# Wednesday, 21 July 2004

Yucca Year

Tim Bray says the Yuccas are flowering in Vancouver. It would seem it is Yucca year in Essex as well.....

The above has been in the ground since 1991 and after so long a surprising sight.

#    Comments [0] |
# Sunday, 18 July 2004

Why mark of the web didn't work

In trying to fix a problem it was suggested that 'mark-of-the-web' could be used; I couldn't get it to work, apparently it was broken....

Build Comment Web Pages in VS 2003 and Windows XP SP2.  ....  In Windows XP SP2, the IE team did work to tighten up the items which were permissable and http:// was accidentally excluded... [via Microsoft WebBlogs]

Dunno whether RC2 fixes the problem or RTM, I found another way round the problem.

#    Comments [0] |
# Friday, 16 July 2004

Weird - Internet Explorer the application is at fault, not the components. I don't think so.

Or so say some.... Wired News: Cool Ways to Give IE the Boot

Now according to this article there are some alternatives to IE beyond FireFox and considers 2: IRider and Deepnet Explorer. About IRider it says:

... IRider appears not to be vulnerable to most of the security exploits that plague Internet Explorer, especially if you follow the company's advice on how to configure the browser ...

and about Deepnet Explorer we have:

As far as security is concerned, Deepnet spokeswoman Anneli Ritari noted that "Deepnet Explorer does not support any third-party plug-ins. We prefer to develop and build in the features instead of enabling plug-ins, including the so-called Browser Helper Objects, so it could be argued that Deepnet is more secure than Internet Explorer or Mozilla."

Deepnet Explorer doesn't support third party plug-ins? I don't think so, it runs ActiveX objects such as ScriptX (which is perfectly safe, just using that as an example).

Both of these applications host the Microsoft Web Browser Control - this is the control that wraps MSHTML.DLL that Internet Explorer uses. You can host mshtml directly, but its more difficult than hosting the control so most go for the control. The point is, all the scripting etc etc vulnerabilities there are in "Internet Explorer" are in IRider and Deepnet as well because they are using the same underlying technology. Get one of these and think you are safe and can ignore advisories and updates and you are seriously fooling yourself.

The only thing that I can see that is true is that neither loads BHOs, which are often the route of choice for spyware, but that is all.

The article doesn't mention the Zeepe Zowser, and nor should it really, its just a sample. But, if you fancy an easy way of writing your own tabbed browser, its a good starting point. Just don't think you will be any more secure than IE -you won't and to re-iterate, you won't be anymore secure with IRider or Deepnet either.

[Update. Just seen the article go by again my news reader: 

   Cool Ways to Give IE the Boot. If you're looking for an alternative to Internet Explorer, there's more out there than just Mozilla. Here's a rundown of some popular Web browsers not written by Microsoft. By Michelle Delio.

My argument is that IRider and Deepnet Explorer are, at their heart, written by Microsoft. Nothing wrong with them, just be aware that all is not, IMHO, as implied by Michelle.

]

If someone can show me where the above is wrong and web browser control hosts are much safer than IE in the cases other than BHOs then I will be most grateful since it would apply to Zeepe as well.

#    Comments [0] |

Well that explains it.

Once more, Eric Lippert provides interesting information (some of his stuff may be in documentation somewhere but reading his blog is like reading entertaining documentation, just over a very long while)

Not Logical Is VBScript.   ... JScript has both logical (&&, ||, !, etc.) and bitwise (&, |, ~, etc) operators, but VBScript only has bitwise operators. That means that JScript can do lazy logic. In Jscript, when the first half of the and-expression evaluates to false, it knows that it should not evaluate the second half for the logical operator but it should for the bitwise operator. In VBScript, both halves are always evaluated. (ASIDE: VB.NET has added lazy logic operators, at long last. [via Microsoft WebBlogs]

VBScript only has bitwise operators just never made it into my consciousness to stop me writing the sort of stuff I'd write in other languages and then spend yonks scratch the head about why things didn't work.

#    Comments [0] |
# Thursday, 15 July 2004

Mini-Microsoft

  • Back to Basics. Win32 and C++. Bread and butter. Not everything can run in the freaking CLR.
  •  [via Mini-Microsoft]

    Interesting - not surprisingly the guy/gal keeps themselves anonymous; it is a delight to sit back, read and imagine its The Bill himself being subversive having lost control of the company.

    #    Comments [0] |
    # Wednesday, 14 July 2004

    Net curtains rather than a whitewash.

