IE8 May Be End of the Line For Internet Explorer 380
snydeq writes "InfoWorld's Randall Kennedy reports on rumors that IE8 may be Internet Explorer's swan song: 'IE8 is the last version of the Internet Explorer Web browser,' Kennedy writes. 'It seems that Microsoft is preparing to throw in the towel on its Internet Explorer engine once and for all.' And what will replace it? Some are still claiming that Microsoft will go with WebKit, which is used by Safari and Chrome. The WebKit story, Kennedy contends, could be a feint and that Microsoft will instead adopt Gazelle, Microsoft Research's brand-new engine that thinks like an OS. 'This new engine will supposedly be more secure than Firefox or even Chrome, making copious use of sandboxing to keep its myriad plug-ins isolated and the overall browser process model protected.'" The sticking point will be what Microsoft does about compatibility for ActiveX apps.
Misleading headline, and ActiveX (Score:5, Insightful)
1. Headline should read, IE8 May Be End of the Line for Internet Explorer Engine .
2. I don't see any reason why ActiveX apps couldn't be sandboxed like anything else. Granted, it has deep hooks into the OS-- but if nothing else, given how beefy computers are going to be by the time IE9 comes out, you could give each ActiveX app its own perfectly compatible virtual copy of XP+IE8 to run on, and just parse the result into IE9 format. Destroy the virtualized OS+browser when the app closes.
Moore's Law makes some problems easy, yay. :)
Re:Misleading headline, and ActiveX (Score:5, Insightful)
Moore's Law be damned. People have been using this excuse for years to write bloated, crappy software. How about for once we don't try to predict the future. Instead, lets write the code for todays hardware. People seem to forget that we have sold way more computers than people in the world... no reason to replace them all to run IE9.
Re: (Score:2, Interesting)
Mod parent insightful.
A browser designed for a netbook ought to run just fine on my aging laptop.
Re:Misleading headline, and ActiveX (Score:4, Insightful)
Exactly..and Moore's law isn't exatly as reliable as it was 15 years ago when talking about a direct improvement to the desktop computers speed.
Re:Misleading headline, and ActiveX (Score:5, Informative)
Exactly..and Moore's law isn't exatly as reliable as it was 15 years ago when talking about a direct improvement to the desktop computers speed.
Especially since it never was about speed, only the density of transistors on a chip. Which, through clever architecture, smart compilers, and good programming can result in more speed.
Re:Misleading headline, and ActiveX (Score:5, Funny)
Yes, especially since the emancipation proclamation was nearly 130 years ago.
Re: (Score:3, Insightful)
Writing software to force people to buy new PC's has been an integral part of Microsoft's strategy for years, it's only recently begun to bite them on the ass with Vista and the credit crunch happening at the same time. People keep forgetting that around 80% of Windows sales come from new PCs pre-installed with the current version of Windows that Microsoft are giving customers the choice of.
Mobile computing educates them (Score:5, Informative)
Do you know what hit them very seriously? I mean the coders laughing to vendors like Opera for struggling not to code CPU and speed dependent stuff?
Mobile computing. It is like ultimate punishment for them. Do you remember those fanatics calling people to ''buy more RAM'' no matter what their issue with memory is? Top of the line smart phone comes with 512MB RAM or something and 400 Mhz ARM CPU. Opera ships 9.5 beta which runs the exact same engine as Desktop version to 256MB RAM having, 200Mhz CPU UIQ3 devices with zero vendor support.
I know some professional OS X developers keeping a G4 Mac Mini no matter how many xeons they have, just to make sure their application runs on low end computers fine. So far, thanks to their wise decision, their software gets good feedback not just from low end but very high end computers too. If it works on low end, it will rock on high end. Trust me, some of the ''cool guys'' out there still couldn't figure this basic rule.
When Webkit proved to work on Nokia S60 Symbian devices and got very good feedback from users, I said Webkit is the future. What mattered was, can the code run under 128MB RAM, completely alien OS? S60 browser proved it.
