IE7 to be Pushed to Users Via Windows Update 608
dfrick writes "CNET is reporting that IE7 will be pushed to users via Windows Update. This has serious implications for e-commerce websites whose functionality might be affected by any bugs in the software. Also to have end users suddenly using a new browser right before the holiday shopping season could magnify the cost any bugs that might create a bad user experience on sites."
Another Get Firefox day coming soon... (Score:5, Insightful)
Developers (Score:3, Insightful)
-Ed
They will push it. (Score:4, Insightful)
Okay... on a more serious note, I actually (don't flame me) like Windows XP. It is incredibly stable on my PC. But it is Microsoft style to push their products onto users my force. So my bets are on MS putting this out as a critical security updates.
I'll give 2 to 1 odds. Who's placing a bet??
Re:Another Get Firefox day coming soon... (Score:5, Insightful)
Re:Does it make it the default browser? (Score:2, Insightful)
Control Panel -> Automatic Updates -> Turn Off Automatic Updates ( or select "Notify Me but don't automatically download or install them")
By default, I have automatic updates turned off since I consider M$'s automatic updates to be a nuisance.
Re:Developers (Score:4, Insightful)
Good... (Score:5, Insightful)
I for one welcome this. IE6 sucks. Badly.
IE7 has a few problems, but the faster IE6 dies, the better.
This and as a web developer, I hope the bugs associated with pushing this app out will create a bad user experience and force developers that rely on hacks and nonstandard practices to get screwed over. I've had several sites I use not work with IE7 and the simplest has been because their simple javascript that detects IE versions tells me I need to use IE5.5 or greater. I've had others not work with the activeX controls because of new security models (or so I imagine).
The sooner developers move towards standards the better. IE7 is a good push towards this goal, and having it pushed out buggy and forcing developers to address the idiotic IE Only Features is just another milestone on this route.
Backfire (Score:2, Insightful)
Re:Really a problem? (Score:4, Insightful)
What's the problem? (Score:5, Insightful)
As for the ecommerce sites being broken, it's not like they haven't had time to check to make sure their sites work in the new version. When the first beta came out, even I checked to see if there were any problems with my sites. I didn't fix them straight away, but I made sure to note down where the issues were for later repair.
Makes sense (Score:5, Insightful)
It makes sense. IE6 is obviously a critical security vulnerability, and apparently it can't be fixed without IE7 (I doubt IE7 will actually "fix" the problem, but it'd be pretty hard to make the situation any worse at this point).
The sooner *any* versions of MSIE go away (even if they're only replaced with new versions), the better, IMHO.
Re:Developers (Score:5, Insightful)
Re:Backfire (Score:2, Insightful)
Re:Developers (Score:5, Insightful)
What is the issue? (Score:4, Insightful)
If sites are not using W3C standards for development then they should know that they can't expect compatibility with browser updates.
Blame the web developers.
An update to Internet Explorer is critical for security reasons and shouldn't be delayed because some developers are idiots.
The same issue occured with XP SP2. Idiot developers using non-standard APIs had issues in their software.
Re:My favourite quote: (Score:5, Insightful)
I seriously doubt it will end up on 90% of the worlds' computers.
First off, Microsoft is releasing a tool that will allow businesses to block the upgrade, and you can be sure that after the problems with other forced rollouts, business is taking a wait-and-see approach.
Second, its to little, too late. Firefox already has more than 10% market share, and as people continue to use it, they get used to not using IE. Case in point - I asked a friend of mine to check out one of my sites using IE. After talking with him on the phone, and checking 3 or 4 times "You're sure you're using Internet Explorer, right?" - it turned out that he was so used to using Firefox that it had completely replaced IE in his mind for "connecting to the internet"
Third, WGA is going to be mandatory for downloading the final version of IE7. What's the piracy rate for Windows XP again?
