Here's a link to a copy of the original [tenderbytes.net].
I'm Confused. (Score:4, Insightful)
Re:I'm Confused. (Score:5, Informative)
The two statements bear no relation to each other, other than that they both relate to IE and APIs.
erm... (Score:4, Insightful)
So why not just have an html rendering library and make IE an optional add-on? Plenty of other OS's seem to get by with this approach; I guess that none of them are so hellbent on pushing out a particular product...
Re:erm... (Score:3, Interesting)
OS X has its WebCore and Safari is built on top of that. Anyone in the world could use the WebCore libs and make their own browser out of it.
Same for FireFox... Why do you think Netscape is so easily able to use the Mozilla renderer... because it is a library.
Microsoft's argument for not detaching IE is retarded as the e
IE's Win Connections arethe Problem (Score:5, Informative)
IE is part of the Windows Operating System so that parts of the OS and other applications can rely on the functionality and APIs being present.
Guys, uh guys, that's The Problem.
http://www.eweek.com/article2/0,1759,1776387,00. asp
To sum my thoughts in that story up, you have a gateway, IE, to the Internet that has deep, Inadequately Protected, connections to the core operating system.
IE, in specific, and Windows, in general, cannot be secured.
Microsoft's one seamless whole is really one giant security hole.
Steven
Re:IE's Win Connections arethe Problem (Score:3, Informative)
When we say it's "integrated into the OS", we mean to say that the html rendering engine (mshtml.dll & SHDocVw.dll), along with the simple GUI app that uses these interfaces (IE) are installed with the OS. They don't have "deep ties" or "connections to the core OS"; the Windows kernel has zero knowledge of IE. By installing the html rendering APIs and making them public, 3rd party applications are free to use the rendering engine for their own purposes.
From a web developers eyes. (Score:4, Insightful)
Re:From a web developers eyes. (Score:3, Insightful)
Security is also an issue, certainly. It's less of an issue if you aren't a complete bonehead.
Re:From a web developers eyes. (Score:4, Insightful)
First they follow the standards, then they start to extend them with Microsoft only stuff, then they add bugs to their implementations which they never fix, and in the end you have to do twice the work, once for Microsoft which by then usually has the significant market share and once for the rest of the world which still follows the standards. If you just follow the standards then you get the heavy beating of the users. Most people simply due to cost reasons then do Microsoft only versions and basically cement the monopoly of Microsoft. This is not done due to lazyness but often due to cost reasons.
The last step of this approach is to take over entirely, close the standard, break it in every possible way and put NDAs patents etc.. on it so that nobody outside of the Windows world really can use it.
This tactic has worked with SMB so far, Corba was another thing, OpenGL as well which basically was the base for the first really usable Direct3d version. With HTML Microsoft already has started to do it by not implementing a properly working CSS1 and totally ignoring CSS2 and 3.
They already work on a closed replacement called Xaml which should by pushed by not doing anything they speced themselves in the W3C. They already broke SVG with an incompatible implementation which they called differently and plasted with patents although only a few commands are broken, and the next step on this road probably will be the breaking of the newly specified open document format.
Kerberos was such an issue as well, they added a few bytes to the standard implementation and put everything under an NDA.
So what does this say to you. Dont expect anything from Microsoft, and the last you can expect is some decency and goodwill regarding the usage of standards, they only follow standards as long as they have less than 30% market share.
Also dont expect anything from your users, the average user is not aware of this whole mess caused by them, they just want things to work, the problem is they most of the times want to work with half working soft which has nice UIs and the tag of microsoft on top of it.
Which basically means you run constantly into problems and cannot move towards working alternatives.
If I count all the time together in the last 10 years, I probably have spent around 30% of my working time to navigate around problems Microsoft deliberately has caused and never fixed. The percentage probably would have been much higer if I had not used java and other cross platform stuff in the last few years, which normally just works.
And I am probably not the exception, count towards all developers in the world which have to deal with Microsoft platforms and the problems caused by them and you probably end up with the sum Microsoft has in the bank calculated from the loss of worktime over their deliberate breaking of standards.
So in the end my conclusion is that lots of the earnings by Microsoft are basically indirectly drained from the worktime of others to bypass their monopoly game on the technical side to make things work again. This is not a false conclusion since their non standard conformity tactis have been used by them since the mid eighties on a regular base.
They lied about it last time (Score:5, Informative)
Microsoft allegedly opened up Windows APIs last year... Now, Devos claims that Microsoft's disclosures remain sufficiently inaccurate and incomplete for developers to continue using his own documentation.
Devos claims that Whirling Dervishes has discovered hidden Windows interfaces that are crucial for the development of such applications, but whose existence is denied by Microsoft. Not much change there then, post-lawsuit. These and other interfaces which Devos says should have been part of the API disclosures are used in NSELib, and he proposes to make public full documentation on how to use them.