Re:Mobile computing educates them (Score:5, Interesting)
I always kept saying that every developer should be forced to use a slow machine, at least where compilation and automated tests are not involved. If you sit your butt at a fast box, you simply never notice anything is unacceptable slow.
I've personally caught myself ignoring complaints that a piece of my code is slow and noticing it only after seeing it crawl on a slow machine myself.
Re:Misleading headline, and ActiveX (Score:5, Interesting)
Or even better: let's write code for yesterday's hardware. Not everyone has a computer of today, and the more computers that can use your software, the better.
Re: (Score:3, Interesting)
I see this argument occasionally on /. and always find it more than a bit puzzling: if software that you think is "bloated" continues to be used (and to be sold to people willing to pay for it), then it must be of more value to its users than whatever hypothetical small and beautiful software that you're imagining. In fact, Joel Spolsky wrote a pretty good article called Bloatware and the 80/20 myth [joelonsoftware.com] attacking the very line of th
Re: (Score:2)
Microsoft will rebrand and slap a bunch of blinkenlights on their next browser, and then pay other strategic entities huge sums of money so that those others can shove it down our throats like they're trying to do with Silverlight.
Re: (Score:3, Informative)
When my daughter came home from first day of computer class in kindergarten, she sat down at her computer (iMac G4) she poked around for a few minutes and then burst in to tears. She had a new website she wanted to show us but couldn't find the 'blue e' to get to it. I explained how web sites could be viewed by any web browser. She already had Firefox and Safari in the dock and once I showed her how to type in the web addy, she was good to go. Only have to explain a concept once to a kid, if you catch them
Re: (Score:3, Interesting)
Then again it could be much worse. One girl I tutored used to use the File|Open dialog box in MS Word for ALL her file management. Just goes to show that if you make it possible, someone will do it.
Re: (Score:2)
, you could give each ActiveX app its own perfectly compatible virtual copy of XP+IE8 to run on, and just parse the result into IE9 format
Sure, but what about the initial download + updates. Already in America not everyone can get high speed internet, even a 700 MB ISO file takes a while to download on many DSL connections so how are you going to download this Gigabyte+ browser compatibility package? It takes up about 1/4ths of a DVD so even including it on Windows 8 install media isn't going to really fly unless there is some rapid migration to Blu-Ray which I just don't see hapening.
Moore's Law makes some problems easy, yay. :) (Score:5, Funny)
Re: (Score:3, Insightful)
A company named Apple tried to save itself from the amazingly huge work and tried to modernise and secure MacOS. It took years and a top of the line IT director to admit it won't happen.
Their plan was exactly the same, sandboxed MacOS virtual machines.
They accepted that sad fact, (probably) mailed to their software vendors saying ''We are going with NeXT''
As MS is known for not admitting such facts and keep shipping that biggest PR disaster of all times named IE (I mean it), they may go with your method. Th
Re:Misleading headline, and ActiveX (Score:5, Insightful)
Really? Because it's not clear that you do. Seriously, would it kill people to bring the issue to the surface in an intelligent manner that might benefit those of us who are outside the loop on this? I'm not asking for a thesis but rather a simple dialog that can be researched by people who are interested in learning more about the issue at hand.
Re:Misleading headline, and ActiveX (Score:5, Funny)
Re: (Score:2)
i LOL'ed
Re:Misleading headline, and ActiveX (Score:5, Informative)
Re:Misleading headline, and ActiveX (Score:5, Insightful)
Needing information and having full control over the system are two different things. If all activex needs is the information, then let it have read only access. Now since most activex programs want a lot more then read only access, this will not work. The question is was it lazy programming that required full root/admin access in order to work or something else?
Some programmers feel that unless they have complete control they cannot get anything done. In development this is fine. Once in testing and production stages why do people insist that they still need to run as root/admin? Run as the least privileged level as you can.
Re:Misleading headline, and ActiveX (Score:4, Informative)
Needing information and having full control over the system are two different things. If all activex needs is the information, then let it have read only access.
Which is already enough to be a humongous security breach.
Re: (Score:3, Interesting)
This full admin lazy programming thing drives me nuts.