I like your favourite quote and I hope M$ dies... (Score:4, Insightful)
I manage around twenty websites for businesses around my state for some spare pocket money each month and all of them are xhtml1.1/css2 compliant (w3c) with a large hacks section for each to get them to work in ie6 (and in the case of one ie5 through 6) and instead of a nice easy integration with Vista coming with ie7 out of the box and a steady stream to xp users I'm being told it will all come in one hit in less than six months? Fuck that. Maybe M$ (and the general web community) has forgotten why we, the web developers, pushed so hard for Firefox in the first place - it wasn't fancy tabs, it wasn't speed, it wasn't popup block...it was the fact that they gave a damn about web standards - and they expect us to learn all of the quirks for ie7 and hack up our sites for them while it's still in beta but that's just not going to happen for many of us.
Though that isn't what really scares me, what scares me is none of the company's I have done websites for and also maintain for will understand the implication of the sites needing recoded until customers start complaining. I can put that number, personally, to about thirty five businesses phoning up and complaining that their sites don't work which will a) not be their fault and b) be my fault for selling them a broken site which leads to two problems 1) they wont want to pay for the update and 2) I lose my god damn holiday or I lose my reputation if I tell them to stuff off. Worse still is that many of these are reasonably large sites so fixing and testing them all in that time frame is just going to hurt.
So I'm pissed. Vista, DRM, selling out free speech in china, what ever
I see this as a good thing, honestly. (Score:3, Insightful)
I suppose it's that bias against Microsoft in general that makes this a bad thing.
Re:Force-Feeding (Score:2, Insightful)
Every e-commerce site is going to be IE7 ready before it's released. There will be glitches, but with millions of customers at stake, they'll be solved pretty damn quick. (Of course, they may well break other browsers in the process, but that's another matter and MS will just try not to gloat about that too much.)
Genuine Advantage Rears It's Head Again (Score:5, Insightful)
As it turns out Microsoft isn't that benevolent. You run smack dab into a check to see whether or not you've installed Windows Genuine Advantage. I haven't. My copy of XP is perfectly legal and has never touched another computer. But I still am not comfortable with my computer calling Microsoft every day telling them what a happy customer I am, so I have no intention on installing it in the near future. Call me paranoid, but any software from Microsoft that will be doing any sort of hidden connection and any sort of transmission of data that I'm not allowed to monitor or check on crosses a boundary for me. Today it's that my copy of Windows is legal. Tomorrow it's what my favorite websites are. The day after that it's what DVDs I stick in my hard drive. But we've all heard this rant, so I'll just move on.
I hope somebody brings this up within the tech community or in the blogosphere. It doesn't seem kosher to have to install spyware in order to get my legal copy of Windows to behave like I'd like it to. Oh well, time to go buy a MacBook Pro.
Link:http://www.microsoft.com/downloads/details.a
Re:Another Get Firefox day coming soon... (Score:5, Insightful)
The problem will be solved when either it's by default or they provide a clickie in the preferences panel to change it. In the mean time, it's simply a fix for those who know it's a configuration issue instead of a run-of-the-mill memory leak.
Re:Windows...still... booting... (Score:4, Insightful)
Interesting. My computer has 4 gigs of RAM and uses only 200 megs or so at boot. Never had it use a gig, or close to it, even when IE was my primary browser. The pre-loaded DLLs don't store IE's cache.
Re:Backfire (Score:5, Insightful)
Oh, it's the "major website admins" who block non-IE browsers, then? I could have sworn that was opnly something 12-year-olds, and deluded MS fanbois do.
Re:Developers (Score:3, Insightful)
Business trumps standards thumping on the web. That's why we are where we are.
Re:Good... (Score:3, Insightful)
Good call Microsoft! (Score:2, Insightful)
Fantastic! Finally web-developers can start thinking ahead and start using PNGs and other features that were a living hell to implement on IE6!
Yes, they are probably just trying to win back some market share from Firefox, but I still feel this move is going to benefit the world.
I'm just hoping people will say YES to this update :)
Re:Developers (Score:5, Insightful)
The argument here isn't idealistic or puritanical or religious - it's practical. CSS allows web developers to effectively separate content and presentation, which in turn allows for more efficient development. It's not about laziness either. We web developers have finite time. We either spend that time working on new features/content/layouts/whatever, or chasing down 4 year old bugs in IE.
