Yacoblog - Microsoft

Windows Mobile is on drugs

Tue, 21 Apr 2009 17:26:00 -0600

So I have a Motorola Q9c smart phone with Windows Mobile on it. I don't particularly care for the phone, but since my work pays for it, I don't complain much. One of the features that is usually pretty helpful is predictive text in it's mobile version of Outlook. When I am typing, it pops up lists of words that generally have something that fits what I was trying to say. However, sometimes the words suggested are very strange. For fun, I thought I'd let Windows Mobile write a sentence for me (sort of), and see how it came out. I started the first word, and on occasion I had to type one letter to start the next word, but other than that the entire sentence came from the suggested words and phrases. It came out pretty strange. Here it is: "I think this early good feedback i'll show snow in and throwing rooms a snowmobile crash crashes into long lost memories."

Microsoft researching Google Gears/AIR competitor

Thu, 05 Mar 2009 11:26:00 -0600

Microsoft Research is building a new web browser called Gazelle that attempts to be an OS in the browser. They are exploring all of the security/stability issues that would surround using the web browser as an operating system. I know the AIR comparison isn't exact (the big difference is that Gazelle is a web browser, whereas Gears~~/AIR~~ are browser plugins), but to me reading over their design goals and challenges, it sounds a LOT like what Google Gears and Adobe AIR are trying to accomplish. [More]

How Adobe Can Kill Silverlight: Linux

Fri, 15 Aug 2008 11:08:00 -0600

This is not my idea, but John C. Dvorak's. Microsoft is making a full frontal attack on Adobe with SilverLight. Dvorak's suggestion is that Adobe should port the full creative suite to Linux, and once that's done make a fully optimized, custom version of Linux for Adobe designers/developers. How would this hurt SilverLight? It wouldn't directly, but it could potentially take money out of Microsoft's coffers (by taking away Windows market share). [More]

Microsoft Purposefully Annoyed Users with Vista

Sat, 12 Apr 2008 10:49:00 -0600

So I just read an article at cnet that gives more evidence that Microsoft doesn't really care about end users. Apparently, Microsoft deliberatly wanted to annoy their users with User Account Control (UAC), according David Cross, the Microsoft manager that was in charge of UAC during Vista's development. "The reason we put UAC into the (Vista) platform was to annoy users--I'm serious," said Cross. [More]

My First Silverlight Experience

Sat, 05 Apr 2008 10:28:00 -0600

I have watched the emergence of Microsoft Silverlight with mixed feelings. On one hand, I am not a Microsoft fan, so I typically like to see other companies succeed in markets where Microsoft is a player. Therefore, I like the fact that Flash is the dominant player in the RIA market that Microsoft is attempting to enter. On the other hand, I like competition, and since Adobe enjoys a virtual monopoly with Flash, I'm kind of glad to see Microsoft throwing their weight behind a potential competitor to Flash. Up to today, though, I have always been a bystander in this game as I have never done anything with Silverlight, not even install the plugin. [More]

Deselect all items in a Select List

Wed, 05 Mar 2008 11:15:00 -0600

Say you want to have a "unselect all" button for a select list, how would the JavaScript work? I just spent too long trying to figure out how to do this in IE. As usual, I got it to work in Firefox right away, but IE doesn't work the same way. [More]

IE 8 will render Standards mode by default

Mon, 03 Mar 2008 17:40:00 -0600

This is BIG news, in my opinion. For those of you that haven't followed the controversy surrounding the upcoming IE 8, here's some background. In December, Microsoft announced that IE 8 had passed the Acid 2 test. This means that IE 8 will be as standards compliant as the other browsers. However, in January Microsoft popped our bubbles when they announced that IE 8 will NOT render sites in standards mode by default. [More]

Big News: IE8 renders Acid2 correctly

Wed, 19 Dec 2007 15:49:00 -0600

It's been 2 years and 9 months since the Web Standards Project issued the Acid2 challenge, and Microsoft just announced that Internet Explorer 8 correctly renders the Acid2 test. I think this is AWESOME news. Once IE8 is released and replaces IE 6/7 as the dominant browser on the 'Net (assuming that happens, of course), we web developers can FINALLY develop a standards compliant site, and it should run on IE, Firefox, Opera, and Safari. Yay!! :-)

Mozilla's answer to Adobe AIR

Thu, 25 Oct 2007 18:46:00 -0600

Adobe brings web apps to the desktop with AIR, Microsoft is doing similar things with Silverlight, and now Mozilla announces Prism. The biggest difference between Prism and it's competitors is that you don't have to do anything extra to create a Prism app from a web app. [More]