I did some part time IT work at an agency, and I was severely annoyed when I found out that their booking system REQUIRES local admin privileges to run.
It needed local admin... TO INTERFACE WITH AN SQL DATABASE ON A SERVER.
I intended for all the users to run with limited local rights, since they had a high intern turnover rate and interns can't be trusted... but screw security, some program originally written in the Win98 days still has this idiocy in a
Re:Misleading headline, and ActiveX (Score:5, Funny)
Comment removed (Score:5, Insightful)
Re: (Score:3, Interesting)
Sorry, but when have you seen the last ActiveX anything?
The only plug-ìns that are widely spread are Flash and Java. They both can run as NSplugin. So if IE9 adopts that interface, and maybe another new one, they are good.
Korean websites use TOOOOOOOOOOONS of ActiveX. If you break ActiveX, then you basically break the entire Korean-language internet.
Re:Misleading headline, and ActiveX (Score:5, Insightful)
You can do the same thing with a signed Java Applet. OMG! Java is tightly integrated to the OS!
Re: (Score:3, Funny)
OMG! Java is tightly integrated to the OS!
Yanno, spilling coffee on your computer is generally _not_ a good thing.
Re: (Score:3, Insightful)
Using quasi-mystical language like "deep connections" in a technical discussion is a good sign the person doesn't know what he's talking about.
ActiveX applications have no more "connections" than any other Win32 app.
Re:Misleading headline, and ActiveX (Score:5, Funny)
ActiveX applications have no more "connections" than any other Win32 app.
But I was looking at ActiveX's facebook page and it had like a million friends in common with Windows - isn't that a deep connection?
Re:Misleading headline, and ActiveX (Score:4, Funny)
ActiveX applications have no more "connections" than any other Win32 app.
But I was looking at ActiveX's facebook page and it had like a million friends in common with Windows - isn't that a deep connection?
You're probably thinking of eHarmony.
Re:Misleading headline, and ActiveX (Score:4, Funny)
Yeah, but it's also in an "it's complicated" with Trojans. Kind of a problem, really.
Re:Misleading headline, and ActiveX (Score:5, Funny)
A better technical explanation would be that ActiveX can lick Windows' bellybutton from the inside.
Re:Misleading headline, and ActiveX (Score:5, Informative)
Ever been to Windows update? That's an ActiveX control. How does it get so much information about your computer? By it's deep connection to the OS. ActiveX CANNOT be sandboxed because it needs too many things to be accessible in the OS. Almost all ActiveX components make use of that integration.
XP has not relied on the browser-based Windows Update for several years. I imagine the OS-side Windows Update/Microsoft Update may very well be based on the same code; but it's certainly not being triggered by a visit in a web browser to an external website for goodness sake.
ActiveX needs to die, plain and simple - the past decade has shown how fundamentally flawed the ActiveX concept is. Just think about all the horrible security exploits that wouldn't have happened over the past decade if ActiveX had never existed.
Re:Misleading headline, and ActiveX (Score:4, Interesting)
Even the decade before it existed it was known how stupid an idea it was. Remember this was the time when one of the main talking points about java was it running in a sandbox.
Even a librarian warned me about the danger of ActiveX just proir to it's release (training session on using search engines for academics). I have never understood why it was released. Just when everyone had learned how to disable it they had to turn it back on to get OS updates.
Re: (Score:3, Interesting)
MS have already made and released a sandboxable and verifiable COM.
They called it COM2+ for a while, and then released it as .Net.
Re:Misleading headline, and ActiveX (Score:5, Informative)
A lot of people seem to have little-to-no understanding as to what ActiveX is. It is a plug-in infrastructure based on COM, nothing more, nothing less. It allows for a library to provide a visual component that can be loaded by another application to display content. That plug-in infrastructure was used in Internet Explorer to load browser plug-ins. Those plug-ins run within the browser process under the current user security context. There is absolutely no functional difference between ActiveX in Internet Explorer on Windows or an XPCOM plug-in for Firefox on Linux.
