Microsoft's IE Team Leader Answers Slashdot Questions 530
We got lots and lots of questions for Dean Hachamovitch, whose formal title is "general manager Internet Explorer at Microsoft Corp." Picking a mere 10 of those questions was not easy, and I wish Dean could have answered twice as many -- and so does he, but his schedule has been tight this week. Anyway, here are his answers to the Chosen Ten.
1) How about this...by also-rr
Would you like to make available IE on other operating systems?
Dean Hachamovitch:
We did make versions of IE available on other operating system for a pretty long time, up through IE5 on Unix and the Mac. At the time we developed them, those offerings made sense. I don't see a good reason to make IE available on other operating systems at this time.
2) IE7 release time
by BeeBeard Why did IE7 take such a long time to release after IE6?
Dean Hachamovitch:
Basically because we were doing a lot of other things before we started work on IE7: a few releases of MSN Explorer, a lot of work on what turned out to be Windows Presentation Foundation, a lot of investment in what turned into IPv6 support in Windows Vista, and lot of security response, a pretty intense effort on Windows Server 2003 (and IE's "Enhanced Security Configuration"), and then a pretty intense effort on Windows XPSP2. You can read a more detailed answer here
3) Follow up
by LordEd
If you had more time, is there a new feature you would have liked to include in IE7?
Dean Hachamovitch:
Yes, several come to mind. None were more important than shipping. None were more important than the bug fix work we did in response to beta feedback.
The temptation to get "just one more feature in" is so strong... one more CSS fix, one more neat facility for developers, one more performance optimization, one more cool end-user feature. The thing that made it easier to resist the temptation and ship is the prototype and planning work we've started on the next release of IE.
4) Simple questions
by Billosaur
IE has a dominating command of the market, although Firefox is slowly making inroads, due to innovations such as tabbed browsing that IE has had to incorporate to maintain that command. But where are the IE innovations? Why can't the IE team get ahead of the curve on Firefox? Is there anything you consider an innovation that is unique to IE that would plausibly be something the browser market would have to incorporate to stay competitive?
Dean Hachamovitch:
I think IE7 is the first browser with integrated real-time anti-phishing functionality, with an RSS platform and support for Simple List Extensions (see below), with "QuickTabs," with support for OpenSearch, and with shrink-to-fit printing on by default. In Windows Vista with Protected Mode, IE7 is the first browser to "put itself into a sandbox" and run with low privileges.
I think that during the IE7 beta process, you've seen other browser vendors copy some of these features and/or deliver add-ons for others. (IE has also delivered some functionality - like spell-checking in forms or in-line find, as add-ons; you can read more here.
I want to call out the Phishing Filter and RSS in particular. I think there's a clear difference between the protection offered in IE7 and other places. I suggest readers look here and here and decide for themselves. I was surprised when I read this because I think IE7 delivers real-time protection that respects user privacy at the same time.
I think IE7's RSS is pretty deep. First, the support for the Simple List Extensions that we made available under a Creative Commons license is cool - check out the links below in IE7. Also, the platform enables developers to deliver on some great scenarios, like sharing subscription information between different applications and services easily (from the new version of Outlook 2007 I run at work to IE7 at home via Newsgator). You can read more about that here.
- Amazon Wish List as an RSS feed
- eBay Search Result as an RSS feed
- Yahoo Music Top 10 list as an RSS feed
In regards to tabs, according to http://en.wikipedia.org/wiki/Tabbed_browsing, NetCaptor (an IE-based browser) was first.
5) My shot
by Njovich
What do you consider the greatest weakness of Firefox?
Dean Hachamovitch:
Hey, I've met a bunch of the Firefox folks and respect them and am not about to say mean things about them or their product, period. I have started to see some things that even some Slashdotters find a little confusing, like the whole Iceweasel thing.
6) Security
by Seto89
One of IE7's revolutionary features was supposed to be security, although it took less than 24 hours for Secunia to post an advisory about a security hole. Moreover, the bug seemed to be carried over from as early as IE5.5. What approach did you take to improve browser's security, and how come the vulnerabilities have been carried over?
Dean Hachamovitch:
The overall approach we took is called the secure development lifecycle. You can read more about it in general at http://msdn.microsoft.com/security/default.aspx?pull=/library/en-us/dnsecure/html/sdl.asp and http://www.microsoft.com/MSPress/books/8753.asp. The very short version is that we stepped back to analyze all the ways to attack a browser and then figured out the best ways to defend in depth against attacks. We reduced attack surface area, for example, turning off several feature and protocols by default and with ActiveX opt-in. We re-wrote a lot of the URL handling code in our networking layer. We ran a lot of tools against the source code to look for vulnerabilities. We listened to feedback from lots of smart people who are skilled in the art of attack.
