AWS

var ctx0, ctx1; var canvas0, canvas1; var wave = 1; var direction = 1; var timer; var HEIGHT2 = 100, WIDTH2 = 400; var count = 0; var currentX = 0, currentY = 0, lastX = 0, lastY = 0; var r = Math.floor(Math.random() * 255) + 70; var g = Math.floor(Math.random() * 255) + 70; var b = Math.floor(Math.random() * 255) + 70; window.onload=init; function init() { // Check to see if canvas is supported if (!document.createElement('canvas').getContext) return; // Set up canvas0 ctx0 = document.getElementById("canvas0").getContext("2d"); ctxWidth = document.getElementById("canvas0").width; ctxHeight = document.getElementById("canvas0").height; // Set up canvas1 canvas1 = document.getElementById("canvas1"); ctx1 = canvas1.getContext("2d"); ctx1.lineWidth = 25; ctx1.lineCap = "round"; // Add event handlers if (canvas1.addEventListener) canvas1.addEventListener("mousemove", OnMouseMove, false); else if (canvas1.attachEvent) canvas1.attachEvent("onmousemove", OnMouseMove); // Start the renderLoop timer = setInterval(renderLoop, 16); } function OnMouseMove(e) { if (typeof e == 'undefined') e = canvas1.event; if (typeof e.offsetX != 'undefined' && typeof e.offsetY != 'undefined') { currentX = e.offsetX; currentY = e.offsetY; } else { var relPos = getRelativePos(e.clientX, e.clientY); currentX = relPos[0]; currentY = relPos[1]; } } // My thanks to QuirksMode.org for the insight here function getRelativePos(x, y) { var curleft = curtop = 0; var obj = document.getElementById('canvas1'); if (obj.offsetParent) { do { curleft += obj.offsetLeft; curtop += obj.offsetTop; } while (obj = obj.offsetParent); } // Webkit isn't compliant with CSS OM View here; thus, we need to grab scrollTop from body instead of documentElement if (document.body.scrollLeft > 0) { var scrollLeft = document.body.scrollLeft; } else { scrollLeft = document.documentElement.scrollLeft; } if (document.body.scrollTop > 0) { var scrollTop = document.body.scrollTop; } else { scrollTop = document.documentElement.scrollTop; } return [(x - curleft + scrollLeft), (y - curtop + scrollTop)]; } function drawLines(ctx, x, y) { ctx.save(); ctx.beginPath(); ctx.moveTo(lastX, lastY); ctx.lineTo(x, y); ctx.strokeStyle = "rgba(" + r + "," + g + "," + b + ", 1)"; ctx.stroke(); ctx.restore(); } function clearLines(ctx) { // Clear first ctx.fillStyle = "rgba(0,0,0,0.05)"; ctx.fillRect(0, 0, WIDTH2, HEIGHT2); // Change up color if (count++ > 50) { count = 0; r = Math.floor(Math.random() * 255) + 70; g = Math.floor(Math.random() * 255) + 70; b = Math.floor(Math.random() * 255) + 70; } } function renderLoop() { // Draw lines clearLines(ctx1); drawLines(ctx1, currentX, currentY); lastX = currentX; lastY = currentY; drawSimpleShapes(ctx0); } function drawSimpleShapes(ctx) { // Draw background if (wave >= 60 || wave