What are these APIs they found? (Score:4, Informative)
Re:They lied about it last time (Score:3, Interesting)
Given that the shell namespace interfaces (which appear to have been what Devos meant, although he never really said) ARE documented, which is how come people write SOFTWARE with them, and that Devos never actually came up with a single instance of an undocumented API or interface, and that the area is really pretty well explored and understood, and that Devos' products just happened to include Windows API documentation and utility libraries... which he had to persuade people to buy somehow, even with the r
Microsoft Unfairly Competes (Score:4, Interesting)
This is always the standard Microsoft defense. Our products are written with the same API's as are available to everyone else. Everything's fair.
Except that Microsoft developers get access to the people who wrote the specifications. They can influence the specifications to change. In fact, according to a friend of mine who works at Microsoft, they have a tool which highly optimizes their code after compilation, by, among other things, moving the infrequently used code like error handling routines to the back of their DLL's, etc.
The fact that this tool hasn't been released to other developers is proof that they unfairly compete.
Re:Microsoft Unfairly Competes (Score:5, Insightful)
What? How is that unfair? They must document and release all APIs, sure, but all their in-house development tools too? That's quite a standard, and I bet not one you'd put on any other company in any other industry. Assuming those tools use some clever coding and those same public APIs, what's to stop anyone else from making their own super-DLL-optimizer?
I agree with the basic subject of this post ("Microsoft Unfairly Competes"), but this seems ridiculous.
From the blog.. (Score:5, Insightful)
I would have loved to be at the party they must have had when ActiveX went through it's security reviews.
Seriously though, that post was a load of bollocks. But hey, I pity the guy.. in a way. He can't turn around and admit the architecture's a piece of shit.
Complete nonense (Score:3, Insightful)
It's like saying KDE can't work without Konqueror and KHTML. Of course it can, you use Gecko.
Also they obviously mean IE is part of the Windows distribution package. Are they going to say MSN/Windows Messenger is part of the OS next?
Honestly, it is this kind of technical retardedness that stops me using Windows.
Hee Hee (Score:3, Informative)
sub command1_click()
iecontrol.navigate2 text1
end sub
And it was suprising how the security of IE is tied to the address bar and the rendering portion of the browser allowed me into c:, which i wasn't allowed to do in windows explorer. i cant remember if i was able to add/edit/delete files or not though.
Humility (Score:3, Interesting)
I'm sure Dave could have pointed out with glee Firefox recent security problems (IDN, GIF handling ) or update-rollout problems. Can you imagine a Firefox dev not jumping on similar problems with IE and making fun of them?
Re:Humility (Score:4, Interesting)
They are tying like everything to ignore FireFox, while responding to the threat. They will be forced into the next step, but not until we get firefox a lot more popular.
I'm not helping though. I like Konqueror much more than firefox.
Antisocial Engineering (Score:5, Insightful)
This MS developer is lying. I used to talk with people programming VB6, when I was project lead for a big NYC insurance project that MS was hot to get started in the industry through. They would routinely lie to me about internal code paths that were triggering bugs, especially in printing. When I would analyze them into a deductive corner, they would tell me a little truth. Their big mistake was their managers' greed to get into the industry, which put me in direct, unmediated contact with the programmers, combined with their technical inadeqacy to keep up with the discussions enough to mediate them.
I suspect that the MS claims of "national security" interest in keeping their code secret is based partly on the political havoc that would ensue (pun intended) if we could see just how much MS code is written to protect their anticompetitive abuses. The Department of Justice would have a lot to answer for, and it certainly wouldn't stop there. Especially if the ripples could prove how many Congressmembers were bribed to keep their monopoly "remedy" decisions untouched by human hands.
Re:Antisocial Engineering (Score:5, Insightful)
Given the history of Microsoft on this issue I cannot imagine that anyone would take ANY pronouncements of this sort at face value until you can go into Add/Remove and uninstall IE and seemlessly replace it with another browser. If IE is only providing services to other applications in the manner they describe, MS should publish the API so alternatives can seamlessly replace IE.
If somebody from Microsoft is making pronouncements of this sort without first getting them approved by MS and their legal team there are either nuts or looking to be fired/sued. This developer should be viewed as the Mouth of Sauron until proven otherwise.
Re:Antisocial Engineering (Score:5, Informative)
Can somebody - Dave? - point me to the API that let IE4 add a "Favourites" item to the start menu in Windows 95? I don't mean something that was documented last year, I mean something that was documented ... in 1995. I don't think there is such an API. I don't think there ever was.
Can somebody - Dave? - tell me why the IE installer calls the undocumented Extract cabinet.dll function?
As far as I'm concerned this is all very simple. Could Netscape have done to Windows 95 what Microsoft did with IE4? Obviously the answer is no: IE did things that weren't just *adding* APIs, they were replacing core parts of the OS like Explorer in order to add the Favourites menu, Active Desktop etc etc. Dave is full of shit and the sad thing is, he probably believes his own story.
