Dave Massy's Blog : Internet Explorer

IE8 Released

DMassy — Thu, 19 Mar 2009 20:36:00 GMT

Congrats to my old team on shipping IE8. Although my IE focused days are behind me it's great to see the team has put out such a great version. The security improvements and commitment to web standards stand out as major achievements along with performance, reliability, dev tools etc. There's always more work to be done but the team knows that and they mention some of that in the team blog post.

I know from experience how much work goes into a major release like this. It's no small achievement. Well done IE team.

Thanks
-Dave

Zones, Testing and Dave

DMassy — Wed, 14 Feb 2007 16:57:00 GMT

I just made a post on the IE Team blog regarding Zones and Mark of The Web. It's always a good idea to test with default settings and run pages in the internet zone if that is where they will be deployed so that you experience what users will experience.

As noted on that post I'm leaving Microsoft after eleven years. It has been a difficult decision to leave a place that has been part of my life for so long but some things can't and probably should not last forever. My reasons for leaving are personal as it is time for me to make a few changes in my life. I wish the IE team all the best and I'm looking forward to seeing the next versions of IE.

Thanks to everyone both inside and outside Microsoft for some great times
-Dave

IE Developer Toolbar Beta 3

DMassy — Wed, 10 Jan 2007 03:55:00 GMT

We just released beta 3 of the developer toolbar. Key changes are outlined in this post on the team blog.

There's still lots more work to do in this area we know, but the style tracer functionality is really sweet!

Thanks
-Dave

Strange things Web Sites do!

DMassy — Wed, 20 Dec 2006 19:58:00 GMT

I'm going to start making occasional posts when I find a website that is doing something particularly bizarre although I won't name the specific websites in question.

Yesterday I decided to send some feedback to a local radio station about the lack of decent coverage of the recent storms in the Northwest which meant that many of us were isolated without power, phone, internet etc. So I went to their website which appeared to be quite professional and found a "contact us" page where I clicked on the appropriate email address. Nothing happened. At this point I realised that the email address wasn't text but an image!
The only reason I can think that they went to the trouble of creating images of text is to avoid spam. I guess that's a creative solution to the spam problem but it make it more difficult for people to give them feedback and leaves those using screen readers with no solution for contacting them at all. Accessibility is really important for websites and is something that every web master should consider! I'd expect a radio station of all things to want to be accessible to the visually impaired.
Naturally I typed in the email address and sent them feedback on this as well as the poor news coverage of the storm.

Have you seen something really strange/bad that a website is doing?

-Dave

P.S. The website concerned has promised to fix the problem.

VPC to run IE6 and IE7 on the same machine

DMassy — Fri, 01 Dec 2006 04:01:00 GMT

Great news at http://blogs.msdn.com/ie/archive/2006/11/30/ie6-and-ie7-running-on-a-single-machine.aspx

There is now a Virtual PC image available for XP SP2 with IE6 for free so you can run IE7 and IE6 on the same machine without any need to buy an additional Windows license.

Fabulous!

Thanks
-Dave

IE7 Released. Meet a few of the team!

DMassy — Thu, 19 Oct 2006 02:51:00 GMT

We've released www.microsoft.com/windows/ie

It's a product that all of us are justifiably proud of.

A video of me giving a tour meeting a few of the IE team is live on Channel 9 There are a couple more videos that will be available in the coming days. I talk for far too long at the start of this video but it was great fun to lead Charles around with the Channel 9 camera.

Thanks
-Dave

IE7 - It's Getting Close!

DMassy — Wed, 11 Oct 2006 01:36:00 GMT

As you can see from the post on the IE team blog IE7 is headed for final release shortly. It's fun reading some of the comments on the team blog. Clearly some people didn't actually bother to read the post or follow the links to the resources for more information!

