news aggregator

In the past year, the EduTF has been quieter than previous years. We have gone through a few changes, though our mission remains the same.

The WaSP Education Task Force was created in 2005 to work directly with institutions of higher education to help raise awareness of Web standards and accessibility among instructors, administrators, and Web development teams.

Our mission is not a small one. Our work and message needs to reach beyond our reading audience and the Web standards community in order to get information, help, and resources to more people. EduTF is discussing and looking at a variety of ways in which we can help.

To help with our mission, EduTF has added new members, including: Aarron Walter, Gareth Rushgrove, Lars Gunther, Jeffrey Brown, Kathy Keller, Christopher Schmitt, and Virginia DeBolt. Each member has experience with education and a strong passion for improving education in the area of Web standards and technologies.

One task the EduTF has been working on is the publication of the EduTF Survey results. We are reviewing the final draft of the publication and hope to share this information very soon.

The survey results have been very helpful in highlighting key needs, challenges and issues within the educational community and these will be addressed by the EduTF and also through our Curriculum Project.

The Curriculum Project will be a resource that could be used by those in education, as well as, anyone needing to update knowledge on Web related technologies.

Aarron Walter is leading our Curriculum Project and has this informative report to share:

The quality of Web design and development education in our schools is perhaps the most significant barrier preventing the world-wide adoption of Web standards. The EduTF has been hard at work this year developing a curriculum to address this issue. Our goal is to create a curriculum that is modular allowing courses to be selectively integrated into existing programs that need updating, or adopted entirely to serve as the foundation for new Web design and development programs in colleges, universities, and high schools around the world.

This is a big project. We’ve sought guidance from talented educators already teaching standards, and top industry professionals who have helped us identify the tools and topics each course should include. The EduTF is teaming up with Chris Mills of Opera who is leading an initiative to create a broad series of detailed articles that teach basic principles of front end development. These articles will be integrated into a number of courses to provide educators and students with practical references and a solid foundation in Web standards.

The curriculum will be released in stages, the first of which will include a core set of courses that address foundation topics such as HTML, CSS, JavaScript, accessibility, information architecture, usability, and the history of the Web. In subsequent releases, courses will be added that address more advanced topics, and specific tools popular in the industry.

Each course will contain a collection of tools for educators including:

• A course overview
• Recommended course dependencies indicating what students will need to know before beginning each course
• Learning competencies describing what students must master in order to receive a passing grade
• Assignment recommendations and test questions that allow educators to measure a student’s mastery of each competency
• Recommended readings from Chris Mills’ article series on Web standards and other reputable sources

We hope to release the curriculum in March of 2009 in an online format that will make it easy for educators to access and contribute back to the project. We view it as a living system which will be greatly enhanced by community contributions.

It’s a very big undertaking, but one that we believe could make a significant impact not only on the quality of Web design and development education offered in our schools, but also on the adoption rate of Web standards. If you’re an educator with pedagogical materials or ideas to share, please join the mailing list and our IRC channel to become part of the conversation. We welcome your support and inputs as we proceed with the development of the WaSP Web standards curriculum.

Mark Pilgrim announced a new Google Code project yesterday on the Google Code Blog:

Google has built its business here, on the open web, and we want to help you build here too. To that end, we are happy to announce the formation of an encyclopedia for web developers, by web developers: Google Doctype.

Full of wikified goodness and entirely downloadable by SVN checkout, Google Doctype stands to become a fantastic resource for Web developers, provided a solid core community embraces it. So head on over, check it out, and maybe even contribute something.

• User interface developer
  
• Mail developer
  
• Graphic designer
  
• Interaction designer
  

Join members of the Internet Explorer team for an Expert Zone chat this Thursday, May 15th  at 10.00 PDT/17.00 UTC. These chats are a great opportunity to have your questions answered by members of the IE product team.

If you can’t join us online, all chat transcripts are published here. Allow approximately 7-10 days following a chat for the transcript to go live.

Hope you can join us on Thursday!

Kristen Kibble
Program Manager

Hi all,

Last week, I blogged about installing Windows XP SP3 and how it affects different versions of Internet Explorer (See my earlier blog post here). Today I will be discussing installing branded/custom versions of IE7 on machines with Windows XP SP3 installed. This post is primarily aimed towards folks who use the Internet Explorer Administration Kit 7 (IEAK7) to create custom IE7 packages, like Internet Service Providers (ISPs) and web developers. If you ever installed the IEAK7, built a custom version of IE7 or distributed a version of IE7 to others, this post is for you.

When installing a branded version of IE7 (like the one you get on a Comcast or Qwest CD when you sign up for their services) on Windows XP SP3 machine for the first time, the IE7 install might fail with the following error:

“Process 'xmllitesetup.exe /quiet /norestart /er  /log:C:\WINDOWS' exited with exit code 61681”<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

The reason is that the IE7 package you are trying to install uses old IE7 files. As you may recall, in October of 2007 we released an IE7 update, which in addition to turning on the menu bar by default and removing WGA validation also addresses the XMLLite issue above.