    UK Probe Finds Flaws in Pre-War Iraq Intelligence.  LONDON (Reuters) - Britain's pre-war intelligence on Iraq's armaments had "serious flaws" but Prime Minister Tony Blair was not personally responsible, an inquiry found on Wednesday. [via Reuters: Top News]

    It couldn't be another whitewash after Hutton somewhat backfired so here we have some of the smelly stuff stated and then hidden behind the net-curtains of "no-one is to blame". Some people should get their lives back, but sadly they can't.

    #    Comments [0] |

    Explorer is dead - not; at least some agree.

    The much-trumpeted fall in Explorer's share is very far from conclusive. It has fallen from 95.73 percent of the market to 94.16 percent from June to July, claimed some previously anonymous web stats company. A statistical blip would easily cover such a small movement. This is very much a case of people finding the facts to fit the story - Web users flee insecure Explorer.  [via Techworld.com - RIP Internet Explorer?]

    A statistical blip was very much my view of this story that I first saw on, ahem, that paragon of journalistic integrity, the BBC. I particularly enjoyed this sporty approach to numbers:

    By contrast, the share of alternatives, like the open source Mozilla browser Firefox, rose substantially. WebSideStory said the combined Mozilla and Netscape market share rose from 3.21% in June to 4.05% in July.

    Percentages on percentages is always one of my favourites. Since then the story has bounced around most of the news sites I subscribe to. Question, because the web stats company sent the press release to all the news sites or because all the news sites journalists subscribe to the BBC or some combination - i.e. get your press release on the BBC and it gains 'credibility'? 

    Oh, and the Techworld.com article points to 'new kid on the block' Deepnet Explorer:

    What about new kid on the block Deepnet Explorer? It hasn't been around long enough to suffer a security issue, but since it also incorporates peer-to-peer sharing, the chances of its being exposed are doubled.

    Errr, well since it uses the IE WebBrowser control, just like MyIE or any of the browsers like Zowser or iMunch that you can develop with Zeepe then it suffers the same security issues as IE - 'new kid on the block' or not.

    #    Comments [2] |

    Moving forwards or back?

    Can .NET framework 2.0 assemblies run under .Net framework 1.1?.  

    Short answer: NO.

    Long answer: In .Net framework 2.0 many features are added. Many features(Generics first comes to mind) warrant a medata format change. As a result, .Net framework 1.0 and 1.1 will not recognize assemblies compiled with .Net framework 2.0 compilers.

     [via Microsoft WebBlogs]

    I can write a program now that works on Win98 through Windows XP SP2 and takes advantage of the 'more advanced' features of the more recent platforms - in this way one maintains a very broad reach as far as potential customer base is concerned.

    With .NET, which is meant to be the platform of the future this is no longer going to be possible. You can write an app to take advantage of new features but it won't run at all on old platforms. Stuff written for old may/probably run on new (though you might get caught by a breaking change - in which case what happens?). This gets even more interesting in the Longhorn timeframe, an OS that is going to only support one version of the CLR being available on the machine.

    I suppose its really not that different to dependency on a version of the VB runtime - its just not an idea I (C/C++) am used to.

    #    Comments [0] |
    # Tuesday, 13 July 2004

    Hooray - Zeepe: is OK

    Lots of email flew around, and Dave eventually seemed to buy in to the idea of using semi-pseudo namespaces. I thought this meant that he’d require something like xmlns:apple="http://www.apple.com/2004/xhtml-extended/" on the root element and then use <apple:dashboard>. Of course it wouldn’t really be a namespace when it was being used in HTML, but it would be an OK tag name and wouldn’t cause any software heartburn. And when it was in XHTML, it would really be a namespace and everything would be fine. [via ongoing · Extending HTML, Again]

    Oh this is all such fun! Tim lays into Ian and says (by implication) what Zeepe is doing is fine (xmlns:zeepe="http://www.zeepe.com"), and what Apple (or Dave) originally proposed to do was fine - glad to see a consensus emerging!. (Note, they are not discussing Zeepe, but Dashboard, but Zeepe does similar things to Dashboard, but on Windows).

    #    Comments [0] |

    HTML is dead

    Apple could have put forward their proposals, discussed them, got concensus, and everyone would have thought they were just planning these features for the Web Application space. [via Hixie's Natural Log]

    Don't touch HTML, or if you want to, tell some one about what you want to do and lie about why. Funny old world, you can see why MS is not interested [anymore].

    The best from Ian is this:

    For specific features like these, it doesn't take long to get consensus; they are small features whose basic design can be agreed reasonably quickly.