The problem is that in both cases those plug-ins have to have a fairly wide amount of functionality. If that plug-in is intended to display video then it has to be able to work with the video API of the platform in question. As such these plug-ins generally cannot be sandboxed too tightly otherwise they would no longer be able to function and their usefulness of being able to extend the functionality of the browser is lost.
https://addons.mozilla.org/en-US/firefox/browse/type:7 [mozilla.org]
This website lists the XPCOM plug-ins available for Firefox. There are quite a few more if you follow the link to the bottom. If a vulnerability is identified in ANY of those plug-ins a successful exploit will be fully capable of trashing the profile of the current user and there is nothing that Firefox can do to stop it, even on Linux.
Re:Misleading headline, and ActiveX (Score:4, Interesting)
Re:Misleading headline, and ActiveX (Score:4, Insightful)
There is absolutely no functional difference between ActiveX in Internet Explorer on Windows or an XPCOM plug-in for Firefox on Linux.
Except for one crucial thing: IE provides content authors with the ability to advertise ActiveX plugins required to view the content, which pops up the window on the client asking the user whether he wants to install the plugin. And it's damn easy to trick a user into clicking "yes". In a technical sense, it's secure. In practice, because of social and psychological factors, it is a very convenient attack vector.
Re: (Score:3, Interesting)
And Firefox does the same thing. If I don't have Shockwave installed and I navigate to a website that contains Flash content I will be presented with a little yellow information bar telling me that there is content on the page that requires a plug-in and asks me if I want to install that plug-in. Is there any browser that doesn't do this by default?
There's still a difference. In Firefox, if you click "yes", it will send you to Adobe's download page for Flash; but you still need to initiate the download manually, and then run the downloaded installer. In IE, if you click "yes", it immediately downloads the ActiveX binary and executes it, all by itself.
Re:Misleading headline, and ActiveX (Score:4, Insightful)
And then you'll realize that you just reinvented
Re:Misleading headline, and ActiveX (Score:4, Funny)
Last Post! (Score:3, Funny)
Oh wait...
Nope, not webkit... (Score:5, Funny)
...they're going to buy Mozilla. Mark my words. :P
Re: (Score:2)
What a wasted buy. Firefox is dead, long live Iceweasel!
Can't kill an OSS project by buying it.
Re: (Score:3, Informative)
It was renamed IceCat
Re:Nope, not webkit... (Score:5, Funny)
Those fucking weasels. At least they didn't call it LOLcat.
Re: (Score:2)
It's not as bad as "gNewSense [gnewsense.org]". On many levels...
Re: (Score:3, Interesting)
Nokia basically knew (a good guess) that Apple will enter smart phone market and become the ultimate rival to their smart phone business but that didn't stop them from implementing Webkit S60 Browser to near hundred million phones giving Apple the ultimate credibility.
Of course, Nokia is a company which is run by market rules. If there is an opportunity, no matter where it comes from, they will pick it.
Somehow, MS can keep acting like a spoiled kid and keep pushing a technological and PR disaster since firs
Please kill ActiveX (Score:5, Insightful)
The sticking point will be what Microsoft does about compatibility for ActiveX apps.
KILL IT!!!
Seriously. Since IE8 does it, people will just keep using that for the next decade...
If they don't kill ActiveX after IE8, we'll be stuck with it even longer than that. Since it's going to take 10 years to actually die, please start the process now, Microsoft.
Re: (Score:2)
Although I agree with your KILL IT sentiments on principle, in what way are we stuck with it even today?
You don't have to use IE, and if you use windows you can't uninstall it, but you can lock it down so it's less of a security hole.
That just leaves developers...but I don't remember the last time I saw a site that used ActiveX.
I heard that some banks do, though that would be one ghetto bank. And apparently a load of South Korean websites use it, so that's pretty limited damage if it goes the same way as ev
legacy hardware (Score:2)
I for example have a couple of panasonic IP cameras that use it in their internal webserver to display motion video to the end user.