XMLLite.dll is one of the components that ships with IE7. This DLL is necessary to run IE7, and IE Setup installs this component as part of IE7 installation. XPSP3 contains an updated version of XMLLite.dll, so when you try to install an older version of IE7 on XPSP3 machines, IE Setup fails to install XMLLite since it’s already on your system; hence, you get the error. In the IE7 update, we modified the install logic to only install XMLLite if it’s not already present on the system.

Call To Action

If you produce custom IE7 packages, you need to ensure that those packages will install successfully on Windows XP SP3. You can either try installing IE7 on a Windows XP SP3 system, or for a quick test, you can verify the cache of the IE7 files that were downloaded when generating custom IE7 packages. To verify the cache, on the machine that has the IEAK7 installed, go to C:\Program Files\Microsoft IEAK 7\Download\Win32\<Language>\iebin and search for IESetup.msi or IEBrand.msi.

If those files are not present, then you need to perform the following:

1. Download the new IEAK7 available at TechNet.
2. Run the new IEAK7 wizard.
3. Open the INS file you generated for custom IE7 packages. (You can re-use an existing ins file or create a new one, in which case this step is optional.)
4. On the Automatic Version Synchronization screen, click on the Synchronize button. This step downloads the latest IE7 setup files that it will use to generate a new branded package.
5. Complete the rest of the wizard, and click Finish.

The new packages will be created in the directory you specified during the beginning of the IEAK Wizard. These new packages will work on XPSP3, so you are ready to distribute them to all your customers.

Thanks,

Jane Maliouta
Program Manager

• [Bug 327180] Dragonfly does not work when JavaScript is disabled.
  
• [Bug 324985] International installer on Windows is broken when using some languages.
  
• [Bug 324377] Save Linked Content As fails sporadically.
  
• [Bug 327333] Some SVGs do not paint on Windows.
  
• [Bug 328186] Crash when using Master Password.
  
• [Bug 324727] The Octoshape plug-in causes Opera to crash on start-up.
  
• The tab bar on Mac may mix up favicon/text placement.
  

• Fix for reloading inline elements.
  
• Fixed cookie settings for local server names.
  
• Fixed forwarding, replying and redirecting of HTML-only mails.
  
• Fixed high CPU usage when subscribed only to the IMAP Inbox folder on GMail.
  
• F8 now works again to focus address field when focus is in panels.
  
• [Bug 328318] Wand button is fixed again.
  
• Fixed extensions in File > Save As and File > Open dialogs.
  

• Fixed updating of Google Maps when panning
  
• CJK fonts should now look better in the default setup
  

Security is a top priority for the WebKit project. As contributors to the project have grown, it has become apparent that we need a process for safely reporting security vulnerabilities to the WebKit project in addition to the process for reporting vulnerabilities to Apple. Today, we are announcing a new mailing list for this purpose, security@webkit.org. In addition, you can now safely report vulnerabilities over https to our bug tracker, https://bugs.webkit.org, by placing the bug in the Security component. The people privy to the mailing list and the Security component are members of the Security group. It currently includes vendors shipping products that include WebKit, active port owners and trusted security experts. If you are shipping a product that includes WebKit and would like to be notified of security issues, please email security@webkit.org.

Hi, I’m Matt Crowley, Program Manager for Extensibility with Internet Explorer. The team was very excited to be at the RSA security conference last month discussing the security features of Internet Explorer 8 Beta 1. In this, the second part of the IE8 Security blog series, I describe the ActiveX improvements in IE8 and summarize the existing ActiveX-related security features carried over from earlier browser versions.

Per-User (Non-Admin) ActiveX

Running IE8 in Windows Vista, a standard user may install ActiveX controls in their own user profile without requiring administrative privileges. This improvement makes it easier for an organization to realize the full benefit of User Account Control by enabling standard users to install ActiveX controls used in their day-to-day browsing.

If a user happens to install a malicious ActiveX control, the overall system will be unaffected, as the control was installed only under the user’s account. Since installations can be restricted to a user profile, the risk and cost of compromise (and, in turn, the total cost of administering users on a machine) will be lowered significantly.

Per-User ActiveX was designed with compatibility in mind—most existing ActiveX controls will not have to be rewritten to benefit from this feature; the only change will be repackaging. As in Internet Explorer 7, when a webpage attempts to install a control, an Information Bar is displayed to the user.

By clicking on the information bar, users can choose to either install the control machine-wide, or install it only for their own user account. The options in this menu will vary depending on the packaging of the control and the rights of the user.

The available options depend on Group Policy settings for per-user ActiveX installations and whether or not the control has been packaged to allow per-user installation.