I believe IE7 is going to be a great release. Great for Security, Great for User Experience and a Great step forward for Web Developers. We've had plenty of previews over the last year or so to allow web sites to prepare for the release. In fixing some of the issues with IE6 we have changed in a few areas how pages using the strict doctype render which means that pages relying on the incorrect behavior in IE6 may need to be updated to work in IE7. The changes made under the strict doctype make for a more consistent set of CSS functionality that web developers can rely on.

Not only do you want to make sure your site works in IE7. There are a couple of things you can do to make your site work great with IE7 and give users a better overall experience.

RSS. If you have an RSS feed the make sure you expose an RSS link on your page so that people can discover and subscribe to it from IE7. If you don't expose a feed on your site then think about doing so as it is a great way to bring people back when you publish new content.
Open Search. If your site has a search feature then expose it so the IE7 browser can use it from the browser search box.

Get ready for IE7 now.

Thanks
-Dave

More secure

DMassy — Wed, 23 Mar 2005 01:50:00 GMT

UPDATE! 2/24/05 8:58AM PST

Some comments reflect the fact that my post below can be misunderstood. I'd like to clarify.
IE is an essential part of the Windows Operating system.

Nothing I say in my post below is meant to imply otherwise. In the sentence "The issue of not being part of the Operating System is an interesting one" I am referring to Mitchell Baker's comment. I go on to say "IE is part of the Windows Operating System so that parts of the OS and other applications can rely on the functionality and APIs being present."

Thanks
-Dave
End Update.

There's a story at http://news.zdnet.com/2100-9588_22-5630529.html where Mitchell Baker, president and chief lizard wrangler of the Mozilla Foundation is quoted as saying Mozilla is and always will be more secure than IE. That's an argument we can spend a great deal of time on and still not prove one way or the other. I also know from experience that the online press likes to play up stories about the browser so it's quite possible the statements in the article are taken out of context as such a claim invites something to happen to prove you wrong. It's a little like saying you've never had your car stolen only to leave work and find it is missing from the parking lot.

There was one part of the piece that I wanted to comment on though:

Part of Firefox's better security profile comes from how it is developed, compared with Internet Explorer, she said. "Not being in the operating system is a phenomenal advantage for us," Baker said.

Now I'm pretty confident that Mitchell doesn't actually know the details of how IE is developed so I don't fully understand the basis of the statement. As we develop IE we go through very thorough and stringent security reviews to ensure that every change is secure and does not expose the user to attack.
The issue of not being part of the Operating System is an interesting one though that is frequently the subject of misunderstanding. IE is part of the Windows Operating System so that parts of the OS and other applications can rely on the functionality and APIs being present. IE in turn relies on Operating System functionality to do it's job. To be clear there are no Operating System APIs that IE uses that are not documented on MSDN as part of the platform SDK and available to other browsers and any other software that runs on Windows. The security of any browser is irrelevant to if it is part of the operating system.
If we are to debate security of browsers then let's bring in relevant arguments and accurate details about different possible attacks rather than rely on the irrational fear that because IE is part of the operating system it must be exposing OS functionality to the web. This is not the case as any software has access to the same set of OS APIs and can therefore expose the same set of OS functionality as IE.

Update - Fixed the typo. Thanks for the feedback. I didn't have http://www.iespell.com installed on the machine I posted from.

Update - 4/4/05
In response to the feedback to this post DPA_LoadStream documentation has now been added .
http://msdn.microsoft.com/library/en-us/shellcc/platform/commctls/common/functions/dpa_loadstream.asp?frame=true
http://msdn.microsoft.com/library/en-us/shellcc/platform/commctls/common/functions/dpa_savestream.asp?frame=true
http://msdn.microsoft.com/library/en-us/shellcc/platform/commctls/common/functions/pfndpastream.asp?frame=true
http://msdn.microsoft.com/library/en-us/shellcc/platform/commctls/common/structures/dpastreaminfo.asp?frame=true
Thanks for all the feedback that helps us constantly improve our documentation.
-Dave

Ajax == DHTML + XMLHttp

DMassy — Sun, 20 Mar 2005 20:34:00 GMT

I'm curious to see the industry attention about something called Ajax lately. Mary Jo Foley writes about it at http://www.microsoft-watch.com/article2/0,1995,1777009,00.asp?kc=MWRSS02129TX1K0000535 and many people are talking about it. It's exciting to see great web based applications such as google maps created, however I'm struggling to see anything new here. One of the first types of these applications was Microsoft Outlook Web Access for Exchange many years ago taking advantage of the power of the then new IE5.0. Others did the same with applicaitons such as www.oddpost.com which was later purchased by Yahoo.