Take as an example a group of mechanical engineers plotting designs for a car. Group A favors one brand of mechanical pencils. Group B favors another. An astute engineer might attempt to settle the matter as you do: "all mechanical pencils have their quirks." Unfortunately, group C is using crayons that are worn nearly to the nub. IE is a crayon that is worn quite to the nub.
To write off the pitiful state of IE's HTML, CSS and javascript support as "quirks" is to let MS off the hook. They leveraged their monopoly and "won" the browser wars. Having done so, it appears that they intend to use their dominant browser in order to defend their Big Two products by retarding the progress of web technologies indefinitely.
As a side note, why does "realist" now refer to people who give up on ethics (and other such long term concerns) for short-run gains?
We can call it good and we can call it bad... (Score:5, Insightful)
Good
Security is much higher than IE6
IE7 supports CSS and XHTML 100 times better than IE6 so sites can start using them
Too many people still use IE6, and IE7 is better than sticking with IE6
Bad
Sites that use some of the 'old' IE6 hacks to make stuff work, will break
--- Actually, that might be a good thing
Companies that have used 'old' IE standards instead of moving forward with
compliance like XHTMl and CSS will face problems if their work arounds
Assume that IE7 is just like IE6. So some web sites need to be testing for
IE7 Now.
I think the good does out weigh the bad, as it will push users that are still using IE6 to get a more standards compliant browser. And it might even educate some of them, so they understand their browser has changed and explore other browsers as well. It will probably help Firefox downloads even.
The other thing this article seems to miss is that IE7 'will be forced' on users in Vista as well, so this will be good for Web Sites to get ready for the Vista Launch, because Vista simply does not do IE6. (And IE7 in Vista is like the stupid cousin, as it runs in protected mode on Vista, several levels below the user's own security even.)
MS has made a lot of big press about IE7, has supplied what it does and doesn't do to developers and beta testers for a long time now, and any reasonable web site administrator or developer should already be ensuring that their sites doesn't assume IE7 is as stupida s IE6 and make things fail.
It would be different if the IE7 list of supported standards, and testing of the Browser itself was not widescale. It has been available almost a full year before its release date, and if that is not enough time for web sites to rip out the crap IE6 kludge code, then maybe this will be a wake up call for them to do so.
MS fek'd up bad with IE6 and I still don't like that IE7 still maintains some backward compatibility for the IE tags, (hence why it won't pass the ACID2 test), but IE7 is the first push from Microsoft to support standards that are not only MS standards, and if anything we should welcome Microsoft and keep encouraging to do the right thing. (It might actually work.)
So in the end, we can start using more advanced CSS and XHTML concepts in the next year without having separate coding to make it display properly in IE6. We can also just send the users to Firefox or the IE7 download site and finally write sites like we should have been doing for a while now but couldn't because of the widespread use of IE6.
Re:Another Get Firefox day coming soon... (Score:5, Insightful)
TFA Makes No Menton of Breaking Commerce (Score:3, Insightful)
The implication from the summary is that IE7 breaks online shopping, but gives absolutely NO evidence towards this.
And even if there were an issue with certain sites, they've got MONTHS to fix it before the big shopping season. Is that not enough notice? Maybe Microsoft should just hold the update until January, or would that affect Valentine's Day websites? They could it 'till March but what about all the April Fool's websites that might break?
This is a great example of the OSS world using FUD to slam Microsoft, while they complain about the FUD that Microsoft spreads.
Re:Another Get Firefox day coming soon... (Score:5, Insightful)
Clearly No lesson was learned in the courtrooms... (Score:2, Insightful)
M$ obviously still thinks it can use it's dominance on the desktop to promote other software - which it certainly should NOT do by means of an automatic rollout even if it later asks after it has already been downloaded!
Re:Another Get Firefox day coming soon... (Score:5, Insightful)
All this coming from someone who DOES dislike the my-broswer-makes-coffee-too mentality so common today. But really, why do you single ActiveX out?
Re:I like your favourite quote and I hope M$ dies. (Score:3, Insightful)
The IE7 beta has been out for ages. Beta 1 was available at the end of July last year. The public beta started about 6 months ago.
Don't blame MS for them not knocking on your door and telling you.
