Simon Willison’s Weblog

Blogmarks tagged microsoft

Filters: Type: blogmark × microsoft ×


Monaco Editor. VS Code is MIT licensed and built on top of Electron. I thought “huh, I wonder if I could run the editor component embedded in a web app”—and it turns out Microsoft have already extracted out the code editor component into an open source JavaScript package called Monaco. Looks very slick, though sadly it’s not supported in mobile browsers. # 21st May 2019, 8:47 pm

Google and Microsoft Cheat on Slow-Start. Should You? Fascinating optimisation tricks by some of the big websites, which violate the RFC governing the TCP slow-start algorithm in order to perform better in the common case. # 3rd December 2010, 7:03 pm

S.Korea ends Microsoft’s online shopping monopoly. The crazy rules mandating Active X based encryption for government and e-commerce sites have finally been dropped, after the Korea Communications Commission found them “unfit for a new Internet environment involving smartphones”. # 5th July 2010, 8:21 am

Internet Explorer Platform Preview Guide for Developers (via) Lots of SVG and CSS3 stuff, no mention of canvas here either though. # 16th March 2010, 6:36 pm

An Early Look At IE9 for Developers (via) Surprisingly, no mention of SVG or canvas and only a note in passing about HTML 5. # 16th March 2010, 6:11 pm

Negative Cashback from Bing Cashback (via) Some online stores show you a higher price if you click through from Bing—and set a cookie that continues to show you the higher price for the next three months. It’s unclear if this is Bing’s fault—comments on Hacker News report that Google Shopping sometimes suffers from the same problem (POST UPDATED: I originally blamed Bing for this). # 23rd November 2009, 9:24 pm

IE 6 and 7 hit by hack attack code. IE6 and 7 have what looks like a buffer overflow vulnerability caused by a strange intersection of CSS, innerHTML and large JavaScript arrays. No exploits in the wild yet but it’s only a matter of time. # 22nd November 2009, 3:38 pm

Major IE8 flaw makes ’safe’ sites unsafe. IE8 has an XSS protection feature which rewrites potentially harmful code in HTML pages—I think it looks for suspicious input in query strings which appears to have been output directly on the page. Unfortunately it turns out there’s a flaw in the feature that can allow attackers to rewrite safe pages to introduce XSS flaws. Google are serving all of their pages with the X-XSS-Protection: 0 header. Until the fix is released, that’s probably a good idea. # 22nd November 2009, 3:34 pm

Microsoft backs long life for IE6. Oh FFS... “The software giant said it would support IE6 until 2014—four years beyond the original deadline.” # 14th August 2009, 2:53 pm

Farewell to Mashup Editor. It’s not just Microsoft Popfly that’s shutting down—Google Mashup Editor will be gone in four weeks time (this was announced in January). You get to keep your code, but I don’t know enough about Mashup Editor to know if the code is usable once the system has shut down. # 17th July 2009, 1:05 pm

Popfly Shutting Down. Yet another reminder that building stuff on a closed-source platform (especially a hosted service) is risky business, even from a vendor as large as Microsoft. This certainly won’t help them make the case for Azure. # 17th July 2009, 9:32 am

From Microsoft: C# and CLI under the Community Promise. Microsoft’s assurance that it won’t “assert its Necessary Claims” against alternative (including open source) implementations of the ECMA C# and CLR specifications. The promise doesn’t cover implementations of .NET, WinForms etc- so the Mono team have announced they will be splitting their project in to two packages—a safe, ECMA based package and a package containing everything else. # 7th July 2009, 11:15 am

Imminent Death of the Net Predicted. Well, maybe not, but the way Windows Vista deals with round-robin DNS A records (using a new IPv6 algorithm from RFC3484 backported to IPv4) means that domains that serve up multiple A records to load balance between data centres will find that the IP nearest to the 192.168.* range will get the vast majority of Vista traffic. # 5th March 2009, 9:50 am