Having worked on IE over the years I love to see people taking advantage of the power of the browser, but why the sudden attention? It's DHTML for client display with XMLHttp to communicate with the server, with these components you can build some pretty amazing things. It's been possible since IE5.0 which was released in 1998. Looking at the documentation though maybe we should create some better examples around XMLHTTP to show the power of this.

Thick skins and responsibility

DMassy — Wed, 02 Feb 2005 15:09:00 GMT

I can't seem to log into Neowin to leave a comment on yesterday's interview but there was one post from FloatingFatMan that I wanted to comment on:

I'd personally HATE to be on the IE dev team, cause you know that no matter what you do, a sizable portion of the userbase are just gonna bitch bitch bitch... Very demoralizing... (See... look... Even I could be construed as bitching about it with my first paragraph :-))

I don't find it demoralising at all although I won't deny that there are occasionally days when you have to have a thick skin. The truth is I love being on this team and I think that's a sentiment shared by other team members too. Working on what is arguably the most used piece of software in the world is a big responsibility, as we have the ability to affect people, their productivity, their enjoyment and the productivity of companies in so many ways. We don't take that responsibility lightly, but I do not see it as a constraint or a heavy burden we must bear, I see it as giving our jobs real meaning and purpose.

We're continuing to grow the team. Visit http://www.microsoft.com/careers/default.mspx and have a job that you couldn't possibly hate!

NeoWin interview

DMassy — Tue, 01 Feb 2005 14:53:00 GMT

I got interviewed over email by the Neowin guys http://www.neowin.net/comments.php?category=main&id=26911

They included a link to my blog here so I figured it's about time I posted an entry. Although this is one of those circular links :-)

I know I need to post here more frequently. In the meantime I've done a few posts on the IE team blog http://blogs.msdn.com/ie

-Dave

Bad HTML

DMassy — Fri, 15 Oct 2004 23:36:00 GMT

I just posted about the Internet Explorer focus on backwards compatibility over on the IE team blog

http://weblogs.asp.net/ie/archive/2004/10/15/243074.aspx

There's plenty of bad HTML on the web today, and by that I mean a lack of closing tags, overlapping tags and implied tags.

I thought I'd add some historical perspective from the back of my mind.

I remember back in 1996 when we started coding up the then new Trident rendering engine for Internet Explorer 4, at that time there was lots of bad HTML content already on the web. Indeed there was probably a higher percentage of bad content then as there were fewer good HTML editing tools available then. We knew that if we couldn't render existing content on the internet our browser would immediately be rejected by our customers. So we coded an in built tolerance for bad HTML. I particularly recall our developers pulling their hair out when it came to matching the table rendering algorithm of the then dominant Netscape browser.

The fact is that content on the internet can and does live forever and any browser must continue to be able to render that content. Does that mean we should encourage such content? Clearly not, but it's important that developers know they can rely on rendering behavior not changing as the internet evolves.

Spelling

DMassy — Wed, 11 Aug 2004 00:06:00 GMT

Two quick notes on spelling.