While this feature offers the possibility of lowering total cost of ownership, IT Administrators running managed environments may elect to disable this feature via Group Policy. For more information regarding Per-User ActiveX, please refer to the Non-Admin ActiveX Controls article in MSDN’s IE8 Beta 1 Whitepapers.

ActiveX Opt-In

Recognizing that any binary extensibility mechanism increases attack surface, ActiveX Opt-In was introduced with Internet Explorer 7.

By default, ActiveX Opt-In disables most controls on a user's machine. When the user encounters a Web page with a disabled ActiveX control, they will see an Information bar with the following text: "This website wants to run the following add-on "ABC Control" from "XYZ Publisher". If you trust the website and the add-on and want to allow it to run, click here …" The user can then choose to enable the ActiveX control from this Information bar.

ActiveX Opt-In allows some controls to run by default:

• A small list of common controls intended for use in the browser.
• Controls which were used in IE on a user’s machine before upgrading to IE8.
• Controls which are installed through IE.

For more information on ActiveX Opt-In, please refer to the MSDN Article Best Practices for ActiveX.

Per-Site ActiveX

When a user navigates to a Web site containing an ActiveX control, IE8 performs a number of checks, including a determination of where a control is permitted to run. This check is referred to as Per-Site ActiveX, a defense mechanism to help prevent malicious repurposing of controls. If a control is installed, but is not permitted to run on a specific website, an Information Bar appears asking the user whether or not the control should be permitted to run on the current website.

Users can use the Information bar to allow the control for a specific Web site or allow the control for all Web sites.

IT Professionals administering a system of computers running Internet Explorer 8 may choose to preset allowed controls and their associated domains. Such settings can be configured using Group Policy.

For more information regarding Per-Site ActiveX, please refer to the Per-Site ActiveX article in MSDN’s IE8 Beta 1 Whitepapers.

Enforcing Per-Site with ATL SiteLock Technology

If your ActiveX control is designed for use only on your web site, then locking it to the domain of that Web site will make it harder for other sites to repurpose the control in a malicious manner. See Developing Safer ActiveX Controls Using the Sitelock Template for more information.

Reducing Exploit Risk with DEP/NX, “Killbits,” and Servicing

Working with your processor and Windows, IE8 helps reduce the exploitation of vulnerable controls through Data Execution Prevention. See the previous post in this series, IE8 Security Part I: DEP/NX Memory Protection, for more information on how to ensure that your ActiveX controls are DEP/NX compatible, as well as information on how to opt-in to other available protections.

If a vulnerable control has been exploited, IE has included a poison-pill option—the “killbit”— to block usage of specific controls within the browser. Vendors who are aware of a vulnerability in their control should contact Microsoft to setup a killbit for a future software update package. For more information, please refer to Knowledge Base article 240797, How to stop an ActiveX control from running in Internet Explorer.

As with standard desktop software, it is important to keep controls up-to-date to ensure compatibility with newer systems and lower the risk of compromise through evolving security threats. For more information on updating ActiveX controls, please refer to the IE Blog entry Good Practices for ActiveX Updates.

Working with Users through Manage Add-Ons

While most end users aren’t aware of the inner-workings of ActiveX controls or their enterprise policy on them (if applicable), users are able to find out information about the controls installed for use in Internet Explorer through Manage Add-Ons. It is important for developers to ensure that their controls are not only performant and secure, but also open in the information they provide.

Controls are identified by Name, Publisher, Version, and Class ID within the Manage Add-Ons interface. Given this, control developers are encouraged to include this metadata in release builds of their controls.

For more information on making sure that your ActiveX control properly conveys information about itself to users, please refer to Christopher Vaughan’s post Add-on Management Improvements in Internet Explorer 8 as well as the MSDN Article Best Practices for ActiveX.

Thanks for your help in ensuring your ActiveX controls are secure!

Matthew David Crowley
Program Manager
Internet Explorer Extensibility

• [Bug 328318] Wand usually doesn't work
  
• [Bug 327180] Dragonfly does not work when JavaScript is disabled
  
• [Bug 324985] International installer on Windows is broken when using some languages
  
• [Bug 324377] Save Linked Content As fails sporadically
  
• [Bug 327333] Some SVGs do not paint on Windows
  
• [Bug 328186] Crash when using Master Password
  
• [Bug 324727] The Octoshape plug-in causes Opera to crash on start-up
  
• The tab bar on Mac may mix up favicon/text placement
  

• Line breaks in Notes are now preserved when sync'ing data
  
• application/x-msdownload files are not always saved with an .exe extension anymore
  
• Lots of improvements on certificates UI
  
• Improvements on certificate handling and on the new certificate repository
  
• New look for the address field dropdown
  
• New cookie confirmation dialog
  
• Several stability fixes
  
• Several performance improvements to JavaScript
  
• Offline mode is improved
  

• Fixed a crash when reindexing mail
  
• Fixed problem fetching POP mail from web.de (and many other providers)
  
• Show "Password not displayed" instead of always showing six asterisks for Opera Mail passwords
  
• Improved POP performance when checking for new mail
  
• SMTP authentication will now default to Auto instead of None
  
• Fixed problem where many feed items were not downloaded
  

• [Mac] New tab look (thanks lachralle!)
  
