[dba-Tech] Internet Explorer Data Leakage (versions 6 to 10)

Hans-Christian Andersen hans.andersen at phulse.com
Mon Dec 17 17:51:57 CST 2012


> Yes, so let's have now the subject line changed to stay on new topic of WOA/WintRT "walled garden" approach?

Sure, if that's what you would prefer.

> Yes!  - please notice I didn't criticize Apple's "walled garden" approach, did I?  If I did and I'm missing that my past Apple's criticism now please point me on it.

I wasn't suggesting you did.

> But you can use MS Trident Engine to just have JavaScript compiled and executed as speedy as IE does use it, can't you? And for the rest - rendering HTML(5)/CSS etc. - you can use DirectX working as close as possible to the "bare metal"? Or JavaScript compilation and execution part of Trident Engine is so closely coupled with HTML(5)/CSS rendering functionality/components that it can't be "decoupled" and used as FireFox for WOA component? Or Trident Engine doesn't allow to "hook" executing within itself JavaScript code modifying HTML/CSS to have third-party HTML rendering engine to implement their own HTML/CSS rendering more effectively than IE does do it?

Sure. Like I said, when it comes to my tablet / phone, I am comfortable picking security over convenience/flexibility. I was providing the facts of the situation.

As for whether any of your solutions are technically feasible in WinRT, I do not know, since I do not develop software for that platform and have no intimate knowledge. Also, I do not know whether embedding an IE viewport in your application provides identical performance as with running IE directly. This would be interesting to find out.

> But WOA is a new hardware platform - does MS have any obligations to keep compatibility of any third-party applications for every new hardware platform they (MS) will port MS Windows or IE? Yes, I know MS didn't do well with compatibility even of their own development tools/languages - VB6 being one of the most well-known examples. But WOA is a "different story" in my opinion. I can be wrong. Please feel free to "poke some fun" on my reasoning :)

The issue here isn't about providing compatibility for third party applications. What Firefox and Chromes complain here is that the platform and the API is so locked down that they are unable to effectively port their browsers to it and that Microsoft's IE browser will always have the advantage, due to their access to API's that other Metro applications have no access to. What they are saying is absolutely fair from their perspective (and this is also the reason why Firefox has not ported their browser to iOS). There are no technical reasons why Microsoft couldn't grant access to restricted API's to certain trusted companies, but this is the approach they are taking none-the-less.

Also, the reason we are only seeing these restrictions on WinRT/WOA (and not on Intel platforms) is because Microsoft can use the justification that Microsoft does not have a monopoly in the ARM-based tablet / phone market and Apple does this and they get away with it. This is somewhat justifiable from Microsoft's perspective and is likely what is allowing them to not get in trouble with regulators, but it also means that companies producing software that compete with Microsoft's own solutions (ie. web browsers, office products, etc) are effectively being put at a disadvantage  and this is what they find alarming.

Hope this makes sense. Again, just stating the facts of the matter, not my personal opinion.


- Hans





On 2012-12-17, at 4:04 AM, Salakhetdinov Shamil <mcp2004 at mail.ru> wrote:

> Hi Hans --
> 
> <<<
> The original discussion was about a serious leakage flaw in Internet Explorer and Jim asked if it was possible to run other browsers on Windows 8 and this is how we eventually got to this point in our discussion.
>>>> 
> Yes, so let's have now the subject line changed to stay on new topic of WOA/WintRT "walled garden" approach?
> 
> <<<
> I will, however, some times poke fun at those people who had previously criticized Apple's walled garden, but now praise Microsoft when they are doing the exact same thing.
>>>> 
> Yes!  - please notice I didn't criticize Apple's "walled garden" approach, did I?  If I did and I'm missing that my past Apple's criticism now please point me on it.
> 
> <<<
>  You can embed IE's Trident engine into your browser, but you are essentially just putting a wolf in sheep's clothing. At the end of your day, your "browser" is pretty much a stripped down IE but with your own UI layout and features.
>>>> 
> But you can use MS Trident Engine to just have JavaScript compiled and executed as speedy as IE does use it, can't you? 
> And for the rest - rendering HTML(5)/CSS etc. - you can use DirectX working as close as possible to the "bare metal"?
> Or JavaScript compilation and execution part of Trident Engine is so closely coupled with HTML(5)/CSS rendering functionality/components that it can't be "decoupled" and used as FireFox for WOA component?
> Or Trident Engine doesn't allow to "hook" executing within itself JavaScript code modifying HTML/CSS to have third-party HTML rendering engine to implement their own HTML/CSS rendering more effectively than IE does do it?
> 
> <<<
>  They've spent a lot of time and effort building a browser engine that they believe is better than IE and then they are forced to scrap all that and make do with IE's Trident engine.
>>>> 
> But WOA is a new hardware platform - does MS have any obligations to keep compatibility of any third-party applications for every new hardware platform they (MS) will port MS Windows or IE? Yes, I know MS didn't do well with compatibility even of their own development tools/languages - VB6 being one of the most well-known examples. But WOA is a "different story" in my opinion. I can be wrong. Please feel free to "poke some fun" on my reasoning :)
> 
> Thank you.
> 
> -- Shamil
> 
> 
> Понедельник, 17 декабря 2012, 0:31  от Hans-Christian Andersen <hans.andersen at phulse.com>:
> 
> << tail skipped to get through  dba-VB 20KB  message size limit >>>
> 
> _______________________________________________
> dba-Tech mailing list
> dba-Tech at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/dba-tech
> Website: http://www.databaseadvisors.com




More information about the dba-Tech mailing list