Entries:
Comments:
Posts:

Loading User Information from Channel 9

Something went wrong getting user information from Channel 9

Latest Achievement:

Loading User Information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Discussions

petknep_home petknep_home
  • Slashdot style moderation?

    shreyasonline wrote:
    In a democratic system, problems must be dealt democratically.

    Shreyas Zare

    Right now we have a dictatorship (or at best a representative democracy).

    Slashdot style moderation is democratic.

    Community moderation is power to the people.

    A digg style moderation system would be a lot easier that slashdot. You only have to keep a count on the posts, no individual mod points. You can also choose to block specific trolls (yay!).

    Most community moderation systems suffer from groupthink and the tyrrany of the majority however. It'd be an interesting experiment though.

  • Why we cant have this in IE7 ?

    Having a million options makes things unusable. The button system that IE7 uses is sufficient for the task.

    In the time that it would take you to push the checkboxes, you can push each desired button in the IE7 dialog.

    Optimizing for the minority is not good style. Clean interfaces for the win.

  • Post your Pet


    Taz the Norwegian Forest Cat

  • IE Market Share Drops to Lowest Level in Years

    fdisk wrote:
    I'm going to come out of retirement for one post and to make a point.

    Like I said before, this is a site whose sole purpose is to gather information for the sake of making better ads and evangelizing products better.

    It has nothing to do with improving products. This site is a salesperson's dream tool.


    Go back to retirement, no one cares. I'm not here because some marketing guy told me to come research tech enthusiasts. I actually care what they have to say about IE7, good or bad.

  • IE Market Share Drops to Lowest Level in Years

    Rory wrote:
    
    Minh wrote: 
    Rory wrote: Or was it started to stir things up?
    This isn't necessarily a bad thing, right?


    Certainly not - I'd actually argue that "stirring things up" is a good thing most of the time, even though I used the phrase in a negative way here.

    But, in stirring things up, Jamie *did* go a little overboard.

    However, I'm starting to see that I did, too, so I'm going to back off.


    You probably missed the other 100 threads where Jamie expresses his digust for the IE UX team. It may have seemed like he went from 0 to ultrahate in 4 posts, but all the other posts rationalize his level of hate.

    Yes, you can't put toolbars and buttons exactly where you want them. Yes, the file menu is not at the top of the chrome. Yes, we put Jar Jar into the original Star Wars movies.

    Anyways, back to the marketshare argument. Monoculture is bad in anything.

  • IE7 rollout ​tomorrow...​are you ready?

    Can't give you a date. But since IE blog said a couple weeks after available for download, I will confirm that it will NOT be on automatic updates tomorrow.

    I was very puzzled when I read slashdot this morning. Cool

  • Clicking ​"​Yes" (or the problem with UAC)

    petknep_home wrote:
    
    AndyC wrote: Well it's obviously not impossible to circumvent then, as I just tried the Smiley Central page and you do indeed end up with an IE window running at medium integrity (which remains there regardless of navigation).

    It did work as intended for Shockwave though, in that I got a medium integrity window, but attempting navigation caused it to launch a low integrity one.


    Hmmm, that is bad. Protected mode gets disabled somehow. I'll check that out.

    The smiley central install according to the blogger's notes does pop a UAC, so it might be in high rights. You can disable protected mode ie from high rights. That's not really a circumvention, if you let something run as root, you run the risk of your system getting pwned.

    I'll give it a quick try and let you know what I find out.


    Ok here's the deal with the smily central stuff. The installer loads IE while it is elevated. This disables protected mode for all zones. This should be a very rare occurence for the user, because of UAC. Note that the original IE window is still protected, only the new window is unprotected.

    I misunderstood the last sentence where the author states that restarting the browser does indeed reinstate protected mode. This is why the protected mode status is printed at all times. If it is off, the user should be careful what they are doing and should attempt to restart the browser.

    Installers in the future should know better than to do anything more than install files when root. It reminds me of temp file vulns on Unix.

    No circumvention here, just don't elevate.

  • *Ignore

    http://channel9.msdn.com/ShowPost.aspx?PostID=242873 is the same topic.

  • Clicking ​"​Yes" (or the problem with UAC)

    AndyC wrote:
    Well it's obviously not impossible to circumvent then, as I just tried the Smiley Central page and you do indeed end up with an IE window running at medium integrity (which remains there regardless of navigation).

    It did work as intended for Shockwave though, in that I got a medium integrity window, but attempting navigation caused it to launch a low integrity one.


    Hmmm, that is bad. Protected mode gets disabled somehow. I'll check that out.

    The smiley central install according to the blogger's notes does pop a UAC, so it might be in high rights. You can disable protected mode ie from high rights. That's not really a circumvention, if you let something run as root, you run the risk of your system getting pwned.

    I'll give it a quick try and let you know what I find out.

  • Clicking ​"​Yes" (or the problem with UAC)

    AndyC wrote:
    UAC itself is brilliant, wonderful, fantastic, will protect lots of people etc.....

    What the article actually highlights at the end of the day is not an issue with UAC - it's with IE's Protected Mode. In order to install a add-on, IE needs to run outside of a low-privilege process and so a new instance is started. The problem is that a normal user will continue to use that window to carry on surfing, during which time they'll lose the benefit of Protected Mode.

    A malicious site could potentially be crafted to take advantage of that - cause elevation once for something innocuous, then take advantage of continued navigation at an elevated level to attempt to compromise a machine.


    Sorry, bro. All wrong. A new instance of iexplore is not started when we need to elevate. We have a medium integrity broker process and a high integrity broker process to handle actions that cannot work in Protected Mode IE. Only those few actions have elevated rights, the rest of your browsing is still protected.

    Causing elevation once and then attempting evil actions in subsequent navigations will do nothing.[6]

    There's a medium rights version of iexplore that runs when you are in zones that have protected mode disabled. But that has the same rules as regular zones: you leave the zone, you also leave that medium rights process or the navigation fails.