Actually, on Vista and Win7, IE runs even lower privileged than normal user. It has no messaging access to any process not in limited mode, and no write access to any files not in the user's "local low" directory.

Um, any remote code execution vulnerability allows a worm to propagate. There have been tons of those in nearly any OS. The question is whether anyone writes a worm to take advantage of it and what they did with machines they compromised. Client Linux is less of a target due to its low marketshare, but it's by no means immune: http://en.wikipedia.org/wiki/Ramen_worm http://en.wikipedia.org/wiki/Devnull http://en.wikipedia.org/wiki/L10n_worm

Server software tends to be a better target as there are a larger number of more powerful always connected machines to hit and provide the opportunity to induce secondary infections on clients accessing the server. Of course because of the high value of the target, it's not necessary to attack with a worm, simply hacking a single server can be worth it: http://it.slashdot.org/article.pl?sid=08/01/24/1930207 http://www.symantec.com/security_response/writeup.jsp?docid=2002-091311-5851-99

You're right, I was making a rhetorical point, not a logical one.

The main thing I dislike about Javascript is that it's not a designed language. What I mean by this is that the most basic way of doing things should be the correct way. By this metric, Javascript fails miserably. There's so much broken - scope, the this keyword, scope for eval'd code, the hoops you have to jump through to make "private" functions and variables, etc. I also have a strong bias against untyped languages and those whose syntactical correctness you can only test by running it with complete code coverage. Even tools like jslint are miserable compared to the compile errors, warnings and other static analysis info you get from a well tooled, typed, compiled language. On at least part of this last part, Brendan Eich agrees with me, although the rest of the world managed to convince him it didn't belong in Ecmascript. http://www.infoworld.com/d/developer-world/javascript-creator-ponders-past-future-704?page=0,3

I tend to go by the thickness of Crockford's book, vs the thickness of any "Complete Javascript" book when determining how much "good stuff" the language has. The truth is it's an accident of history, a tech demo that should never have been released, a baby not even its creator could love (and the Ecmascript 5 group had to tear out of his hands to ensure it remained a compatible language for the web).

Besides Remote Desktop and Remote Assistance, which might require port forwarding (at least for RD, I'm pretty sure RA works just fine without it), Live Mesh works great and has no issues with firewalls, NAT etc assuming you can get them to install it and send you a username/password combo.

A version of .Net is installed with each version of Windows since one of the XP service packs yes, but if you want to use a more recent version than 1.1, chances are you're going to have to install it on at least some customer machines. Last release was 3.5 SP1 I think, 4.0 is already in beta. To use WPF (and get support for XAML like Silverlight) you've got to at least use 3.0, which I believe is installed on Vista and above, but not XP and lets face it, most apps still need to support XP. Relatedly, I believe that app startup time for Silverlight is also faster than full .Net, but I'm not sure about that one.

I think this is actually more of a result of there being two audiences interested in Silverlight. The first is the audience interested in Silverlight as a media streaming or flash replacement browser plugin. For them, nothing changes. These new Windows only features are more for the other audience which is client app developers looking for a lightweight replacement to .Net (one that doesn't take at least 30 minutes to install!). For them SL was interesting in that it was easy to deploy, but they could give a heck about sandboxing - they wanted a way to access the whole system and want their apps to behave just like any other client application. The COM interaction lets them do this if there's some piece of functionality not available in SL on the system, they can just write a native DLL and interact with SL through COM.

Sounds exactly like IE doesn't it? The only difference is I couldn't quickly find a way to change the default in FF whereas in IE, it asks you as you add a provider.

Now try changing the default in Firefox from Google to *anything* else.

Security patches are not subject to the Genuine Advantage check. People running pirated software are just less likely to run windows update because they are scared that it will somehow invalidate their pirated install. Also, as you note, installing pirated software, including Windows, is a risk in itself as much pirated software has been prepackaged with malware.

Besides the obvious (you have all the surface area of Chrome and IE together in the browser), there are a lot of questions I have about whether and how it respects IE's security settings, privacy settings, site filtering settings, no-script settings, script debugger settings and on and on. People can joke about how early versions of IE had huge security issues, but all the mitigations and fine grained control over what a page can and cannot do, as well as group policies put in place for sys-admins at corporations trying to protect their intranets are important. Maybe Chrome Frame plays nice with these, maybe they don't. My guess is that it doesn't handle every one of them with grace. (Disclaimer, I work at MS, but am not on the IE team).

Through property, per-employee, sales, vehicle licensing taxes etc, MS and it's employees contribute a lot to the cost. They also contribute directly to many public works projects that benefit them such as roads and bridges in the Bellevue/Redmond area. (Disclaimer, I'm an MS employee.)

Yeah, because I'm going to go to some building off-campus that no one's advertised for me to dump an iPod I could craigslist or eBay (I'm a MS employee and worked there at the time the Zune first came out and I never heard of that box until I saw the same picture you're referring to online). I think you're overblowing what was a joke in a lobby for the building the Zune team was working in at the time.

That said, I have to agree - this Win7 house party thing was pretty hilarious. Sweet - let's party by checking out those hot new OS features! That said, there's nothing to say you have to sit amazed, crowded in front of a laptop the whole time. Any excuse for a party right?

Oh good, I can really see those groups charming the pants off legislators the world over.

Market cap of MSFT: 209.94B
Market cap of GOOG: 144.28B

Now it's almost definitely not going to happen, but...