Re:Another Get Firefox day coming soon... (Score:4, Insightful)
Re:Another Get Firefox day coming soon... (Score:2, Insightful)
Do you have any idea how absurd that statement sounds? You're complaining that you have to kill FF every few days?
Re:Another Get Firefox day coming soon... (Score:5, Insightful)
The difference with FireFox extensions is that they can't be embedded in a web page; you need to download them and install them manually. You will never visit a site which requires a particular FireFox extension (running with the same privileges as the rest of your applications) in order to navigate.
Now COM is an idea I like. It's a logical extension of the VMS Common Language Environment from procedural to pseudo-OO languages. The problem is not the underlying technology, it is the deployment. If ActiveX controls were run through something like systrace, which would validate arguments to system calls and block any that didn't match a fairly restrictive security model, then it would be fine.
Re:Another Get Firefox day coming soon... (Score:3, Insightful)
Re:I like your favourite quote and I hope M$ dies. (Score:2, Insightful)
XHTML 1.1 isn't allowed to be served as text/html. Internet Explorer 6 can only understand text/html. I assume you are serving XHTML 1.1 as text/html against spec? It's kinda hard to take you seriously complaining about Internet Explorer's lack of compliance when you don't comply either.
No. They've been releasing betas, which you can use to check for compatibility, and there's no way everybody will upgrade all at once. But if you've done your job and checked for compatibility, why would it even matter if everybody upgraded all at once?
You appear to be really immature when you call Microsoft "M$".
You mean you've sold them a website without explaining to them what your policy is on future versions of browsers? Without putting something down in writing?
Imagine you weren't a web developer for a second. If you hire somebody to build you a website, it seems like a perfectly reasonable expectation to get something that will simply continue to work. If you didn't explain to them that this is not how websites work, then you didn't do your job when you initially took the work on, and it's simply taken until now for your corner-cutting to incur costs.
When you build websites, you need to explain these things to clients. What browsers are supported, your policies for older and newer browsers, when a bug is something you fix without payment and when they need to pay you to update the site. If you don't do that, you're a cowboy coder, not a professional that can be trusted.
If its serious they should take it seriously (Score:3, Insightful)
Beta versions have been out for a while now. Even IF the application worked so differently then previous versions that it would affect your site your:
a) Making a website that hardly works on any browser (including old versions of IE)
b) Not taking your job seriously. If your job is to manage this sites that will be affected by a new browser version you should have all ready started your testing a year ago.
c) If you are not capable of a and b then I'm willing to bet your site has more serious problems to worry about then the 5 people a week that go to your site to begin with.
Re:Thank you (Score:3, Insightful)
Firefox, Opera and Safari have generally working box-models. IE6's box-model is horribly broken. IE7's box model is generally working. All the hacks that people put in for IE6 are consequently going to get screwed when MS deploy IE7.
Dont get me wrong, I think it's good that MS are fixing all the problems with IE6, but this is not the way to go about it.
Re:Another Get Firefox day coming soon... (Score:5, Insightful)
2. I actually discovered one of the first activeX security holes, way back in 1999.
The problem with AX is that it is really Ole Controls, OCX, upgraded for the internet era. OCX was nice, a version of Visual Basic (VBX) controls that was language neutral. Their goal was to make it easy for anyone to embed their controls inside their apps, and so have fancy apps with less coding. Classic Java Beans were sun's ill-fated attempt to copy this. VBX and OCX were probably the enablers of the best market in re-usable client-side components. Want fancy reports in your app? Crystal Reports OCX. Want good database access? Use the db access controls that ship from MS. OCX was a really nice design.
The trouble with ActiveX was that they turned the web browser into a container, with the ability to download and run any activeX control. By default, all OCXs that are installed on a PC are enabled for use in IE, even though they were never written for the assumption that their caller was trusted. There's nothing wrong with an OCX to be embedded inside a C++ app letting you open files in the local filesystem. delete files there, overwrite things. But have some random javascript do that and your box is owned. Most emergency patches by MS and PC manufacturers is for built in controls. to mark them as unsafe for scripting, or to mark them as revoked.