Re:Antisocial Engineering (Score:3, Informative)
I confused (Score:4, Insightful)
Hello? Wasn't this an issue of the monopoly law suit? That it CAN'T be removed from the operating system?
I must be wrong, so somebody please clear this up for me. Can somebody explain this to me in lamen's terms?
Also, he says that the IE development process prevents them from introducing bugs into the software? Then how does stuff like viewing .jpgs become a security flaw? Is it that there development process is just not up to snuff? Or is it the APIs that the use from the operating system that are flawed? So it's not the browser, that's flawed, it's the operating system? That makes me feel better. Also regarding a user experience the difference between the operating system is null?
I confused.
It's not that confusing really (Score:4, Informative)
Ditto MSIE.
IE uses public APIs from the OS. Other parts of the OS use public APIs of IE. Thus IE cannot be removed from the OS without removing or altering the components that depent on it - such as, AFAIK, Windows Explorer (the file manager).
We can question the decision to make other parts o f the OS depend so deeply on IE, and we can question the decision to make that dependency on IE rather than an abstract "web browser API" that could be implemented by other tools. That doesn't change the fact that it's still a part of the OS.
interesting comments (Score:5, Insightful)
Windows Updates (Score:5, Insightful)
Really Dave? Great, so i can use Firefox for Windows updates?
Re:Windows Updates (Score:3, Informative)
Microsoft could, if they wanted to, write a Firefox/Mozilla extension for Windows Update, but there's nothing compelling them to do so right now.
Patches on Security Patches? (Score:3, Interesting)
Come on now (Score:3, Insightful)
And you know why? Because nobody else has developed such an API for Windows. It's not impossible for one to replace IE's API if they really tried. I know that many of the open source software developers are a clever breed, and can work around any obstacle presented to them. It's just that nobody's done it, or even tried to do it that I know of.
So don't whine about not being able to remove IE if you don't have an adequate replacement to prevent many other pieces of software from breaking. It would become a tech nightmare if IE WAS removable, because then every dummy would be trying to uninstall it to hate on Microsoft like all the "cool" people, then be crying for someone to come fix their machine when all their instant messengers stopped working.
I mean seriously, if you hate IE that much, why are you even still using Windows?
I'm a happy user of MS products, but... (Score:5, Interesting)
However, I literally laughed out loud when I read the following comment by the blogger:
As we develop IE we go through very thorough and stringent security reviews to ensure that every change is secure and does not expose the user to attack.
Which version of IE is this?! Nearly every released version of IE has had laughable (keep in mind, I'm not a Linux bigot) security flaws. I'm sorry, but you can't feed the sheep their own shit. They know, they KNOW.
He goes on to say:
The security of any browser is irrelevant to if it is part of the operating system.
That seems to be Microsoft's mantra. However, any security engineer or person with common sense would disagree.
If we are to debate security of browsers then let's bring in relevant arguments and accurate details about different possible attacks rather than rely on the irrational fear that because IE is part of the operating system it must be exposing OS functionality to the web.
Are you fucking joking? There is documented exploit after exploit demonstrating this. People aren't pulling it out of their asses. It's backed by fact, something you appear to be ignoring.
I'm a somewhat-loyal MS customer, but I've got to say I don't like reading tripe like this. What I do like reading is "we're going to fix IE's security model and this is how we're going to do it, what does the community think?".
Perhaps the IE team needs to review their security procedures, because they fuckin' suck hard.
Way to go Slashdot. (Score:3, Insightful)
Great comment: (Score:5, Informative)
Is The Browser Part of the Operating System? (Score:4, Interesting)
An exercise in misdirection
Re:Automatic Cup Holder (Score:4, Informative)
Set oWMP = CreateObject("WMPlayer.OCX.7" )
Set colCDROMs = oWMP.cdromCollection
if colCDROMs.Count >= 1 then
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next ' cdrom
End If
wscript.echo "Automatic Cup Holder."
Then run "cscript filename". Oh my god, Microsoft tied vbscript into a stand alone application on your system!!! Give me a break, mod the parent down please
-dk
Re:Automatic Cup Holder (Score:4, Insightful)
Er...isn't that sorta the point?
Re:Automatic Cup Holder (Score:5, Insightful)
If the "features" are insecure, would you want them?
Re:Automatic Cup Holder (Score:5, Insightful)
User: I want to be able to log in without a user name or a password! Remotely!
Tech: That's horribly insecure
User: I don't care! Its easier that way!
Tech: * finds rusty knife and commits seppuku *
And that, boys and girls, is one of the reasons why Microsoft is the 800 lb gorilla. It understands that users are more than willing to sacrifice security on the altar of 'its easier that way'.