Microsoft: Big Security Hole in All IE Versions. Looks like a 0-day that’s being actively exploited. # 16th December 2008, 8:26 pm

Windows Live Adds Support For OpenID. I hope they include the option to log in to the provider using CardSpace, to address phishing. # 27th October 2008, 9:34 pm

Why I can’t put Tibet in my Hotmail address. Apparently it’s because “TIB” is name of a bank in Florida, and Microsoft are trying to prevent phishers from creating e-mail addresses that include the names of financial institutions. # 10th August 2008, 10:41 pm

IE8 Security Part IV: The XSS Filter (via) IE8 will include an XSS filter to identify and neutralise “reflected” XSS attacks (where malicious code in a query string is rendered to the page), turned on by default. Sounds like a good idea to me, and site authors can disable it using Yet Another Custom HTTP header (X-XSS-Protection: 0). # 3rd July 2008, 9:37 am

Velocity: A Distributed In-Memory Cache from Microsoft. I’d been wondering what Microsoft ecosystem developers were using in the absence of memcached. Is Velocity the first Windows platform implementation of this idea? # 6th June 2008, 9:52 pm

The Machine That Changed the World: The Paperback Computer. This third episode (the second has also been published) is awesome—Sketchpad (the first GUI), NLS, Xerox PARC, the Homebrew Computer Club, Apple and the Macintosh, Lotus 123, Microsoft, and Virtual Reality presented as the “future” of computing. Worth investing an hour to watch it. # 6th June 2008, 8:18 pm

CSS Compatibility and Internet Explorer (via) Official Microsoft guide to which CSS properties are supported by which versions of IE. This is the kind of documentation browser vendors should be providing as a matter of course. # 2nd April 2008, 8:05 pm

IronPython, MS SQL, and PEP 249. How Dino Viehland got Django’s ORM to talk to the .NET database layer. # 19th March 2008, 9:46 am

Django on IronPython. Dino Viehland demonstrated Django running on IronPython and SQL Server at PyCon. # 17th March 2008, 4:05 pm

Windows Live ID Delegated Authentication. Would make life a lot simpler if they just supported OAuth, but at least they include sample code in Python, Ruby and PHP. # 8th March 2008, 3:19 pm

Windows Live Contacts API (via) I didn’t realise Microsoft already have a contacts API for Live (which presumably covers hotmail as well). # 7th March 2008, 5:57 pm

Introducing the Google Contacts Data API. Brilliant! (and about time)—now there’s no excuse for asking your users for their Gmail username and password so you can import contacts from their address book. Yahoo! and Microsoft need to catch up on this one fast. # 6th March 2008, 11:29 pm

Principles and Legality. Eric Meyer notes that language about legality in Microsoft’s recent IE announcement suggests that Opera’s much criticised EU threat may have helped positively influence the result. # 4th March 2008, 7:45 pm

.aspx considered harmful. Jon Udell: “I guess I’m extra-sensitive to the .aspx thing now that I work for Microsoft, because I know that to folks outside the Microsoft ecosystem it screams: We don’t get the web.”—he goes on to mention that smart URL rewriting is thankfully built in to the upcoming ASP.NET MVC framework. # 17th January 2008, 6:01 pm

The Dark Side Of The Moon (via) Robert O’Callahan believes that Moonlight is a strategic mistake, because it gives credibility to Microsoft’s entry to a new market which they will use to “keep the competition on a treadmill”; Moonlight can also never be entirely free due to the need for a proprietary codec (VC-1) available only as a binary blob. # 4th January 2008, 12:41 pm

EU: Microsoft’s Last Stand Against Google’s Acquisition of DoubleClick. Notable for some truly incomprehensible chartjunk from Microsoft. # 27th December 2007, 12:26 pm

Conversation with Bill Gates about IE8 and Microsoft Transparency. Molly asks the tough questions about IE8—it looks like there should be a lot of IE8 material at MIX08 next year. # 6th December 2007, 11:47 am