Vista and IE Crash

Someone above slapped your face for daring install Vista in the first place. Technically speaking though, I think Microsoft has painted themselves into a corner by making the stand-alone Internet Explorer behave differently than the web browser ActiveX control (protected mode among other things). For most developers out there, it means the doubling of the test matrix. I don't see the incentive to agree to that.

xlsgen Cheapest, most comprehensive, most flexible third-party Excel generation component on the market. Supports native Excel 2007 file formats. /Shameless plug

What would be neat from Microsoft is the opposite way. There is tremendous value achieved with having a round-trip scenario. A single way however is lock-in, the typical Microsoft.

Hi, I've done some market research and this is a no-go. After all, Powerpoint slides can easily be replaced by web pages. I guess that's what everybody does.

2^20 rows and 2^14 columns per worksheet tab.

Typical clueless defense. Keep voting 1.0s if that makes you feel good, 8-year old boy.

Drivel? Do you even know what the RSS store is before you make judgement?

Try to find something smarter. Touching a .exe is not the same than touching data that ends up in every one's face through the rendering engine. Don't see the flaw? the IE team sanitizes the feed before it gets stored, and then they do nothing before it's rendered on the screen using a web browser that is capable of very nefarious things. Get it now?

Also it's great to see people like you shelling out ton of money to buy your copy of Word. Do you also buy Frontpage?

You are such a smart person. May be once in your life you'll be able to wear a real user hat. What I have been posting about IE7 and the search thing is 1) real 2) exactly what every user will face. Deal with it.

You don't see the vulnerability? Don't worry, keep using Internet Explorer... An example of nefarious purpose is to rewrite urls. Don't see what it can be used for?

...but please, don't use Internet Explorer.

Neither. Since BG announced the "trustworthy computing" initiative and the security threat models are mandatory part of every step of the dev cycle in Redmond, everyone in the team is responsible. Again, this is just bad : a data store without checksums. Even rookies don't make this mistake. IE is supposed to be used by hundred millions usersvictims.

Don't worry, I am self-employed and fire myself from time to time ;) On a serious note though, when a team screws it by introducing new attack vectors, the best you can do is fire them. Or you are part of the problem. You like politics, don't you?

What you seem to forget (or fail to know) is that those responsible for IE7 are the old IE guys, whose team has been rebuilt. So it's a matter of getting rid of dead horses.

Yep, it's criminal to allow an entire new class of flaws (this is just one, the RSS store is a new attack vector). To get fired is not the worse that could (and should) happen to them.

I have found a far worse flaw. You can alter the RSS store without being seen. Details on my blog. The IE team could have added a checksum to avoid that, but they chose not to. I hope they get fired.

WPF is a library for client code. You should then not forget that deployment is part of client code. If you can write a great WPF app, but can't deploy it, why even bother? Well, you can still make the application available for free, and delegate deployment problems to non-paying customers, but not everybody wants to work for free or just a passion. It is virtually impossible to deploy a .NET application reliably on the client. I would not even try to install not just .NET, but what's needed for WTF to work there. Besides this, the WPF runtime won't install on pre-XP SP2 operating systems, and it's Windows-only. Which outrageously limits your potential customer base. Because WPF will be installed by default on Windows Vista, this makes Vista the preferred environment for WPF development. Unfortunately, this thing has not shipped yet, and it will be long before you can assume hundreds of millions users are working with it. I'd instead open up choices by wrapping a drawing layer that can target Flash, WPF, VG.NET, and any other alternatives. I don't know if that wrapper already exists, but that's definitely a thing to look for.

code-frog wrote:

It's because Vista was darned near a total re-write.

An experienced developer cannot see a total rewrite as a good thing from the security standpoint. Quite the opposite, if there is a ton of new code, then there is a ton of code that is set for new vulnerabilities. Also, when you said "near total rewrite", you may want to explain a little bit what you mean. I don't think WIN32 is getting rewritten. You know, there is that thing they call "backwards compatibility"... PS : don't eat too much Microsoft PR, that's unhealthy.

From a deployment POV, Vista brings .NET 3.0 by default on every machine. That is a big deal for developers, so far Microsoft dealt the .NET run-time deployment in shall we say an amateurish way.;P So if you are into .NET, you have a base environment to rely upon. Of course, this environment has a zero user install base at the moment...;) As for GDI+, you are perfectly right, it's not hardware accelerated, and that's the reason why I don't understand why Office 2007 uses it instead of GDI.