April Chat with IE Team


Members of the IE team will be online for an Expert Zone chat this coming Thursday April 13th at 10:00AM PST. These chats are a great opportunity to have your questions answered and hear from members of the IE product team. A transcript will be published after the chat and transcripts of other recent chats are available.

These chats are a lot of fun as we all type furiously to keep pace with the questions being asked. Please join us for the chat if you can.

Thanks,
 – Dave

Comments (18)

  1. Alex says:

    Could you plan the next chat a few hours later? At 10:00 PST (19:00 here (GMT+1)) I’m never available 🙁

  2. Fiery Kitsune says:

    Rest assured, I’ll be there to grill you guys hard!

  3. Rex says:

    I know what my first question will be!

    Why do the posts about ActiveX on this blog not support comments?

    Is it because MS is aware that they will get nothing but negative comments, and thus they do not want to show the dark side of ActiveX?

    Why not block all comments on any proprietary technology that MS adds/keeps in IE?

    TIME? (not open tech, bad implementation (mixed design, redundant))

    ActiveX? (redundant, security risk (in the past at least))

    Behaviours? (not CSS, and if the JS implementation was complete, it wouldn’t be necs.)

    VbScript? (outside of ASP pages, does anyone even use this anymore? I know that even in ie4 it wasn’t complete)

    Unless i’m mistaken all the developers care about is:

    HTML, XHTML, XML, CSS, RSS/ATOM, XSLT, SVG, SGML, ECMAScript/JavaScript (no, not JScript), etc.

    As long as IE7, ships with the above, working properly, we will all be happy.  Which means, that we would actually appreciate it if you DID NOT spend another minute, wasting time developing something that is not part of the above.

    If it is an open standard, great.  But if only your browser supports it, then you are wasting our time.  I would rather have a GUI expert spend some time on the MS Dev Toolbar to make it look a lot less "1995".

    ThankS; Rex

  4. PatriotB says:

    Rex:

    – The ActiveX posts that don’t accept comments aren’t because it’s about ActiveX, it’s because it’s about the Eolas patent issue.  Maybe the legal folks advised them to not accept comments on it for some reason.

    – Thanks for speaking for all developers.  Heaven forbid someone actually LIKE and USE some of IE’s innovative features.  Take behaviors, for example.  They allow you to abstract away the behavior of some element or set of elements, allowing separation of page content and behavior.  Read up on it; it is a very useful technology indeed.  Also it is useful for apps that host IE components; WMP’s web views make extensive use of it as well as InfoPath.

  5. John says:

    "Why do the posts about ActiveX on this blog not support comments?"

    I think it’s probably more to do with the legality of the lawsuit. And I can understand their caution, based on some of the things people say on here.

  6. Rex says:

    @PatriotB:

    "all" developers might be a strong term, however I have (10 years now), never developed a web site, or web application, that did not work across "all" decent browsers.

    Since 99.9% of the developers I talk to, also fit into the same "shoe", my general view, is that the "Internet" is available for Apple, Unix, Linux, Windows, BSD, etc. thus, using a common, open set of technologies to provide content to users/clients/customers was a priority.

    < side note >

    Regarding WMP "web views": I personally have switched media players because of the embedded ability in videos to launch a web site location. (Spammers, pr0n, w@re2 and the like seem to have killed any possible "good" use for this feature)

    < / side note >

    As for reading up on behaviors, I have.  The only thing I ever managed to do with it, was get around the no-script setting in IE since it was treated as CSS (since fixed, kudos)

    Unfortunately, the Catch 22 returns here.  If MS adds a new feature "MS:XYZ", that is so amazing in that it will provide a "mind-telepathy" feature that searches the web for content I want to see, if it isn’t on an open web standard, it just won’t cut it, amazing as it might be….. since Mac users won’t be able to use it, ditto Linux, ditto anyone in an office that uses windows but doesn’t allow IE use, or has another web browser.

  7. PatriotB says:

    "All" developers includes Windows developers (e.g. non-web devs).  Those devs rely on IE’s extra features, such as behaviors and other extensibility capabilities.