As anyone who reads SecurityFocus or FullDisclosure will tell you, security is an industry problem and innovation in attacks is ongoing.
The MHTML issue is pretty interesting. IE calls another Windows component to handle some MTHML functionality. That component has a vulnerability. The important things here are (1) a malicious site can steal user data and (2) of course Microsoft cares about privacy and will fix this issue promptly. Some of the blogs over at zdnet - in particular George Ou's and Ed Bott's, have had some balanced opinion pieces on this issue.
While I was writing this, someone disclosed another issue irresponsibly. On the one hand, it's minor (a malicious site can make the address bar, when it's selected and in a pop-up window, deceiving... clicking in the pop-up window addresses the issue) and our anti-phishing technology helps a lot. The MSRC blog has more detail. At the same time, an attacker could draw a fake or misleading address bar in a pop-up window in a browser that doesn't automatically show the address bar in every window. Again, I think all this shows is that innovation in attacks is ongoing.
7) How about this....
by Toreo asesino
Let's pretend for a moment that Internet Explorer isn't the default web-browser built into Windows and instead, users are presented with a choice on first login (e.g. a message asking 'How would you like to browse the internet? MSIE, Firefox, Opera').
Would you expect IE to become as dominant as it is now if users had to specifically choose it over another?
Ignoring the slight impracticalities, if so (I'm guessing you do), on what basis would this be?
Dean Hachamovitch:
OK, I'll pretend. My first question is when we ask users this question... if it's in 1995, then Opera isn't on the list (Wikipedia just told me that its first public release was in 1996) and neither is Firefox. If it's today, then, candidly, we have 10+ years of people seeing the IE icon and all that that means to them.
The funny thing about your question is that in some ways, users are about two clicks from this scenario every time they run Windows XP: from the Start menu, select Set Program Access and Defaults. And it's not limited to the browsers you list, but any browser that they can download.
To answer your core question: I don't know how people would answer that question. I think we've asked users far simpler ones (like setup programs that ask "Do you want a typical or custom software installation?") that have proven frustrating to them. I do blog searches just about every day to read what people are saying about their browser choice, the browser I work on, and the other browsers you list. While it may surprise you, for many users, the differences between today's browsers aren't as clear and obvious as they may seem to many in the Slashdot crowd. I've read a lot of posts that say, "I tried IE7, I'm pleasantly surprised, and I'm switching back." (I read a lot of others for sure.) For some folks, having professional technical support to contact makes all the difference in their browser choice. During a press interview with a technical trade journal recently I asked the reporter "So what do you browse with" and he said "Mostly IE6, sometimes Firefox 1.5." That might surprise some of you.
8) Allowing Developers to Test for Compatibility
by miyako
IE7, like IE6, renders a lot of pages significantly differently than the other main HTML rendering engines available (Geko, KHTML, and Opera). At the same time, IE7 requires WGA to run - so that applications like Wine are unable to run it. This means that web developers who are using Linux and Mac OS X will have an extremely difficult time testing their sites with IE7. Was this intentional? If so what was the reason behind it (do you want to force developers to move to Windows for web development, or simply set IE aside as something different that isn't a regular browser and must be specifically developed for), and if not how do you plan to rectify the situation?
Dean Hachamovitch:
I think the core of your question is about giving away Windows licenses for free. We love developers, period. We're also not about to give away Windows client licenses. Because we want end-users to have a great experience on the web, of course we want web developers to have an easy experience working with IE and testing their sites with IE. That's why we published tools like the web developer toolbar and the Application Compatibility Toolkit and so much documentation during the course of IE7 development. I also respect that - as hard as everyone at Microsoft works to make Windows the best operating system for developers run - some developers will choose to run others. Mac developers have a fine solution - I've talked with hardcore Mac people who bought a copy of Windows that they run on their Mac with Parallels to test their work in IE. For other developers, I've seen some very clever solutions like BrowserCam that should help.
9) I asked Hakon about CSS and now I ask you:
by Chabil Ha'
This past summer Håkon Wium Lie was interviewed on /. and my question was selected concerning IE7's glaring lack of full CSS support. Why is it that MS has avoided meeting at least the ACID2 spec for CSS in order to bring some semblance of comformity for developers?
Håkon Wium Lie's response to these questions is boiled down to the fact that you do have the talent and resources to fix these issues and he says that "the fundamental reason, I believe, is that standards don't benefit monopolists" like MS.
How do you respond to his comments (the author of the CSS spec) and does MS have any near future plans to adhere to the existing CSS standard? If not, what would it take for MS to take a more proactive role in supporting it?