Insecure features (Score:5, Insightful)
There is an old saying: UNIX doesn't stop you from doing stupid things, because that would stop you from doing clever things.
We used to complain that you couldn't do clever things on Windows. Now we're complaining that you can do stupid things on Windows.
Meanwhile, Linux continues happily letting people do even stupider things, and whenever these people complain -- we respond that it's their own stupid fault for not being smarter.
So why is it always the user's fault on Linux, but always Microsoft's fault on Windows? It seems to me that all the recent email worms need some dumbass to actually RUN THE PROGRAM. On Linux, we would say this user was stupid. But on Windows, this user was victimised by Microsoft's insecure operating system? I don't think so.
Security is the reciprocal of convenience, and the developer is simply unqualified to determine what security I need and what convenience I don't.
Re:Automatic Cup Holder (Score:5, Insightful)
But the counter argument being made here is that, yes, Mozilla (for example) could integrate with these MS "features", but doing so would result in an insecure browser.... so probably not a good idea.
I'd venture that MS can't _un-integrate_ them from IE because and bunch of other code (from MS office to Encarta) depends on this functionality.
And I'd further venture that the "..get them fixed.." idea has occured to MS but that this isn't easy to do due to poor design.
And hasn't that been the argument all along?!
Re:Automatic Cup Holder (Score:4, Insightful)
Re:Automatic Cup Holder (Score:5, Insightful)
there are win32 api calls that manage this (you have to implement some other interface in your COM object to get told about security zones), but nobody ever does.
ActiveX is the underlying problem here. They took something that worked in a constrained role -OCX controls for adding functionality to VB apps, and made them -as you note- scriptable by web pages.
the worst part: they dont give up. Even IE6SP2 leaves activeX at "prompted" in the internet zone. Since windows update sites are in that zone, you cannot run windows update without saying yes to prompted downloads. If you disable AX in the internet zone, bye-bye security patches. I despair.
Re:Automatic Cup Holder (Score:3, Informative)
Re:Automatic Cup Holder (Score:3, Informative)
Still not fixed, at least its not fixed as of IE version 6.0.2800.1106
Re:Gone to the dogs (Score:4, Funny)
They bought Macs and are too busy actually getting things done to post here about the latest response from an IE developer.
/. is overrun with Microsofties. (Score:5, Interesting)
The fact is, there are more uninformed people out there than there are informed people (just read the crap in the original article).
Another fact is that there are more Microsoft fans than there are Open Source fans (right now).
So, the intersection of those two groups means that there are more uninformed Microsofties than there are informed Open Source fans.
And those Microsofties, for whatever reason, have decided to hang out on
Get used to it. That's the same way it will be throughout most of your life, unless you restrict yourself to very exclusive groups with very high entrance requirements (/. is not one of them).You can't argue them down. They don't know enough of the material to know how ignorant they are.
I've argued here with people who swore that SMTP did NOT have authentication. Even after I posted links to the RFC's.
Re:Gone to the dogs (Score:3, Insightful)
Youre confusing me. You keep going on about the hidden APIs issue and I dont think that was what was being implied... Im assuming you mean this quote
IE is part of the Windows Operating System so that parts of the OS and other applications can rely on the functionality and APIs being
Re:Automatic Cup Holder (Score:5, Interesting)
Re:Automatic Cup Holder (Score:3, Insightful)
HE IS A LIAR (Score:5, Insightful)
http://www.desktoplinux.com/articles/AT7614463206
Jeremy White (CEO of CodeWeavers) who actually got IE to work under wine says so:
Lehrbaum: Did the issues that needed to be addressed relate to undocumented Windows functions used by the app, or non-API functions and/or environmental considerations expected by the app?
White: In the case of Quicken and QuickBooks, no. For Visio, you can see that the programmers at Visio had used some rather interesting pieces of the Windows API. These required new implementations or new understandings of the Windows API, and a reworking of Wine. For the undocumented API calls, the king is Internet Explorer!
Comment removed (Score:5, Interesting)
Re:It IS part of the OS (Score:3, Insightful)
The reason IE is part of the Windows operating system is because of mshtml32.dll, shdocvw.dll, etc. - System DLL's that explorer.exe uses. Really, all IE does is to wrap the browser control and provide bookmarks, etc.
In all seriousness, this is not a bad thing - it promotes code re-use in the Windows code base and prevents Windows developers from having to continually re-invent the wheel (or browser). The problem is that IE (ahem, the Interne
Re:Careless? (Score:5, Funny)
I see you're trying to counter the open source movement... Let's get started! Would you like to:
-Spell check
-Grammar check
-Print this document
-Connect to Microsoft Office Online
[/CLIPPY]
Re:Careless? (Score:5, Funny)
Who proofreads blog entries? That's like clicking the Preview button on Slashdot.
Re:They are not serious (Score:3, Insightful)