    What I meant by WMP "web views" was the places where IE is embedded in the player window.  For example, the view that shows you album information, etc.  These views make extensive use of behaviors: take a look at some of the resources in some of the WMP DLLs (e.g. WMPLOC.DLL and company; I don’t know specifics off the top of my head) and see how they use behaviors.  It makes development a lot easier.

  8. Welio says:

    – Thanks for speaking for all developers.  Heaven forbid someone actually LIKE and USE some of IE’s innovative features.  Take behaviors, for example.  They allow you to abstract away the behavior of some element or set of elements, allowing separation of page content and behavior.  Read up on it; it is a very useful technology indeed.  Also it is useful for apps that host IE components; WMP’s web views make extensive use of it as well as InfoPath.

  9. Mitch 74 says:

    ersonally I’ll be happy if the following problems get fixed:

    – IE7 can’t display pages with mimetype application/xml+html (which is the normal mimetype for XHTML1.1)

    – IE7 displays scrollbars at the drop of a hat: a box with overflow:auto and normal wordwrapping with too big a content gets both vertical (normal) and horizontal (not normal) scrollbars, the second to take into account the added width of the vertical scrollbar?! Add to this the permanently-there right scrollbar… This is actually a regression from IE6.

    – Activescript can’t accept that "class" and "className" object attributes are actually the same thing.

  10. Mitch 74 says:

    whoops, slight spelling mistake for the mimetype above: should be application/xhtml+xml

    this goes along with not displaying plain text files like they are a webpage only because they happen to contain something that looks like html.

  11. cooperpx says:

    That was fun.

    Now, where to I go to follow up with a security issue I posted that went unaswered? 🙂

  12. ieblog says:

    Security issues should be reported to secure@microsoft.com, always.

    – Al Billings [MSFT]

  13. Dave Massy says:

    Hi cooperpx,

    Can you ask your questions here again. Sorry we didn’t get to all of yours but we did not have an expert on hand for them. I can’t guarrantee that we will answer them but I’ll do my best.

    Thanks

    -Dave

  14. cooperpx says:

    Hi Dave & Al.

    This blog & chat thing is really working for me. I’m thrilled to know any of my feedback is reaching something other than NUL.

    [this would be the security issue]

    Q1: Why does Digest Authentication clobber the current account and password per realm?

    i.e.: The last account (used for the realm) is always sent irregardless of originating server. Any site could challenge using "Microsoft’s realm" to get the user’s account). Don’t get me wrong, I doubt anyone uses Digest Auth at Microsoft, but it’s an issue I’m feeling.

    Q2: Will WinHTTP get client certificate support?

    This one affects not just my naitive Win32 applications, but .NET as well. From my research .NET uses the same HTTP stack as WinHTTP. Client Certificates are not an option within IIS or a service (imagine SOAP transactions).

  15. Dave Massy says:

    Cooperpx,

    Q1: Why does Digest Authentication clobber the current account and password per realm?

    Can you supply a repro?

    Q2: Will WinHTTP get client certificate support?

    No, WinHTTP and System.NET are different HTTP stacks.  Client certificates are available for use in both IIS and in System.NET.  To enable client certificates for IIS, right-click the web site in the Computer Management applet, choose the Directory Security tab, and set up a server certificate.  Then, you can use client certificates for authentication.

    Hope this helps

    Thanks

    -Dave

  16. cooperpx says:

    @ DMassy

    Your answers do help! In this case, knowing that system.NET and WinHTTP are different stacks explains a bit.

    Repo sent into secure@microsoft.com with your name present in the subject line. This issue doesn’t do anything bad ‘under the covers’. If you’d like that email / assistance with it, follow up using my passport info. 😉

    "To enable client certificates for IIS, right-click the web site in the Computer Management applet, choose the Directory Security tab, and set up a server certificate.  Then, you can use client certificates for authentication."

    After following these instructions, WinHTTP will fail if you access a resource within that directory. I just tried the setting "accept certificates" (not "require certificates") and the request fails.

    I hope that my past research is faulty, then you’d be 2/2 today! 😉

  17. cooperpx says:

    Doh. I swear I did this research thoroughly!

    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winhttp/http/ssl_in_winhttp.as

    Okay Dave, you win! Happy Easter. (I have some work to do this weekend to try all this out). ;p

Skip to main content