Failing one: ActiveX is only secure if the controls are designed to be called by untrusted people. Even if the controls arent scripted, they can still take params which can be malicious and read/write illegitimate files. Example: windows media control lets you pass in a path in the local filesystem. Script doesnt have access to the contents, but you can work out if the file is present or not. It is leaking information.
Auto control download is the other problem. AX controls are pulled down, their signature verified. There is no sandbox, so the system is built entirely on the model that the people who write the controls are well meaning. The spyware industry showed the lie for that.
Failing two: there is no sandbox for control.
Now, for a few hundred dollars verisign will sell a cerificate in the name "Microsoft requires you to install this component.ltd" and that is what appears on the click-here-to-be-0wned dialog.
Failing three: the vendors of certificates are more interested in certificate sales fees than the safety of the box. If verisign took some financial hit for every bit of spyware they signed off, things would be different.
AX controls are usually written in C++, which is one of the C/C++ family of 'buffer overflow enabled' languages. I know I always get marked down for flame baiting when I say that, but the truth is while compentent people can write really secure code in C/C++ (eg. Apache HTTPD, openSSH), too many developers are in a hurry that ship something that just about works on the deadline required. Because AX controls are not in a sandbox, every single attribute and method has to be treated as something that a malicious piece of javascript can call.
Failing four: the lack of a sandbox forces AX developers to write secure code, and they don't appear up to the job.
If you find a security hole in an active x control, it can be rereleased, a new
failing 5: its nearly impossible to stop malicious sites pushing out buggy versions of other people's AX controls.
Re:Force-Feeding (Score:1, Insightful)
Re:I like your favourite quote and I hope M$ dies. (Score:2, Insightful)
Please lower the anti Microsoft tone (Score:3, Insightful)
Can we tone the advocacy down a little?
This somehow suggests that this is a bad idea and that it is different from what Microsoft has done in the past. Well IE 5.5, IE 6, IE 6SP1 were all critical updates.
What is more, this is straight editorialising on the part of the submitter or the editor. This isn't a case of a sensationalised article that is being posted on slashdot, the sensationalisation is supplied by the submitter or the editor.
I'm hardly a Microsoft fanboy but this is ridiculous.
Re:Another Get Firefox day coming soon... (Score:5, Insightful)
Read the explanation I linked to on Windows memory usage. If the only leak symptom you're seeing on your machine is a scary number in the Task Manager, things probably aren't as bad as you think.
tweak it? Why should I? (Score:3, Insightful)
I think you're missing the point. This is a consumer operating browser for the average user. Firefox should be smart enough to expire the memory cache either outright or to disk as it grows beyond a certain size. That size should also be set at a conservative (64MB maybe?) size to start with.
You, my friend, should be the one tweaking to get additional performance or make use of the 1-2GB of available RAM you probably have- not your average shmo with a Intel-Cellery processor and 192MB of RAM.
Am I the only one that believes that things should work right out of the box in 99% of the cases? Look at Linux's file cache system. buffers/cache will use most of the available memory, but when you start filling your memory, it reduces them instantly. Now of course FireFox doesn't have this power. It should be more sane to start with.
PS: As a side note, those of you in the OS world know that free() on Linux and Windows returns memory to the program, and not to the OS. So realisticly, Firefox should never use too much in the first place, as that won't go to the OS until the program exits.
So:
- small MEMORY cache to start with (64MB maybe?)
- configurable to make it bigger
- expiration policy to memory or disk
- minimal growth in application size due to reclaimation time on an application that pretty much doesn't close most of the time and hence won't release its memory
-M
Re:What is the issue? (Score:3, Insightful)
The problem is that sites developed using W3C standards DON'T WORK in Internet Explorer 6.
More specifically, the problem is developers who have specified that the display hacks are to be applied to ALL versions of IE, present and future, instead of just the versions known to require them.
"Security is much higher than IE6"? (Score:3, Insightful)
They've dropped ActiveX and desktop/browser integration finally?
No?
Then how exactly is "security much higher"? That's the biggest security problem in Windows for the past 9 years, and until it goes away I can't see how anything they could do could make a significant difference. Certainly nothing they've done over the past decade has.