Java problems with IE after SP2 for XP

On Sun, 17 Oct 2004 17:21:41 -0700, Grant wrote:

Sub: Java problems with IE after SP2 for XP
For future reference Grant, Java and Javascript are different
languages, the best place to get help with Java problems is..
<http://www.physci.org/codes/javafaq.jsp#cljh>
Ok I have XP Pro and recently upgraded to SP2 but after doing so one of my
favorite webpages to check daily does not respond the same as before.

It used to be (pre SP2) that I could when visiting this page
http://facs.scripps.edu/surf/buoylist.html

But OTOH, I am pretty sure most of the guru's hear could guess the
problem, as it is common to JS.

Pop-up blocker.

IE SP2 installed a pop-up blocker in your browser. In order
to see the new windows that page produces, you need to add
it to the list of 'allowed sites' for pop-ups.

Unfortunately, that is about all I can tell you. I have yet
to install SP2 and do not know where to look to find that list.

Hopefully one of the JS/IE experts is lurking and can advise
further ( I say that, 'cos in all honesty, they know a lot
more about browsers than your average Java programmer ;-).

--
Andrew Thompson
http://www.PhySci.org/codes/ Web & IT Help
http://www.PhySci.org/ Open-source software suite
http://www.1point1C.org/ Science & Technology
http://www.LensEscapes.com/ Images that escape the mundane

"Andrew Thompson" <Se********@www.invalid> wrote in message news:x1****************************@40tude.net...

On Sun, 17 Oct 2004 17:21:41 -0700, Grant wrote:

Sub: Java problems with IE after SP2 for XP

For future reference Grant, Java and Javascript are different
languages, the best place to get help with Java problems is..
<http://www.physci.org/codes/javafaq.jsp#cljh>

Ok I have XP Pro and recently upgraded to SP2 but after doing so one of my
favorite webpages to check daily does not respond the same as before.

It used to be (pre SP2) that I could when visiting this page
http://facs.scripps.edu/surf/buoylist.html

But OTOH, I am pretty sure most of the guru's hear could guess the
problem, as it is common to JS.

Pop-up blocker.

IE SP2 installed a pop-up blocker in your browser. In order
to see the new windows that page produces, you need to add
it to the list of 'allowed sites' for pop-ups.

Unfortunately, that is about all I can tell you. I have yet
to install SP2 and do not know where to look to find that list.

Hopefully one of the JS/IE experts is lurking and can advise
further ( I say that, 'cos in all honesty, they know a lot
more about browsers than your average Java programmer ;-).

--
Andrew Thompson
http://www.PhySci.org/codes/ Web & IT Help
http://www.PhySci.org/ Open-source software suite
http://www.1point1C.org/ Science & Technology
http://www.LensEscapes.com/ Images that escape the mundane

Yup that's right. Windows XP SP2 will do that to you. There are other issues as well that result in IS 6.
Not sure of all the configuration issues you'll have to tweak but you should note Grant that all updates to IE 6 are such that you will lose functionality. Supposedly this is to quell customer anger over its susceptibility to various JavaScript and ActiveX and Java tricks used on the Web these days. So I suggest to bone up on how to surf safe rather then let Microsoft hold your hand. That's just my 2 cents.

Much of what you see in the following Microsoft is making a concerted effort to apply without your knowledge. And SP2 is just one of them.

http://support.microsoft.com/default...on126121121120

--
George Hester
__________________________________

George Hester wrote:

Pop-up blocker.

IE SP2 installed a pop-up blocker in your browser. In order
to see the new windows that page produces, you need to add
it to the list of 'allowed sites' for pop-ups.

Unfortunately, that is about all I can tell you. I have yet
to install SP2 and do not know where to look to find that list.

Hopefully one of the JS/IE experts is lurking and can advise
further ( I say that, 'cos in all honesty, they know a lot
more about browsers than your average Java programmer ;-).

Yup that's right. Windows XP SP2 will do that to you. There are other issues as well that result in IS 6.
Not sure of all the configuration issues you'll have to tweak but you should note Grant that all updates to IE 6 are such that you will lose functionality. Supposedly this is to quell customer anger over its susceptibility to various JavaScript and ActiveX and Java tricks used on the Web these days. So I suggest to bone up on how to surf safe rather then let Microsoft hold your hand. That's just my 2 cents.

