George said:
No not really. In fact all my hacks still work. Again there is no reason to criticize me because Microsoft is
making changes that you are unaware of.
Microsoft is making no changes I am unaware of.
reduced that no longer can the Microsoft JVM be used in Windows 2003 (many prefer it over Sun);
The reason why Microsoft can no longer update their own Java VM is clearly documented at <url:
http://www.microsoft.com/mscorp/java/ />:
"The MSJVM will reach its end of life on December 31, 2007. Customers are encouraged to take proactive measures to stay informed about obsolete software and move away from the MSJVM in a timely fashion. The MSJVM is no longer available for distribution from Microsoft and there will be no enhancements to the MSJVM. Microsoft products and SKUs
currently including the MSJVM will continue to be retired or replaced by versions not containing the MSJVM on a schedule to be announced."
that IE has quit
development;
It has not. The most recent story I've heard is that updates to Internet Explorer will not be available as stand-alone downloads, you will need to upgrade to a new version of Windows to get a new version of Internet Explorer. This article <url:
http://www.samizdata.net/blog/archives/006803.html /> makes the same claim and goes one step further and
claims Microsoft is only fixing IE security problems Windows XP. This is clearly not the case, since the last cumulative update to IE was available for every operating system from Windows ME to Windows 2003. I'm guessing they are referring to the security enhancements added to Internet Explorer by Windows XP Service Pack 2, which are not available
as a separate download for IE running on other Windows operating systems.
that the ability to use addresses in the form http:user
ass@url are disabled;
Clearly documented at <url:
http://support.microsoft.com/default.aspx?scid=kb;[ln];834489 />. There has been debate here and on other newsgroups as to whether a URL in the form of
http://user:pass@host even conforms to an RFC. The general concensus seems to be "no". As a result, Microsoft simply removed support for a non-standard mechanism that
happens to have been duplicated on most other Web browsers.
Section 3.2.2 of <url:
http://www.ietf.org/rfc/rfc2396.txt /> states:
"Some URL schemes use the format "user
assword" in the userinfo field. This practice is NOT RECOMMENDED, because the passing of authentication information in clear text (such as URI) has proven to be a security risk in almost every case where it has been used."
Section 3.3 of <url:
http://www.ietf.org/rfc/rfc1738.txt /> states:
"The HTTP URL scheme is used to designate Internet resources accessible using HTTP (HyperText Transfer Protocol). The HTTP protocol is specified elsewhere. This specification only describes the syntax of HTTP URLs. An HTTP URL takes the form: http://<host>:<port>/<path>?<searchpart>"
Note that the HTTP specific section of RFC1738 does not even include userinfo, making a URL in the form of
http://userinfo@host invalid, and
http://user:pass@host doubly so, because as Section 3.2.2 states, the practice of including authentication information on the URI is not recommended.
In other words, the change Microsoft made did not go _far enough_ (since
http://userinfo@host is still permitted).
that IE 6 introduces a
Race condition in Windows 2000 that there is no fix for.
Test case? Knowledgebase article describing this identified race condition? Result of this race condition? Number of users affected?
Grant you may be surprised at the number of people who complain that their previous to installing Windows XP browser experience has been adjusted to a "pain in the arse" after the SP2 install. Or that Microsoft is STILL releasing fixes to the fixes that were to fix the issues the public said needed fixing. This is what happens when "bundling."
I would not doubt that people are complaining about the security enhancements added to Internet Explorer. I would also not doubt that if you asked them if they understood the underlying technology and potential for it's abuse, they would have no idea. People complaining about being protected from malicious people on the Internet are like people who
complain that putting on a seatbelt in a car is "too much trouble" and "wrinkles their clothes". They fail to understand that being catapulted 60 feet into a telephone pole in an accident is probably much more trouble than putting their seatbelt on.
It is our job as IT professionals to inform people why these changes were made, and help people identify the benefits these changes bring to their computer using experience. Not add to the noise.
I'm not sure what "fixes to fixes" you are referring to. The cumulative Internet Explorer update recently made available does not "fix" any flaws in the Service Pack 2 deployment, it patches additional security vulnerabilities.
This "bundling" of security fixes with enhancement fixes is what I am "angry" with. I wouldn't say "angry."
Disgusted would be a better term. Because to get those enhancements now I have to weigh that with the possibility that something I enjoy with my browser is not going to work anymore. Disgusted.
Protected, not disgusted.
However, if you really don't like the changes, use a different Web browser.
Microsoft has made the right choice in locking down their browser, and if you don't like it, you're free to use some other Web browser.