    All depends on your definition of 'reasonable' I suppose and given how long the WHAT group have been discussing things and it is not, to my understanding, a consensual environment (you get to rant, Ian gets to decide) I don't really see how it helps.

    Still, the bottom line is we should not claim that Zeepe displays HTML because while it can, it can sometimes also display something else - though they are not at all sure what that something else is. .... <sigh>

    #    Comments [1] |
    # Friday, 09 July 2004

    How to find out which process is locking a DLL

    How to find out which process is locking a DLL.  ...  Just type: tasklist /m thelocked.dll and it will return all processes that have loaded that DLL! [via WinClient]

    Very useful.

    #    Comments [0] |

    Good job I used zeepe:

    Hyatt and the Safarians look like they’re willing to try a sensible semi-pseudo-namespaced approach [via ongoing · How To Grow HTML]

    Apple writes a little program to enable development of widgets. They thought 'we could create yet another mark-up language', or, 'we could use html and add some bits, hey everyone will know this is just for use in this application'.

    Oh no, no, no. World + dog descends - how dare you polute html, how dare you play with a standard, how dare you.... oh gawd it goes on and on.

    Just to show how stupid and ignorant I am, everyone would be happy if this stuff had been discussed at a standards group or even just a group (like WHAT). Weird. Even weirder, putting this:

    <!DOCTYPE html SYSTEM "http://www.whatwg.org/dtd/2004/whatml-10.dtd">

    At the top of the file would have made it all OK because then Eric would have known that he wasn't looking at real html.

    These people would seriously freak-out if they ever looked at zeepe. Or perhaps they wouldn't, all the 'extensions' are in the zeepe: namespace.

    On a different tack, I note that Apple has added <canvas> (or <apple:canvas>). This is an idea I've toyed with for quite a while but never came up with the application idea that absolutely demanded it.

    #    Comments [0] |
    # Thursday, 08 July 2004

    XP SP2 and web sites

    Fine-Tune Your Web Site for Windows XP Service Pack 2.  Make your Web site work well with the new security features in Windows XP SP2 that affect ActiveX controls, file downloads, pop-up windows, and more. [via MSDN Just Published]

    I should think it is getting near to it being a requirement that your site plays well with SP2 and hopefully these documents are describing final functionality.

    #    Comments [0] |
    # Wednesday, 07 July 2004

    Windows is a pain at times - but whose fault is it?

    In writing the IP Address Widget (Zeepe sample), I decided to take the opportunity to look at WMI (looking beyond the initial widget it might enable looking at the IP addressing on any machine). Anyway, what the widget wants to know is a) what are the available IP connections and b) what type are they (ethernet, wireless etc).

    The WMI classes Win32_NetworkAdapter and Win32_NetworkAdapterConfiguration seemed appropriate. The latter has IPEnabled and IPAddress properties so one can determine the active adapaters and their ip address. The former has the property AdapterType, described as Network medium in use, sounds perfect but it has the caveat "This property may not be applicable to all types of network adapters listed within this class".

    Oh well, lets move on and hope as usual - a few lines of script later (common, scripting together components just makes so much sense) and we are up and running. And on every machine I've tried it it comes back as Ethernet 802.3 for all adapters, even the wireless ones..... <sigh>. Perhaps the caveat should more accurately be written as "This property may occassioanly be correct for network adapters listed within this class" - has a higher level of warning don't you think.

    Presumably this isn't a problem with Windows/WMI per se, but with the driver implementation. Who knows, all one knows is it doesn't do what one wants with any usable level of realiability.

     

    #    Comments [0] |

    Web pages as widgets

    Over at the Zeepe samples page a couple of new widgets have appeared.

    These are written as web pages, that means html + css + script.

    They appear as full blown apps on your desktop - they don't have to appear within some other container (dashboard).

    #    Comments [1] |
    # Tuesday, 06 July 2004

    In a land far far away

    UK industry in 'dramatic' decline.  TUC warns that 750,000 manufacturing jobs have been lost since the Labour government came to power. [via BBC News | News Front Page | UK Edition]

    Once upon a time that would have been a devastating headline for a Government (and once upon time I wouldn't have been wondering how you can warn about something that has already happened....)

    #    Comments [0] |

    You will almost certainly be able to do this in XAML, but in the meantime there is IE

    dhteumeuleu.com needs no introduction, Gérard Ferrandez' superlative site stuffed full of the very best scripts ever to have graced the www. Go there and learn, my young Padawan.  [via evolve - links]

    Needed an introduction to me - well worth a visit if you have some spare time just to play. Internet Explorer only.

    #    Comments [0] |
    # Monday, 05 July 2004

    Review of BBC online.