Much of what you see in the following Microsoft is making a concerted effort to apply without your knowledge. And SP2 is just one of them.

http://support.microsoft.com/default...on126121121120

If Microsoft were doing this "without your knowledge", why would the URL you posted be available?

Or <url: http://www.microsoft.com/windowsxp/sp2/topten.mspx />
Or <url: http://www.microsoft.com/windowsxp/sp2/features.mspx />
Or <url: http://www.microsoft.com/windowsxp/sp2/overview.mspx />
Or <url: http://www.microsoft.com/windowsxp/s...soverview.mspx />

Microsoft is making a very large effort to inform people about the changes which will occur on their PCs as a result of Windows XP Service Pack 2. And I, for one, feel that the changes are long overdue.
OT: I find this hilarious. For years Microsoft left uninformed end-users vulnerable to all sorts of attacks. They now take a stand on security, and they are chastised for it with claims that the end-user "will lose functionality". Well, in that case, lets make the FSO scriptable from Web sites, because it will enhance the "functionality" of their Web browser!

I'm guessing you're just angry that a lot of the hacks you've written (and were most likely told not to use by members of this newsgroup) have come back to bite you in the ass now that Microsoft has tightened up security in their Web browser.

--
Grant Wagner <gw*****@agricoreunited.com>
comp.lang.javascript FAQ - http://jibbering.com/faq

"Grant Wagner" <gw*****@agricoreunited.com> wrote in message news:41***************@agricoreunited.com...

George Hester wrote: I'm guessing you're just angry that a lot of the hacks you've written (and were most likely told not to use by members of this newsgroup) have come back to bite you in the ass now that Microsoft has tightened up security in their Web browser.

--
Grant Wagner <gw*****@agricoreunited.com>
comp.lang.javascript FAQ - http://jibbering.com/faq

No not really. In fact all my hacks still work. Again there is no reason to criticize me because Microsoft is
making changes that you are unaware of. If you doubt me then fine. So be it. You do know that ADO has been
reduced in functionality; that no longer can the Microsoft JVM be used in Windows 2003 (many prefer it over Sun); that IE has quit
development; that the ability to use addresses in the form http:user:pass@url are disabled; that IE 6 introduces a
Race condition in Windows 2000 that there is no fix for. I agree with you that they had some nasty security
issues. Still do. But what I don't like is "bundling" these security fixes with "fixes" that are enhancements rather then
just plugging security holes. For example. If I want to see if some issues I may have with Windows XP can be
"fixed" with the Service Pack then I have to hunt down all the configuration changes that will occur to my browser
that I have no issues with.

Grant you may be surprised at the number of people who complain that their previous to installing Windows XP browser experience has been adjusted to a "pain in the arse" after the SP2 install. Or that Microsoft is STILL releasing fixes to the fixes that were to fix the issues the public said needed fixing. This is what happens when "bundling."

This "bundling" of security fixes with enhancement fixes is what I am "angry" with. I wouldn't say "angry."
Disgusted would be a better term. Because to get those enhancements now I have to weigh that with the possibility that something I enjoy with my browser is not going to work anymore. Disgusted.

--
George Hester
__________________________________

George Hester wrote:

"Grant Wagner" <gw*****@agricoreunited.com> wrote in message news:41***************@agricoreunited.com...

George Hester wrote:

I'm guessing you're just angry that a lot of the hacks you've written (and were most likely told not to use by members of this newsgroup) have come back to bite you in the ass now that Microsoft has tightened up security in their Web browser.

No not really. In fact all my hacks still work. Again there is no reason to criticize me because Microsoft is
making changes that you are unaware of.

Microsoft is making no changes I am unaware of.
reduced that no longer can the Microsoft JVM be used in Windows 2003 (many prefer it over Sun);
The reason why Microsoft can no longer update their own Java VM is clearly documented at <url: http://www.microsoft.com/mscorp/java/ />:

"The MSJVM will reach its end of life on December 31, 2007. Customers are encouraged to take proactive measures to stay informed about obsolete software and move away from the MSJVM in a timely fashion. The MSJVM is no longer available for distribution from Microsoft and there will be no enhancements to the MSJVM. Microsoft products and SKUs
currently including the MSJVM will continue to be retired or replaced by versions not containing the MSJVM on a schedule to be announced."
that IE has quit
development;
It has not. The most recent story I've heard is that updates to Internet Explorer will not be available as stand-alone downloads, you will need to upgrade to a new version of Windows to get a new version of Internet Explorer. This article <url: http://www.samizdata.net/blog/archives/006803.html /> makes the same claim and goes one step further and
claims Microsoft is only fixing IE security problems Windows XP. This is clearly not the case, since the last cumulative update to IE was available for every operating system from Windows ME to Windows 2003. I'm guessing they are referring to the security enhancements added to Internet Explorer by Windows XP Service Pack 2, which are not available
as a separate download for IE running on other Windows operating systems.
that the ability to use addresses in the form http:user:pass@url are disabled;
Clearly documented at <url: http://support.microsoft.com/default...5Bln%5D;834489 />. There has been debate here and on other newsgroups as to whether a URL in the form of http://user:pass@host even conforms to an RFC. The general concensus seems to be "no". As a result, Microsoft simply removed support for a non-standard mechanism that
happens to have been duplicated on most other Web browsers.

Section 3.2.2 of <url: http://www.ietf.org/rfc/rfc2396.txt /> states:
"Some URL schemes use the format "user:password" in the userinfo field. This practice is NOT RECOMMENDED, because the passing of authentication information in clear text (such as URI) has proven to be a security risk in almost every case where it has been used."

Section 3.3 of <url: http://www.ietf.org/rfc/rfc1738.txt /> states:
"The HTTP URL scheme is used to designate Internet resources accessible using HTTP (HyperText Transfer Protocol). The HTTP protocol is specified elsewhere. This specification only describes the syntax of HTTP URLs. An HTTP URL takes the form: http://<host>:<port>/<path>?<searchpart>"

Note that the HTTP specific section of RFC1738 does not even include userinfo, making a URL in the form of http://userinfo@host invalid, and http://user:pass@host doubly so, because as Section 3.2.2 states, the practice of including authentication information on the URI is not recommended.

In other words, the change Microsoft made did not go _far enough_ (since http://userinfo@host is still permitted).
that IE 6 introduces a
Race condition in Windows 2000 that there is no fix for.
Test case? Knowledgebase article describing this identified race condition? Result of this race condition? Number of users affected?
Grant you may be surprised at the number of people who complain that their previous to installing Windows XP browser experience has been adjusted to a "pain in the arse" after the SP2 install. Or that Microsoft is STILL releasing fixes to the fixes that were to fix the issues the public said needed fixing. This is what happens when "bundling."
I would not doubt that people are complaining about the security enhancements added to Internet Explorer. I would also not doubt that if you asked them if they understood the underlying technology and potential for it's abuse, they would have no idea. People complaining about being protected from malicious people on the Internet are like people who
complain that putting on a seatbelt in a car is "too much trouble" and "wrinkles their clothes". They fail to understand that being catapulted 60 feet into a telephone pole in an accident is probably much more trouble than putting their seatbelt on.

It is our job as IT professionals to inform people why these changes were made, and help people identify the benefits these changes bring to their computer using experience. Not add to the noise.

I'm not sure what "fixes to fixes" you are referring to. The cumulative Internet Explorer update recently made available does not "fix" any flaws in the Service Pack 2 deployment, it patches additional security vulnerabilities.
This "bundling" of security fixes with enhancement fixes is what I am "angry" with. I wouldn't say "angry."
Disgusted would be a better term. Because to get those enhancements now I have to weigh that with the possibility that something I enjoy with my browser is not going to work anymore. Disgusted.

Protected, not disgusted.

However, if you really don't like the changes, use a different Web browser.

Microsoft has made the right choice in locking down their browser, and if you don't like it, you're free to use some other Web browser.

--
Grant Wagner <gw*****@agricoreunited.com>
comp.lang.javascript FAQ - http://jibbering.com/faq

On Fri, 22 Oct 2004 17:40:18 GMT, Grant Wagner
<gw*****@agricoreunited.co

I'm guessing they are referring to the security enhancements added to Internet
Explorer by Windows XP Service Pack 2, which are not available
as a separate download for IE running on other Windows operating systems.

currently available, the IE blogs have said they're working on getting
those enhancements into other IE6's

Jim.

"Grant Wagner" <gw*****@agricoreunited.com> wrote in message news:41***************@agricoreunited.com...