Re:Please kill ActiveX (Score:4, Informative)
In my experience ActiveX seems to be used most often in internal business applications (intranets). When you're on a homogeneous environment it's easy to build for the specific platform. Using ActiveX often allowed for continual updates without deployment issues. Thankfully it doesn't appear to be popular for new projects, but there's a lot of old business systems out there.
Re: (Score:2)
I think the main users of active x in IE are intranet sites/applications.
Re: (Score:2)
I don't remember the last time I saw a site that used ActiveX.
Windows Update?
Re: (Score:2, Informative)
Re: (Score:2)
KILL IT!!!
How can you kill that which does not live?
Re:Please kill ActiveX (Score:5, Funny)
How can you kill that which does not live?
By using sudo: ...
sudo kill -9
Re:Please kill ActiveX (Score:5, Funny)
You've clearly never tried to kill a zombie process.
Re:Please kill ActiveX (Score:5, Funny)
> > How can you kill that which does not live?
> By using sudo: ...
> sudo kill -9
Nope. A process that isn't alive is a zombie. And kill -9 won't kill a zombie. We need a grenade_launcher command. After all, to quote the old Quake manual:
"Thou can not kill that with doth not live. But you can blow it to chunky kibbles."
Plays for Sure (Score:4, Insightful)
The sticking point will be what Microsoft does about compatibility for ActiveX apps.
How sticky are we talking? Sticky like trying to make PlaysForSure compatible with the Zune? [slashdot.org] Sticky like ongoing support for MSN Music? [slashdot.org]
If Microsoft has taught us anything, it's that today's lockin is tomorrow's lockout. The day MS decides that ActiveX no longer serves their purposes is the day that every site requiring ActiveX is out of luck.
ActiveX won't matter (Score:5, Insightful)
Given the compatibility issues that ActiveX has in IE8, then it probably won't matter what Microsoft will do in the future. In all reality no site should be depending on ActiveX. If it breaks without it, then fix the site.
Re:ActiveX won't matter (Score:5, Insightful)
Given the compatibility issues that ActiveX has in IE8, then it probably won't matter what Microsoft will do in the future. In all reality no site should be depending on ActiveX.
No external public facing site should rely on activeX. There is really nothing wrong with internal enterprise apps using it.
If it breaks without it, then fix the site.
You mean build the enterprise intranet application from scratch? When its working perfectly fine exactly the way it is? That will be a pretty tough sell.
Re:ActiveX won't matter (Score:5, Insightful)
> No external public facing site should rely on activeX. There is really nothing wrong with internal enterprise apps using it.
Um, yes there most certainly is a MAJOR problem with internal enterprise apps using it. It means that everyone is chained to running MS-Windows and IE *only* on the desktops and every possible device that connects to that internal enterprise application. Just because you might not have a choice with what is running on the server doesn't necessarily mean you want to have no choice for the client.
Perhaps a company might want some additional choice.
Re: (Score:2)
Actually every single IE plugin uses ActiveX (Flash, QuickTime, Java, etc.) Any future version of IE will likely have some ActiveX support for legacy plugins.
This is also the reason Google Chrome also supports ActiveX.
Thinks like an os, eh? (Score:5, Funny)
Given their history, this could be pretty funny.
Re: (Score:2, Funny)
They're doing it for the lulz.
Re:Thinks like an os, eh? (Score:5, Funny)
WebKit?! (Score:5, Insightful)
"Some are still claiming that Microsoft will go with WebKit"
Microsoft will never allow the browser that ships with Windows to become a commodity. They will go with Gazelle or whatever they develop that's as incompatible to official standards as possible while still being called a web browser engine.
Their goal is lock-in. A standards-based engine would negate that.
Re: (Score:3, Insightful)
If, for instance, MS decided to use webkit; but push Silverlight, you could easily end up with an equivalent situation.
Re: (Score:2)
But they have failed to do lock in, and if they try they will get shut down.
They show signs of learning to keep at when they do well and sell to that market instead of trying to lock in at the puny application layer. By putting an OS on almost every box, they are getting paid to be the gate keeper.
the 1000 year view MS had isn't panning out, and all the people that bought into it when the document was created are leaving MS.