Did you know there's a great spell check tool for IE at http://www.iespell.com/ ? This is very useful when your spelling and typing is a little like mine. Coming from the United Kingdom I often argue with spell checkers about whether words such as optimise have an 's' or a 'z' in them. I guess I ought to set my machine up for UK rather than US spelling but I enjoy the fight!
If you know of other useful addons to Internet Explorer out there let me know.
A recent news article at http://news.com.com/IE+is+evolving%2C+but+is+it+enough%3F/2100-1032-5304259.html spells my name wrong as Massey instead of Massy. It's a minor point but still a little irritating. After all it'd be a shame if someone else was to be the recipient of all the abuse :-)

Thanks
-Dave

Transparent PNG Support

DMassy — Fri, 06 Aug 2004 01:18:00 GMT

We get a lot (and I do mean a lot) of complaints about the lack of alpha channel support for PNG in Internet Explorer. Quite right too! This is an optional part of the PNG specification but it is the part that actually makes PNG more useful that other image formats. I am hopeful that we may be able to address this at some point in the future but at this stage we can't say exactly when or offer any guarantees. If anyone does offer you a guarantee about a feature shipping in a future piece of software then you should be very suspicious.

Unfortunately we can't turn back time and add this functionality. Or maybe we can!
There are workarounds that make use of the AlphaImageLoader filter supplied with Internet Explorer. Now using this filter in its raw form involves adding script to the page. I know many web designers are uncomfortable with adding script as it also can make supporting these web pages more difficult particularly if they don't have a programmer to turn to when things stop working. Fortunately a few clever people have wrapped up the functionality in a component known as a behavior so all a web designer needs to do is add a style for images to their page

img { behavior: url("pngbehavior.htc");}

and place the pngbehavior.htc file with the page on their server.

See http://webfx.eae.net/dhtml/pngbehavior/pngbehavior.html and http://www.mongus.net/pngInfo/ for a couple of complete samples and tutorials on how to do this.

I'm certainly not pretending that this is as good as native support for transparent PNG, and I can assure you we haveheard the requests to support this and are taking the feedback seriously. However I do think this solution offers a good way to allow designers to use these effects today to build some exceptionally beautiful pages.

Are you comfortable?

DMassy — Sat, 24 Jul 2004 05:29:00 GMT

In my last post I stated something about how I wouldn't be comfortable using another browser. This seemed to get a few responses and Shannon J Hager asked me to explain myself. So I will try. One of the challenges with blogging or any communication purely through text is that it is easy to be misunderstood and have something taken out of context as it is difficult to convey any additional tone to your conversation.

I've worked on the IE team for a month now. It's been a challenging month as we finish up Windows XP SP2 and have also been dealing with some immediate security issues. I've been highly impressed with how the team treats these security issues and how deeply they think through all the implications and variations to ensure that the correct fix is put out and thoroughly tested. For that reason I feel extremely comfortable using Internet Explorer as my primary browser.
Security is a huge issue for the entire software industry. Browsers are an obvious focus of attack as they are a primary means by which one has access to the big bad world. As a result Internet Explorer is probably attacked more than any piece of software on the planet. However any software developer no matter what software they are developing should be thinking about security. There is an excellent book called Writing Secure Code from MSPress that we use at Microsoft and I strongly recommend. If you are a developer of any kind you should be thinking constantly about how secure your code is. I include in that Web developers, Windows developers and even Linux developers, you owe it to yourself and your customers to be thinking seriously about security and how you might be unintentionally exposing data and functionality. Just because the bad guys have not targetted you yet does not mean that they won't target you at some point in the future.

The work we are have undertaken in Windows XP SP2 is a great step forward here and the fact that recent issues are mitigated by these improvements shows we are taking the correct steps.

The reason I would not be comfortable doing my banking and shopping with another browser is from my knowledge of the quality of work undertaken on the Internet Explorer team. I know some of you will probably disagree with that view but I stand by the fact that the Internet Explorer team takes security extroardinarily seriously.

How we focus on security might make a great topic to drill into further in the future on the team blog. However I'm off for a few days next week for a short vacation up in the islands near Seattle.

Remember that whatever browser you use there are bad guys out there who might want to steal your personal data. Be careful to check that the site you are giving your password and credit card information to is really who they say they are. I regularly shop on the internet but always check that I am on the correct website and not some spoof site that I shouldn't trust.

Thanks
-Dave