Is WPF free of software patents and is it fully running on Linux

No and no. You shouldn't think that it is. However, if you're writing an app to run on Windows desktops, it's good for that.

only if said platform is running MS Windows... some of us don't think that constitutes "platform independence".

Er, no. The same bytecode runs on Windows, Mac OS X and Linux. There are also betas for some mobile phones. That's what I meant.

It's still windows.

That's the whole point - it's not just Windows any more. It runs on Windows, Mac OS X and Linux.

So what's special about DirectX and silverlight? Yes, DirectX is used to render the shapes and textures that make up Silverlight and WPF content.

But your statement could be phrased as "If the code can use the OS to service requests (which must obviously use data provided by the Sandboxed app) then there is the potential for buffer overruns and other types of exploit. The OS does not run in a sandbox, it has to access drivers at a pretty low level. You can include the driver itself in the attack surface now too."

That is equal for all sandboxes and sandboxed environments. I'm not excluding the possibility of bugs in Silverlight, just failing to see why it's not fixable.

If the code can use DirectX to render object then there is the potential for buffer overruns and other types of exploit

That's total rubbish - like saying "if java can use the cpu to add two numbers then java is also vulnerable to cpu buffer overruns"

Gated access is the key to any sandbox.

All sandboxes are not equal

So what do you know about the .net/Wpf.Silverlight sandbox?
If nothing then STFU.

Fact: Internet Explorer is rapily loosing market share.

Probably. I won't know, been on firefox since before 1.0. Silverlight runs there.

Fact: Developers see Linux compatibility as important and Linux is steadily gaining market share.

As a desktop platform? No, Not fact. 2 percent is not important. And if it does gain importance, there's nothing to stop Silverlight running there.

Fact: Silverlight is only taking off on Microsoft's own website.

Not so, I've seen it elsewhere.

is still well behind Flash.

Well, yes. It's got about 40% installed base at present, as compared to 95% for flash. Different point on the s-shaped-curve.

I'm pretty sure it will be a big flop.

I disagree. And based on your previous post, I think you are stupid and ignorant on this subject. I don't care what you think.

MSFT has embraced a Flash-like technology, does this count as "extending" it ... it seems like there is an "extinguish" in store for the near future.

I'm not sure what you're suggesting.

Silverlight is like flash - yes, but unlike with embracing standards, there's no compatibility.

That Silverlight aims to extend and improve on flash, and C# aims to improve on Java. Well, with Silverlight there's still catching up to do. But since Silverlight is not flash and C# is not Java, there's no standard to extend, just a competing product in the same space. So is competition good or not?

So where does the "extinguish" come in? Are you suggesting that when MSFT gains high enough market share in C# and Silverlight, they will suddenly stop supporting those products? That's absurd.

That they will force competitors out of business? I hope not, it's bad for competition. Look how the MSIE browser stagnated when there wasn't competition.

Right now Silverlight is forcing Adobe to up their game with flash, and this is good.

Read the other clever people who had the same idea first, please. Are you afraid of the security implications of Java or flash running in a browser? Silverlight is much the same.

The worlds biggest movie web site YouTube will never use Silverlight cause Google will never use Microsoft's Technology.

Right, YouTube uses Adobe's instead. There are other websites too.

Because of this, and also because Microsoft have a bad reputation with web standards, I don't think Silverlight will ever take off.

Ok, how did that line of logic work out for Internet explorer?

I think Silverlight ... is closed source and doesn't support Linux, it will fail.

So, by not prioritising the all-important Linux desktop market (now weighing in at what? 2% ? ) it is doomed?

I don't think Silverlight will ever take off.

It's taking off already.

At least with Flash everything is sandboxed in the browser still, but it now looks like Silverlight apps will be able to access stuff outside the browser, much like a normal program.

You're not looking hard enough. Silverlight apps, in our out of the browser, have the same security model and sandbox. Access "stuff outside the browser", e.g. to the file system is still severely gated. Like with flash.

The attack surface ... will then include things like DirectX

No, no it won't. Sandbox, remember?

Famous last words.

What, it's a mistake to say that silverlight is more secure than something with no security at all? It's not exactly a high bar to clear.

There must be a group of masochists over at MS. Apps outside the browser? Are they insane.

You guys are like stuck records. Read before you write, please. Taking a silverlight app out of the browser window and putting it into it's own window doesn't change it's security permissions at all. The security implications are identical

I'm sure the sample exploit code is already out there.

You think there are exploits already? Give us a link or STFU.

This is much the question as one asked below, so I'll give much the same answer:

Silverlight is a subset of desktop WPF. This will continue to be the case. WPF is not being phased out. Silverlight doesn't "obsolete" WPF, Silverlight *is* WPF. Learn one, you know the other, mostly.

There will always be scenarios where you need a larger framework than can fit in Sivlerlight's 5Mb download, and you need full access to the machine's resources that silverlight programs across the wild internet can't do for security reasons. That's where full WPF can give you a good UI.

Also, the non-Ui .Net class library in Silverlight is also brutally cut down to fit into 5mb. In many cases, we'll want and need the real thing to code a desktop app.

Visual Studio 2010 will be the first big WPF application to be widely shipped. You won't see big apps like MS word, Excel, etc written in silverlight, but you may well see them in WPF.

"Am I missing something or does that part about "apps outside the browser" sound like a more modern reimplementation of the old ActiveX? By that I mean, whether it's "inside the browser" or in a different window, this still amounts to running executable code from remote hosts."

What you're missing is that ActiveX ran compiled binary machine code from a remote host. No sandbox, full access to the OS. No platform-independence either, because of that.

Silverlight code (or Flash/Flex code for that matter) is bytecode. It runs (in or out of the browser, no difference) in a sandbox, and is platform-independent bytecode. Like java. Remember java in the browser?

Silverlight is a subset of desktop WPF. Silverlight doesn't "obsolete" WPF, Silverlight *is* WPF. Learn one, you know the other, mostly.

There will always be scenarios where you need a larger framework than can fit in Sivlerlight's 5Mb download, and you need full access to the machine's resources that silverlight programs across the wild internet can't do for security reasons. That's where full WPF can give you a good UI.
Visual Studio 2010 will be the first big WPF application to be widely shipped.