• [UNIX] Fixed some CJK issues in the UI
  

Hi.

My name is Jane Maliouta and I am the Deployment PM for IE8. You might remember my recent blog on Installing IE8. Today I am here to tell you about Windows XP SP3 (XPSP3) and how it’ll work with the various released versions of Internet Explorer.

Windows XP SP3 contains some new updates, and a number of bug fixes and security improvements. You can learn more about XPSP3 features by reading the white paper located here. We expect XPSP3 will be publicly available shortly and want you to have this information prior to its final release to the web.

Internet Explorer 6 Users

XPSP3 will continue to ship with IE6 and contains a roll-up of the latest security updates for IE6. If you are still running Internet Explorer 6, then XPSP3 will be offered to you via Windows Update as a high priority update. You can safely install XPSP3 and will have an updated version of IE6 with all your personal preferences, such as home pages and favorites, still intact.

If you are currently running IE7 or IE8 on  Windows XP SP2 (XPSP2) and you are thinking of upgrading to XPSP3, read on.

Internet Explorer 7 Users

If you are currently running IE7 on XPSP2, Windows Update will offer you XPSP3 as a high priority update. If you choose to install XPSP3, Internet Explorer 7 will remain on your system after the install is complete. Your preferences will be retained. However, you will no longer be able to uninstall IE7. If you go to Control Panel->Add/Remove Programs, the Remove option will be grayed out.

This behavior is by design and here is why. When we install IE7 on Windows XP SP2, we backup the existing IE6 files in an uninstall directory.  Those IE6 files are the ones that shipped on XPSP2 plus all the security updates you’ve installed while using IE6. Windows XP SP3 contains a newer version of the Internet Explorer 6 files. If you have XPSP3 on your system and uninstall IE7, your system would revert to the backed up (older) version of the IE6 files rather than the newer XPSP3 version. You would end up in a mixed file state in Windows where most files would be the upgraded XPSP3, except for the IE6 files restored when uninstalling IE7. This state is not supported and is very bug prone. To ensure a reliable user experience, we prevent this broken state by disabling the ability to uninstall Internet Explorer 7.

If you must uninstall IE7 after you have upgraded to XPSP3, then you have to first uninstall XPSP3, and then uninstall IE7. After this series of uninstalls, you will be reverted back to a XPSP2, and a stable version of IE6, so feel free to upgrade to XPSP3 again.

If you install IE7 after you install XPSP3, then you will be able to uninstall IE7 at any point and be reverted to the newer IE6 version that ships in XPSP3. The restriction on uninstalling only applies to when you install a Windows Service Pack release on top of a standalone IE release.

Keeping this in mind, you might want to uninstall IE7, upgrade to XPSP3 and then install IE7 again so you can uninstall IE7 in the future if need be.

Internet Explorer 8 Beta 1 Users

Installing IE8 Beta1 on Windows XP SP3  is fully supported, so go ahead and upgrade your computers to XPSP3 and then install IE8 Beta 1 to try out our new features. You will be able to uninstall IE8 Beta 1 at any point to revert back to either IE7 or IE6 depending on what you were using before.

However, if you already have IE8 Beta 1 installed on XPSP2, Windows XP SP3 will not be offered to you via Windows Update. This is because after you update your system to XPSP3, you will no longer be able to uninstall IE8 Beta 1 and the Remove option will be grayed out under the Add/Remove programs in Control Panel. The reason is the same as in IE7 case described above. Since people are more likely to uninstall beta software, we strongly recommend uninstalling IE8 Beta 1 prior to upgrading to Windows XP SP3 to eliminate any deployment issues and install IE8 Beta 1 after XPSP3 is on your machine.

Thanks,

Jane Maliouta
Program Manager

This course is aimed at experienced Web developers and designers who are interested in learning to develop content for mobile Web access using W3C’s Mobile Web Best Practices.

Participants will have access to lectures and assignments providing hands-on practical experience with using W3C’s mobile Web Best Practices. They will have direct access to W3C experts on this topic who are the instructors for this course. Participants will also be able to discuss and share experiences with their peers who are faced with the challenges of mobile Web design.

For more information about the course, instructors, topics, and to view a free sample course, visit Online Training Course: An Introduction to W3C’s Mobile Web Best Practices

Thanks also go to Henny Swan for posting an entry about this on her site at Want to Get Your Content Mobile.

Update: Registration is full and now closed.