Re: (Score:3, Insightful)
>But they have failed to do lock in, and if they try they will get shut down.
Wrong. They have failed to lock in PUBLIC facing web sites. But they have done a MARVELLOUS job of lock-in for corporate web applications and inside apps with IE. Trust me, I have fought that monster over and over again.
Re: (Score:2)
More likely Gazelle is a ruse, as is interest in WebKit. I wouldn't be surprised if MS attempted a hostile takeover of Opera. Opera doesn't have that much usage share among desktops/laptops, but its share on cell phones and other mobile devices is huge.
They might.... (Score:2)
Their goal is lock-in. A standards-based engine would negate that.
Honestly, I've agreed with you up until now. Spending resources to play catch-up with what Webkit and Gecko have been able to do for years doesn't make any sense at all... unless your goal is to depart from those implementations.
However, I've wondered if someday, the resource logic wouldn't occur to Microsoft, or the trident codebase wouldn't become such a problem that it'd become stronger. They don't need to have their own rendering engine t
Re: (Score:3, Interesting)
> Their goal is lock-in. A standards-based engine would negate that.
True enough, but they are learning of late. They were so hellbent on pushing OOXML they perverted the ISO. But enough people stood firm and resisted so they are putting ODF support into the next Office service pack. We will see if they manage to put a sting into it. I'd bet they won't make it possible to set ODF as the default save format. Or ensure subtle conversion errors force large instituitions to not use ODF as their primary i
Coming full circle? (Score:2)
First, Microsoft tried to make the browser part of their operating system, without paying much attention to security. Now, they're trying to make a browser into an operating system with security first in mind?
Looks like an about-face if you ask me...
Funny how the vendor of one of the world's most insecure operating systems now considers that they're going to one-up the competition with the most secure browser / operating system? I guess they'd have an excellent track record of finding out what not to do...
Re:Coming full circle? (Score:5, Insightful)
``Funny how the vendor of one of the world's most insecure operating systems now considers that they're going to one-up the competition with the most secure browser / operating system?''
I wonder if Windows is still one of the world's most insecure operating systems. Microsoft have certainly been working hard to improve things, which is more than I can say for many other operating system vendors. Meanwhile, Linux user seem to be content pointing and laughing at Microsoft's efforts and pointing out that Linux is so much more secure.
I won't make any claims about which operating system is more secure than another operating system (because I think it is fundamentally impossible to measure, let alone to know), but if I see that Microsoft is introducing things like address space layout randomization and non-executable stacks, I have to wonder why those features aren't in other mainstream operating systems yet. OpenBSD has done a lot of pioneering work already, but when will we see the day that all of Debian is compiled with -fstack-protector and ships with PaX enabled?
Re:Coming full circle? (Score:5, Informative)
Meanwhile, Linux user seem to be content pointing and laughing at Microsoft's efforts and pointing out that Linux is so much more secure.
Because it is. There. I said it.
The relatively simple, understandable Unix security model has a very long history, and has grown gracefully as the strength, power, speed, and ability of the individual computers have. Everything is a file, and all files have the three permissions: Users, Groups, and Other. Each of these can have read, write, and execute permissions. Simple, understandable, easy to enforce. It's so taken for granted as such that it's routinely used in embedded devices (such as routers) where updates are few and far between, yet they are rarely, if ever, compromised.
Compare/contrast that with the Windows security model, where there are actually alternate file spaces within the existing file system. With the Windows API, it's trivial to save a file that's in an alternate namespace and thus cannot be found with *any* normal Windows system call. There are many examples of strangeness like this!
There was a recent article I read about the confessions of a grey-hat programmer... he describes Windows as incredibly complex, labyrinthine, and basically impossible to secure well. He laughed at so-called "security vendors" like anti-virus.
Re:Coming full circle? (Score:5, Informative)
Everything is a file, and all files have the three permissions: Users, Groups, and Other.