Dean Hachamovitch:
During IE7's development, we prioritized the work we did based on the web development community's real-world feedback. The engineering exercise here was choosing the best work for a finite number of developers to do during a finite period of time, especially given the compatibility impact of changing how IE behaves. The work that we delivered in IE7 simply has more positive impact and makes web developers' jobs easier than making an arbitrary (if terribly clever) web page render the way its author intended.
The Acid 2 test explicitly states that it isn't part of a formal compliance suite and it is not a "spec for CSS." It's a suite of tests of HTML, CSS, PNG, and data URL features that Mr. Lie thought were important. I'm glad that Mr. Lie - who is one of the authors of the CSS specifications - acknowledges that Microsoft's developers have the talent to address these issues.
The question here isn't whether we want to support those features or if we understand that web developers want them (we do), but simply prioritization. We focused on web developers' real world problems.
The real goal here is interoperability - something that Microsoft product teams believe in (remember, Microsoft has more than one product that works with HTML, CSS, and other web standards, and they have to interoperate too) and something that benefits customers (end-users, developers, IT Pros, et al.) across the board. The work in Windows Vista around IPv6 as well as the work we've done in IE7 with OpenSearch, RSS and with Certificate Authorities and other browser vendors on Extended Validation certificates are good examples of following through on that belief in interoperability.
Your question also asks about Microsoft's plans to comply with the existing CSS standard; there are actually several CSS standards, some still under construction (CSS level 3) and some made obsolete over time (e.g. CSS 2.1 fixing errors, removing ambiguities and changing required behavior from CSS 2). Just as we did in IE7, we're going to listen to the web development community and prioritize the remaining CSS work and deliver the parts we hear are most important first. We do intend to comply with the standard; no other browser I'm aware of has complete support of every feature in CSS 2.1, so it's clear that we all have to use prioritization to know where best to place our resources.
10) Why develop IE at all
by CmdrGravy
Given that you are not planning on selling IE 7 and the fact that there are already other browsers on the market which can allow Windows users to experience the web fully why is Microsoft investing so much time and effort in continuing the development of IE?
Dean Hachamovitch:
Windows customers expect the best, safest experience with their PCs out of the box, especially around the web browser. We're investing so much time and effort in IE in order to give Windows customers a great, secure, default experience. I'm glad that users can choose other browsers as they see fit - Windows is a platform. We're working this hard on IE because so many end-users rely on it and so many developers have built on the APIs that IE exposes as a part of the Windows platform.
-------
Editor's note: Next week's Slashdot interview guest will be a FireFox person. Only fair, right? :)
At last (Score:5, Interesting)
They created their own www and say so. Their goal is to make sure all the websites that are made for IE will look good. Standards be damned. Not that we didn't know that, but nice to here from an official source.
RSS, huh? (Score:5, Interesting)
Missing from the answers (Score:5, Interesting)
So just say it. Things weren't delayed because you were too busy working on other things. Features and bug fixes were delayed because you were told to work on other things.
Blame your management. We all know they're a big part of the problem.
Re:Embrace and Extend (Score:4, Interesting)
Half and half. IPv6 vs IPv4 can be abstracted out easily at the transport layer, but there do exist places where the abstractions break down. Specifically, an IPv6 address in the Location bar will look very different from an IPv4 address, and there will be some validation code in there to figure out which kind of address it must be and whether it is in fact a valid address. Also, IPv4 vs IPv6 pops up in DNS record lookups.
So yes, they absolutely should have an abstraced network interface object, but they still need some code to handle all of the corner cases where IPv4 and IPv6 mix.
(Not an IE developer, but did write a DNS client and had to support IPv4+IPv6 in both the low-level transport and the DNS data layer.)
Re:Firefox zealots beware... (Score:1, Interesting)
As I understand the trident engine renders whole HTML pages faster, but the Gecko layout engine renders partial content earlier and as a result feels faster.
Add to this the fact that you do not have to upgrade to the latest Windows OS to run Firefox, I have serious doubts about your claims. I am fairly certain Firefox on Win98 will feel faster on your (Only 128 MB RAM - Althon 1300+, 16 Meg Video Card) machine than IE7 on WindowsXP(or how about Vista
So that's the Microsoft mentality (Score:4, Interesting)
So fixing CSS bugs is a feature? They threw in lots of features, like tabbed browsing, yet they consider actual bugs to be extra features that will have to wait.
Question 8 (Score:5, Interesting)
Giving Away Windows Licenses? Give me a break... (Score:5, Interesting)
Hey Dean, no one was asking you give away a Windows license. We were asking you to give developers a better way to test against past, present and future browser versions and you responded by acting like we wanted to get Windows for free. Don't you have a clue about the real world for web developers?