    "Philip Graf has produced a thorough and insightful review of the BBC's online service," they said.

    Yes he has, and it is well worth reading if you are producing content in 'competition' (e.g. education) with the BBC.

    "He is generally positive about the distinctiveness of its content and its impact on commercial competitors.  [via BBC NEWS | Entertainment | BBC websites must redraft remit]

    Errrr, well, not quite generally. There is an excellent sequence on impact about how the jury is still out, case unproven either way and in particular that the BBC's expensive defence document by KPMG is of very dubious merit (particularly amusing given the new DGs comment that only the BBC can bridge the digitial divide is that he finds the BBC's contention that it has driven Internet access takeup completely unproven).

    Where I really diverge from Graf is his contention that the BBC should provide a search service because otherwise we will all use an American one. What is unclear is whether he is proposing that the BBC 'brand' some other's technology (as they do now - was Google, now Inkotomi); given that the technology will almost certainly be American, what is the point, or is he saying that American search engine databases are skewed (they might be, but he should produce evidence). Or, the BBC should develop their own search engine technology - complete waste of license fee (there might be some mega technology sitting in a University research lab, but if there is they should commercialise it and take over the world - don't need the BBC to do that).

    Whatever, the BBC most certainly needs to review its search offering - there are some fairly damaging statements in the report (to summarise, BBC search is biased).

    #    Comments [0] |
    # Sunday, 04 July 2004

    Dashboard vs Konfabulator

    What's really exciting about Dashboard is the way widgets are written. Unlike Konfabulator, where widget layouts are defined using a simple XML dialect, Dashboard widgets are written in HTML and CSS and rendered using Safari's WebKit engine! They're essentially mini-web pages, liberated from the browser. Dave Hyatt of the Safari team has a series of entries (1, 2 and 3) with more details. [via HTML escapes the browser - SitePoint DHTML & CSS Blog]

    What's really exciting about Zeepe is the way widgets are written ....... <sigh>

    #    Comments [2] |
    # Thursday, 01 July 2004

    On MS, IE and platforms

    Ian Hixie discusses the state of 'the' WHAT (well worth reading):

    ... As Joel points out, though, Microsoft's moves after they realised their mistake with IE have been harder to understand. I would have thought the solution most likely to succeed would have been to extend IE in ways that made it into a better application deployment platform. Eventually, this could have turned IE into the OS, either natively (making the next version of Windows basically be IE), or by selling IE with versions for all operating systems. This would have had several advantages: ... [via Hixie's Natural Log]

    He muses that "They actually did start down that road. IE6 has support for a technology that Microsoft stopped advertising at the same time as they stopped developing IE, namely HTAs, short for HTML Applications" - but he doesn't say that HTAs are a subset of Zeepe. It is possible that HTAs were derived from Zeepe's pre-cursor (by name) WPM because WPM is referenced by MS in their web applications patent.

    And it heartens me greatly to see:

    "The problem with the browser today is that applications based in the browser are constrained to nightmarish UI idioms and a severe lack of polish stemming from the fact that the platform was not really developed as a platform, and that no real progress has been made on this path for several years."

    We've been trying to make progress, it remains a question as to whether developers really care, or whether users really care. What is clear is that some people need to see iMunch or any of the Zeepe samples to get out of this:

    the user experience of any app running in a web browser is crippled [via Daring Fireball]

    view. The web browser may be crippled but, IMHO, DHTML is anything but cripppled.

     

    #    Comments [0] |

    Mozilla Foundation Press Release On A New P

    Mozilla Foundation press release on a new plug-in architecture, also supported by Macromedia, Apple, Sun, Opera, "...to extend the Netscape Plugin Application Program Interface in a manner that allows greater interactivity with plugins such as Flash, Shockwave, QuickTime and Java, resulting in a richer, more interactive web." [via Scripting News]

    Something else to look into, maybe has implications for Neptune.

    #    Comments [0] |

    Programmable Paypal

    PayPal goes XML Web Services and releases SDK !.  

    Well, I've always liked the PayPal thing. Fast, easy online payment and quite secure (if you know what you're doing).
    The PayPal Web Services comprise of 4 informational and transactional API's enabling developers to create e-commerce applications that integrate with the PayPal platform. The cool thing is that they seem to
    share a common API structure with eBay's Web services offerings. See http://developer.paypal.com

    Ok, onto my coding machine, fire up VS.net and start coding the next demo...
    Any customer outthere that has Internet access while I demo this thing ? :-)

     [via Microsoft WebBlogs]

    Something to look into.

    #    Comments [0] |