DISQUS

Matasano Chargen: Matasano Interviews IE Lead PM Christopher Vaughan

  • Richard Johnson · 3 years ago
    The 'unauthorized software' comment strikes a nerve. Most of the proposed DRM gack won't be authorized to run on machines on my nets. Will MS allow it to run anyway? What about MS's own DRM gack? Who will protect our ownership rights on our machines from megacorp rootkit writers?
  • dan · 3 years ago
    What about CSS1/2/3 support? Are they still going to screw that up?
  • Chris Brooksbank · 3 years ago
    To reiterate dans point.

    Did they fix CSS and generally make IE more standards complient. Surely that was a major reason for redevelopment as well ?

    Also how many websites will break the day IE7 autoupdates itself onto users machines.
  • Thomas Ptacek · 3 years ago
    Friends, Romans, Slashdot readers: while I'm as interested in web standards punditry as anyone else, it isn't the apropos our blog, our normal audience, or this interview.

    So, while I'd love to get a PM on the IE team to explain the rationale behind how collapsible margins work in the IE6 box model, I'm going to try to be a model of restraint.

    It's not easy for a high-profile team at MSFT to do an interview on a snarky security blog and we're really happy that Chris Vaughan was able to let us pull it off. That said, if you've got to get your LUG cred on, find a way to whack IE on security. On this particular occasion, expect us to circle the wagons and whack you back. Good times!
  • Window Snyder · 3 years ago
    That said, those questions might find a better home on the IE team blog at: http://blogs.msdn.com/ie/archive/2006/06/20/640....
  • Doug · 3 years ago
    If the efforts to make IE secure are reasonably succcessful then it will force other browsers to innovate more as security is one of their biggest selling points currently. From a business perspective if the default IE is far more secure when Vista is deployed then there will be little motivation for companies to deploy another web browser.
  • Sanjay Kumar · 3 years ago
    You can see the brief of the interview in my blog.. Comments invited..

    My blog : http://sansor.wordpress.com

    -sansor
    Avoid GATES of Hell use LINUX
  • ivan · 3 years ago
    Hm all very nice and polite, but where's the meat?
    I still do not understand the rationale for not writing IE7, let alone IE8, in managed code.
    what happened to eat your own food? .NET is good for eveybody else but not good enough for the flagship application of its maker? Sorry, a "variety of reasons" does not suffice as a real answer to me
  • Dresden Marshall · 3 years ago
    Fascinating interview, but I would have enjoyed his thoughts on Mozilla and Firefox.
    Assuming that commenting on Gecko or anything relative to it wouldn't get him fired^^
  • dre · 3 years ago
    you guys had good coverage on most dec05-current ie flaws. i wish chris spoke more to the details about them. good job, though, i enjoyed it.

    i think a lot of vulnerabilities (CSSXSS comes to mind first) are getting confused with browser features... such as cross-domain access. i think cross-domain access attacks will move to the top of clientside security risks in the next year. one of my favorite reads of the year was Zalewski's paper on cross-site cooking [securityfocus].

    sure, graphics rendering vulnerabilities and javascript/heap/nopsled/shellcode exploits are going to continue to plague browsers for some time. even vista's uac and pmie won't stop everything.
  • Steam Cleaners · 4 months ago
    Great interview.. Hope that you have a video so I can watch it..