I have a legally owned XP Pro license. I run IE 7 on my computer to test that but I can't also test IE 6. So I install another copy on a VMWare virtual machine. That is a total headache for just wanting to test a web site.
MS owns Virtual PC. You already make a stripped down version of Windows (Windows Starter). Why can't you make self running virtual pc images basically of IE images? Prevent anything except IE from running on the virtual machine and take out anything not essential to testing a web site. This could be used in Linux or on a Mac.
But hey, make it hell for us Dean. We really appreciate that.
ACID2 and the real world (Score:4, Interesting)
Exactly (Score:1, Interesting)
Spin (Score:3, Interesting)
1. (Would you want to make IE for non-Windows systems)
We did make versions of IE available on other operating system for a pretty long time, up through IE5 on Unix and the Mac. At the time we developed them, those offerings made sense. I don't see a good reason to make IE available on other operating systems at this time.
Then it made sense. Now, it does not make sense. I don't see a good reason to make our work on IE7 available to Mac and Linux users. They are not worth it.
2. (Why so long since IE6?)
Basically because we were doing a lot of other things before we started work on IE7: a few releases of MSN Explorer, a lot of work on what turned out to be Windows Presentation Foundation, a lot of investment in what turned into IPv6 support in Windows Vista, and lot of security response, a pretty intense effort on Windows Server 2003 (and IE's "Enhanced Security Configuration"), and then a pretty intense effort on Windows XPSP2.
We've done all these other things! Instead of hiring other people to do those things, my company chose to reassign the IE people to those projects. For some reason, I dunno, I think I remember them saying "strategy" or something. No more important enemies there to drive before us, no more women there to hear lament.
3. (Fluffy question.)
Fluffy answer.
4. (How does IE beat Firefox?)
I think IE7 is the first browser with integrated real-time anti-phishing functionality, with an RSS platform and support for Simple List Extensions (see below), with "QuickTabs," with support for OpenSearch, and with shrink-to-fit printing on by default. In Windows Vista with Protected Mode, IE7 is the first browser to "put itself into a sandbox" and run with low privileges.
Buzzword! Buzzword buzzword? BUZZWORD!
Buzzword uses Snowjob! It's super-effective!
Firefox has anti-phishing (groan) technology when used with Google Toolbar. IE had it with Google Toolbar long bfore IE7. But, although there are multiple Firefox extensions that do phishing checks [mozilla.org], IE does have it built-in first. Of course, I'm super-cautious about sites I enter my financial information into, so I might say that my browser doesn't need phishing protection bloating it up and sending in all my URLs to some mothership....
Well, let's be fair, IE *does* say that their protection respects user privacy. Although I don't have the details of their protection, that could be some good they've brought into the world. But it still seems, to me, to be more of something for a plug-in to do.
RSS, Firefox has had it for a long while, even before Live Bookmarks. QuickTabs seems to be just a CamelCase rename for a Firefox feature. Oh sure, there may be something to differentiate Firefox's tabs, but it doesn't seem to have been important to generate any outside excitement other than "OMG IE's got TABS!" And Firefox 2.0, according to Wikipedia's article on OpenSearch [wikipedia.org] (as of 10/27/2006 4:31EST), does have OpenSearch -- if IE7 had it first, it was by a matter of days, and without counting the RCs as releases.
For him to crow that IE7 is the first browser to put itself into a low privilege sandbox is ludicrous. Before Internet Explorer came along a web browser was just a damn process like any other! A user --well one on a more sensible operating system that Windows at the time-- could very well run it with whatever privileges he chose! Microsoft doesn't get to congratulate themselves for solving a problem they created, dammit!
I think that during the IE7 beta process, you've seen other browser vendors copy some of these features and/or deliver add-ons for others. (IE has also delivered some functionality - like spell-checking in forms or in-line find, as add-ons; you can read more here.
I'
Re:Giving Away Windows Licenses? Give me a break.. (Score:5, Interesting)
Re:Giving Away Windows Licenses? Give me a break.. (Score:3, Interesting)
But honestly, the situation with testing numerous browsers is a real headache. XP can't even run IE5 and while its a small portion of the audience and getting smaller its still there and we know IE6 will be there for a long time even with Automatic Updates. I really feel for the guys on Linux or Mac who have absolutely no way of testing sites on IE. But again, I don't know if that Virtual PC image idea has any merit but some way of seeing how sites would look, how they react on IE would be great. Someone suggested using the evolt standalone IE versions that I know is technically illegal and doesn't work that well anyways.
So after all that babbling, thanks again for making an effort to help us with this. I for one don't dislike you guys, I just hate when my job is harder than it has to be. (as we all do