Firefox 2 vs IE 7 security smack down

Thu, 01 Feb 2007 18:22:00 -0600

I thought it would be fun to check out the security records of Firefox 2 and IE 7, since they've been out for a couple of months and they were both released around the same time. I went to Secunia, which is a good site to look at these things because they organize their advisories by vendor and/or product, which makes it easy to compare two products. Anyway here are the results: IE 7
4 security advisories
3 remain unpatched
Most severe unpatched hole is rated Moderately Critical (3 out of 5)
Most severe patched hole was rated Extremely Critical (5 out of 5)
Firefox 2
2 security advisories
1 remains unpatched
Most severe unpatched hole is rated Less Critical (2 out of 5)
Most severe patched hole was rated Highly Critical (4 out of 5)
So there you have it. So far, Firefox is more secure.

Why Microsoft Wins

Tue, 02 Jan 2007 16:38:00 -0600

Last month Microsoft invited 14 bloggers (including Ryan Stewart from the ColdFusion community) to meet Bill Gates. This is one of the reasons Microsoft wins, because they're brilliant marketers. At first I didn't know what to think about this outreach to the Blogger community. But after the free Ferrari laptop debacle, I understand what Microsoft was doing. [More]

Microsoft doesn't recognize their own OS

Sat, 02 Dec 2006 16:01:00 -0600

I've got a new Windows Mobile smart phone. It's been crashing and freezing up a lot (no surprise, it's Windows). I thought MS might have Windows Update setup to show updates for Windows Mobile, so I fired up Internet Explorer on my phone and went to update.microsoft.com. This is the error message I got: You'd think Microsoft's website would be smart enough to recognize this useragent as their own operating system: HTC-8500/1.2 Mozilla/4.0 (compatible; MSIE 5.5; Windows CE; PPC; 240x320)

Joel Spolsky errors about SQL injection

Wed, 01 Nov 2006 09:30:00 -0600

Today Joel Spolsky mentioned SQL injection on his blog, and stated that if you are in the practice of directly dumping strings from user input into your DB, it would be easy to hack your DB if you close the string, insert a semi-colon and create a second SQL statement like so:


foo'; delete * from accounts

Just enter the above 'code' into the form and you've manually deleted the contents of their accounts table, right (assuming they have a table named 'accounts')? Only if you're using Microsoft SQL Server. SQL Server allows you to send multiple commands from an outside source. This is VERY insecure, for the above reason. In Joel's example, the error message he got shows that the site he is referencing is powered by MySQL. I have dealt with Oracle and DB2 and I know those DBs don't allow multiple sql statements in one 'session' from an external source (session means one cfquery tag in this case). ~~I'm assuming that MySQL won't allow this either (someone please correct me if I'm wrong).~~ Update: I just tested this, thanks to a comment left by Jacek, and MySQL will not allow multiple SQL statements from one cfquery tag. We in the ColdFusion community know that you should always CFQueryParam your variables in queries. Not only is this safer (it would stop the above attack), but it usually makes your queries quicker. This is because ColdFusion will create a "Prepared Statement", which is a fancy way of saying it will pre-compile the query. Then the DB just runs it without compilation. That said, Microsoft assumes that the developer is always going to use things like CFQueryParam in their code. Oracle and IBM, on the other hand, try not to let the developer make mistakes like this.

Where's Windows Real Time Operating System?

Thu, 21 Sep 2006 00:22:00 -0600

There is an excellent article in c|net about a new version of SuSE Linux that claims to be a Real Time OS. This got me thinking about Windows, as I'm unaware of Microfost's entry into this small market segment. I'm talking about large enterprise level systems like Wall Street's infrastructure. I know that Microsoft has Windows CE, which is technically a RTOS. But I doubt we'll see a version of Windows any time soon that guarantees microsecond response time. Unless it can reboot that fast...

Zero-Day Internet Explorer Exploit Found on Porn sites

Thu, 21 Sep 2006 00:03:00 -0600

A security hole in IE was recently confirmed by Microsoft. Now exploits that install tons of adware have been spotted on Porn sites. This exploit is reportedly easy to duplicate, and experts expect the problem to spread quickly to other shady sites across the Internet. Microsoft has no plans to fix this hole until the next "Patch Tuesday", which is almost 3 weeks from today. Have fun all you IE users! (Yes, yes...I know. You have no choice in the matter...) I think I'm going to find this exploit and use my ColdFusion skills to build my own version. I'll put it on this blog, and any IE users that visit will receive a free copy of Firefox, complete with a script that sets Firefox as the default browser in Windows, and then deletes the little blue e. But wait, there's MORE!! I'll make the Firefox shortcut use the IE icon, and I'll name it 'Internet'. I'd wager real money that most IE users wouldn't even know the difference.