George Hester wrote:

"Grant Wagner" <gw*****@agricoreunited.com> wrote in message news:41***************@agricoreunited.com...

George Hester wrote:

I'm guessing you're just angry that a lot of the hacks you've written (and were most likely told not to use by members of this newsgroup) have come back to bite you in the ass now that Microsoft has tightened up security in their Web browser.

No not really. In fact all my hacks still work. Again there is no reason to criticize me because Microsoft is
making changes that you are unaware of. Microsoft is making no changes I am unaware of.

reduced that no longer can the Microsoft JVM be used in Windows 2003 (many prefer it over Sun);
The reason why Microsoft can no longer update their own Java VM is clearly documented at <url: http://www.microsoft.com/mscorp/java/ />:

"The MSJVM will reach its end of life on December 31, 2007. Customers are encouraged to take proactive measures to stay informed about obsolete software and move away from the MSJVM in a timely fashion. The MSJVM is no longer available for distribution from Microsoft and there will be no enhancements to the MSJVM. Microsoft products and SKUs
currently including the MSJVM will continue to be retired or replaced by versions not containing the MSJVM on a schedule to be announced."

I said nothing about "updating" the MSJVM. What is said was "use." Windows 2003 you cannot use MSJVM. You can in Windows XP. I have it. The one specific to Windows XP. I for one prefer it. And so do others. The security issues? Yes but so what?

that IE has quit
development;
It has not. The most recent story I've heard is that updates to Internet Explorer will not be available as stand-alone downloads, you will need to upgrade to a new version of Windows to get a new version of Internet Explorer. This article <url: http://www.samizdata.net/blog/archives/006803.html /> makes the same claim and goes one step further and

I should retstate what I meant. Development of IE as a standalone browser is dead. Systen Component see below. Thanks for clarifying that.
In other words, the change Microsoft made did not go _far enough_ (since http://userinfo@host is still permitted).

that IE 6 introduces a
Race condition in Windows 2000 that there is no fix for.
Test case? Knowledgebase article describing this identified race condition? Result of this race condition? Number of users affected?

http://support.microsoft.com/?scid=kb;en-us;821164

<snip>
It is our job as IT professionals to inform people why these changes were made, and help people identify the benefits these changes bring to their computer using experience. Not add to the noise.

It is our jobs as IT professionals to not allow those we have jurisdiction over to be able to hurt the system and or themselves. It is NOT an IT professionals responsibility to do anything at all for John or Jane Doe. I understand that this can lead to addtional headaches for the IT Professional. But again that is just The Way of The World.
I'm not sure what "fixes to fixes" you are referring to. The cumulative Internet Explorer update recently made available does not "fix" any flaws in the Service Pack 2 deployment, it patches additional security vulnerabilities.

The "fixes to the fixes" are not specific to IE. They are general fixes that arise from installing SP2 or trying to install SP2. The initial relaeases have been retired AND Microsoft has done at least two of these updates to the SP2. In fact it was NOT released when they said it was to be released because of the issues that resulted when they initially released it. That had to shut it down.
This "bundling" of security fixes with enhancement fixes is what I am "angry" with. I wouldn't say "angry."
Disgusted would be a better term. Because to get those enhancements now I have to weigh that with the possibility that something I enjoy with my browser is not going to work anymore. Disgusted.

However, if you really don't like the changes, use a different Web browser.

Not really the issue. The Web Browser is a system component in Windows. Any security fix to IE propagates. And NOT always as expected.
Microsoft has made the right choice in locking down their browser, and if you don't like it, you're free to use some other Web browser.

I don't like "bundling."

--
Grant Wagner <gw*****@agricoreunited.com>
comp.lang.javascript FAQ - http://jibbering.com/faq

http://support.microsoft.com/default...b;en-us;835183

The "bundling" of security fixes with enhancement fixes is a problem that I wish they would stop. If they don't then they don't. Just because you or Microsoft thinks I need security fixes doesn't mean I do. I have been operating just fine for years with no AV software; no firewall; none of that crap. That doesn't mean I don't secure what needs securing. On contrare. I button down everything I deem an immediate hazard.. And then use my own noggin' to take care of the rest.

For example I was asked the other day, "George what do I do about Popups?" I told them how to stop them. No software? Yup not needed and can produce unforseen issues if it is used. Which I think was what this whole post was about. Unforseen issues.

--
George Hester
__________________________________