Don't forget the sticky bit! Much as one might like to, let's not forget that the "simple Unix permissions" included one Hell of an egregious security flaw.
there are actually alternate file spaces within the existing file system. With the Windows API, it's trivial to save a file that's in an alternate namespace and thus cannot be found with *any* normal Windows system call.
There is no alternative namespace, there are merely alternate streams in a file - named locations for storing meta data. The file is right there in the filesystem, obvious to all. The file data may be a bit hidden, requiring normal Windows system calls to read (just like one uses normal Windows system calls to create alernate data streams), instead of Notepad. Oh, wait, you can read them with Notepad too. What a bunch of FUD.
he describes Windows as incredibly complex, labyrinthine, and basically impossible to secure well.
Vista clearly lost the thread, going for security through complexity, but any OS that doesn't have a read-only kernel is impossible to secure. Any OS that does have a read-only kernel is impossible to patch. No OS can secure itself. Scanning for modifications to kernel bits from a hardware-protected hypervisor is the only way, but as long as "Trusted Computing" is used for evil, we can't get there.
Re:Coming full circle? (Score:5, Interesting)
There is no alternative namespace, there are merely alternate streams in a file - named locations for storing meta data. The file is right there in the filesystem, obvious to all. The file data may be a bit hidden, requiring normal Windows system calls to read (just like one uses normal Windows system calls to create alernate data streams), instead of Notepad. Oh, wait, you can read them with Notepad too. What a bunch of FUD.
This... is actually not the whole story.
NTFS is actually a case-sensitive file system. You can illustrate this by installing Services for Unix. This is an alternative subsystem that doesn't go through the normal Windows API (or the DLLs implementing it) and collection of Unix programs that have been "ported" to it. Once you install this, programs that are part of SFU are able to create files with the same case-sensitive name but different case.
Instead, the reason you normally can't do this is because the DLLs that are part of the Windows subsystem (the one providing the normal Windows API) hides this case-sensitivity in concert with the file system driver. (IIRC, open commands in the driver get a flag saying whether to be case-sensitive or not.) Instead of making calls through the Windows API, you can either use another subsystem like SFU or make native system calls directly (though that interface isn't supported).
Finally, the implementation of the Windows API is such that if you create two files with different case but the same name, only one will be visible through the Windows API, at least with NTFS's implementation of all of this.
This means that if you want to write security software for Windows, to catch malware written by people who know about this hole, you need to make API calls to an undocumented interface if you don't want to require people to install SFU. (Of course, security software does so much other stuff that's even worse that's hardly a drop in the bucket.)
Doesn't microsoft say this about everything? (Score:2)
Others insist that that the whole WebKit story is merely a feint and that Microsoft will in fact be adopting a brand-new engine coming out of its Microsoft Research division. Dubbed "Gazelle," this new engine will supposedly be more secure than Firefox or even Chrome, making copious use of sandboxing to keep its myriad plug-ins isolated and the overall browser process model protected.
Doesn't Microsoft scream "This one's WAAAAAY more secure than the last one!" about everything they release? When has that actually meant anything? Sure, I'd take Windows XP over Windows 95, but it's not very hard to do better than their old lousy products. Making the claim that it'll be more secure than Firefox or even Chrome, that's a bold statement and I doubt they'll be able to back it up. Plus all the security in the world is useless if the thing doesn't conform to any web standards.
Also, are they chang
Re: (Score:3, Informative)
Gazelle [microsoft.com] is from Microsoft Research, and their paper discusses the details of the security model - it's not just a marketing claim.
The idea is that every 'origin' (basically a domain name, which is used as the basis for access control in all modern browsers) is separated into its own sandboxed process. If a page on your domain embeds an iframe from an advertiser's domain, the iframe is rendered in a separate process, and all communication is handled through a Browser Kernel which enforces the security con
IE8 may be end of the line for Trident (Score:5, Insightful)
Re: (Score:3)
And when they click on "the internet", a window pops up that says Internet Explorer on the top, and probably takes them straight to MSN, where they can check their email through Hotmail. It's all part of the MS brand, and they're not about to toss any piece of it.
Good marketing is a lot like whale hunting - you might not notice one or two small harpoons/eleme
Netscape do over (Score:2)
It may contain a core of truth (Score:2)
IE has failed to do what it was designed for, dominate the standards. Internet Explorer's aim was to change the standard from the open w3HTML to MSHTML and use it to bind "The Internet" to Windows and Microsoft as its Autocrat. Now with the rise of Firefox and open standards another attempt to control the standards will only break old (IE-only) sites therefore MS has decided to throw in the towel(or so is the theory) and stop working on its rendering engine. The use of Webkit is probably because it's a wide
Re: (Score:2)
Gecko is licensed under MPL, GPL, and LGPL -- two of these allow you to use it in closed-source software.
Browser as a milli-application (Score:2, Interesting)
http://blackfiber.wordpress.com/2008/07/06/the-web-browser-as-a-milli-application/
I am obsessed with microkernels. This idea's been in my head for years, since I looked at how KDE sandboxes Flash and thought, "Hey, this should be for every piece of the whole application!"
Web Brower Like as OS? (Score:2)
>Microsoft will instead adopt Gazelle, Microsoft Research's brand-new engine that thinks like an OS.
Great, just what we need, a single-platform browser that thinks like an OS- something that will further guaranteed web "sites" designed in a manner that will only work with MS-Windows and their own browser. Been there, done that.
Nobody Will Use IE By Version 9 (Score:5, Interesting)
I would also argue that a lot more 'dumb consumers' (people like my parents) are buying Macs now to be trendy which will help IEs market share drop.
Also has anyone used IE8 yet and tested sites out on it? I've used it and it rendering engine is pretty terrible, even when set in emulate IE7 mode which then introduces a complete new set of rendering bugs.
Hypothetical news? (Score:5, Informative)
The author is effectively saying his story is not credible! Slashdot is supposed to run with a hypothetical situation about IE8 demise instead of commenting on real news? It should be fun scanning through these comments to find out who bites (not the big one
Russian Roulette with a Fully Loaded Gun (Score:4, Interesting)
This is obviously a dream, but it would be nice to have some sort of standard system for Internet Cloud and Browser software and hardware not unlike the telco and cellular market. There would still be billions to make for all of the Tech companies.
Re:Russian Roulette with a Fully Loaded Gun (Score:4, Interesting)
The .Net framework is very closely tied to the IE engine
In what way is .NET tied to IE? WPF doesn't use Trident at all, and that's the only thing I can really think of that might be in .NET that could be tenuously tied to IE. So what am I missing?
ActiveX Must Die (Score:4, Insightful)
The sticking point will be what Microsoft does about compatibility for ActiveX apps.
No sticking point... ActiveX needs to die.
What will they do with ActiveX? (Score:2)
Hopefully they'll do the right thing: deprecate it as of IE8's release, so people have plenty of warning, and start releasing tools for those still stuck with it to migrate it something perhaps not quite so fundamentally flawed.
"myriad plug-ins" Heh, yeah right (Score:3, Insightful)
"This new engine will supposedly be more secure than Firefox or even Chrome, making copious use of sandboxing to keep its myriad plug-ins isolated and the overall browser process model protected.'
IE doesn't have any plugins, does it? At least, if it does, they're nagware garbage compared to the truly myriad plugins for Firefox. Really, if it wasn't for FF add-ons, I doubt it would have even a half percent share.
How to make 30% of planet hate a browser? (Score:4, Interesting)
Have a stupid blogger who could say things like ''This new engine will supposedly be more secure than Firefox or even Chrome''
That is 30% of entire Web browser market, you have guaranteed that they will do everything to joke about your code without being even released to public.
Also very advanced coders who are talented enough to work on Mozilla or Google will come up with real information debunking your allegations. They may ask a very basic question: ''How can people review your code?''. Mozilla, Google and even Apple has answer, you don't.
Clippy? (Score:3, Interesting)
Enterprise pipe dreams (Score:3, Insightful)
By the time IE8 is EOL'ed, I hope ActiveX will be long gone.
Just like COBOL is.