We’re focused on making Internet Explorer 9 amazingly fast, and we want to help web developers make their sites fast as well. Enabling developers to accurately measure the performance of their websites is critical to making the web faster and enabling a new class of HTML5 applications. At Velocity, we announced Internet Explorer 9 as the first browser to provide performance information to developers at runtime, which we introduced in the latest IE9 platform preview. With special thanks to Steve Souders and Zhiheng Wang from Google, the WebKit team and Mozilla. Measuring real-world performance of websites is difficult and error prone today. Developers are forced to use hacks, such as injecting low resolution JavaScript timestamps throughout their code, which slows down the pages for end users, introduces an observer effect, and provides inaccurate results which can drive the wrong behavior. The browser knows exactly how long it takes to load and execute a webpage, so we believe the right solution is for the browser to provide developers an API to access these performance results. Web developers shouldn’t have to think about how to measure performance – it should just be available for them. It’s important for this API to be interoperable across all browsers and platforms so that developers can consistently rely on these results. The Web Timing specification at the W3C is a good foundation for solving this problem in an interoperable manner. The implementation that you’ll find in the latest IE9 platform preview is based off the navigation section of Web Timings and we’ve started conversations with the W3C and other browser manufacturers about working together to get Web Timing chartered and broadly supported. Let’s take a closer look at how developers are forced to measure performance today and what the new API’s enable. How Developers Measure Performance Today Today, in order to collect performance metrics a web developer has to instrument their code with specific timing markers at strategic places on their web page. This can result in code that opposes performance best practices. Developers write something like this: var start = (new Date).getTime(); /* do work here */ var pageLoad = (new Date).getTime() - start; This approach has several problems. It forces the JavaScript engine to load earlier than normal. It forces the HTML and JavaScript parsers to switch contexts. It may block parallel requests to load the remaining resources. Something else to mention is that this JavaScript approach does not capture network latency timings, which is the time associated from when the document is initially requested from the server to the time it arrives and is displayed to the end-user. Additionally, while the Date function is available across all browsers, the results vary in precision. John Resig has a nice blog post in which he goes to some lengths to determine that the time from (new Date).getTime(); is as precise as 7.5ms on average across browsers, half the interval for the Windows system timer at 15ms. Many operations can execute in under 1ms which means that some measurements can have an error range of 750%! How Developers can Measure Performance with Internet Explorer 9 The third Internet Explorer 9 platform preview contains a prototype implementation of the Web Timings NavigationTiming interface called window.msPerformance.timing. Following convention, we use a vendor prefix (ms) on the namespace because the spec is under development. There are no other implementations yet, and therefore no interoperability with other browsers. This interface captures key timing information about the load of the root document with sub-millisecond accuracy, which is immediately available from the DOM once the page had loaded. window.msPerformance.timing interface MSPerformanceTiming{ readonly attribute unsigned longlong navigationStart; readonly attribute unsigned longlong fetchStart; readonly attribute unsigned longlong unloadStart; readonly attribute unsigned longlong unloadEnd; readonly attribute unsigned longlong domainLookupStart; readonly attribute unsigned longlong domainLookupEnd; readonly attribute unsigned longlong connectStart; readonly attribute unsigned longlong connectEnd; readonly attribute unsigned longlong requestStart; readonly attribute unsigned longlong requestEnd; readonly attribute unsigned longlong responseStart; readonly attribute unsigned longlong responseEnd; readonly attribute unsigned longlong domLoading; readonly attribute unsigned longlong domInteractive; readonly attribute unsigned longlong domContentLoaded; readonly attribute unsigned longlong domComplete; readonly attribute unsigned longlong loadStart; readonly attribute unsigned longlong loadEnd; readonly attribute unsigned longlong firstPaint; readonly attribute unsigned longlong fullyLoaded; } For the first time, web developers can accurately understand how long it takes to load their page on their customer’s machines. They have access to when the end-user starts navigation (navigationStart), the network latency related to loading the page (responseEnd - fetchStart), and the elapsed time to load the page within the browser. Developers can use this information to adapt their applications at runtime for maximum performance, and they can use their favorite serialization interface to package these timings and store them on the server to establish performance trends. With JSON, this would look something like this: JSON.Stringify(window.msPerformance); Another useful feature of window.msPerformance is the ability to only query for the elapsed time taken in important time phases of loading the document called timingMeasures. window.msPerformance.timingMeasures interface MSPerformanceTimingMeasures{ readonly attribute unsigned longlong navigation; readonly attribute unsigned longlong fetch; readonly attribute unsigned longlong unload; readonly attribute unsigned longlong domainLookup; readonly attribute unsigned longlong connect; readonly attribute unsigned longlong request; readonly attribute unsigned longlong response; readonly attribute unsigned longlong domLoading; readonly attribute unsigned longlong domInteractive; readonly attribute unsigned longlong domContentLoaded; readonly attribute unsigned longlong domComplete; readonly attribute unsigned longlong load; readonly attribute unsigned longlong firstPaint; readonly attribute unsigned longlong fullyLoaded; } Simply access window.msPerformance.timingMeasures.navigation after the page has been loaded and you have the time taken to perform the navigation to the loaded document. Finally, the window.msPerformance.navigation interface contains information such as the type of navigation and additional network activity that occurred on the page to help describe the overall navigation experience. window.msPerformance.navigation interface MSPerformanceNavigation{ const unsigned short NAVIGATION = 0; const unsigned short RELOAD_BACK_FORWARD = 1; readonly attribute unsigned longlong type; readonly attribute unsigned longlong redirectedCount; readonly attribute unsigned longlong uniqueDomains; readonly attribute unsigned longlong requestCount; readonly attribute unsigned longlong startTime; } Let’s look at it in action On the IE9 Test Drive site, you can try the window.msPerformance Test Drive demo. There you see a visualization of the time to load the demo page as shown below. http://ieblog.members.winisp.net/images/Anderson_MeasuringPerf_1.png In this example, the overall navigation took 111ms to go from when the link is clicked to the time the contents are loaded within the platform preview. Check it out! Everything described here is available now in the third platform preview. Check it out at http://ietestdrive.com and try out the window.msPerformance Test Drive demo. This interface is a prototype of a working draft. The API may change, but we want to release this early so that developers can begin to use the API and provide feedback. Please give window.msPerformance interface a try and let us know what you think by providing feedback through the Connect. Anderson Quach Program Manager Edit 6/29 - correction in sentence describing demo page load time.

Our commitment to

Up to this point we have mostly talked about improved JavaScript performance in Internet Explorer 9 but we haven’t said much about any new or changed language features in the “Chakra” engine. Now, with the third Platform Preview, we can tell you about JavaScript feature enhancements which you can try for yourself. As context, the industry standard that defines the JavaScript language is ECMA-262: ECMAScript Language Specification developed and published by Ecma International. Prior to last year, it had been a decade since the introduction of the Third Edition of ECMA-262 in December 1999. In December 2009 Ecma approved the Fifth Edition of ECMA-262 as the successor to the Third Edition (a Fourth Edition was never published), and last year we debuted elements of ECMAscript 5 (ES5) support when we added native JSON support in IE8. Beyond JSON, though, ES5 standardizes many significant enhancements to the JavaScript language. New ES5 Features in the IE9 Platform Preview There are many important ES5 features implemented in IE9 Standards Document mode: New Array Methods. There are nine new methods that operate upon arrays. Two of them, indexOf and lastIndexOf, support searching an array for a particular value. They are similar in concept to the functions with the same names that operate upon strings. The other seven new Array methods allow arrays to be manipulated using a functional programming style. For example, the following snippet uses the new filter method to collect the elements of an array that meet a specific condition: //a function that tests whether menu item object is enabled or disabled function enabled(menuItem) {return menuItem.status==="enabled"}; //Assume that individual menu items have a status property and //that a menu object has a items property which is an array. //Create an new array containing just the enabled menu items var enabledItems=myMenu.items.filter(enabled); These methods support various forms of array processing without having to explicitly code for loops. In addition, they are all generic, which means that they can be applied to any object with numerically indexed properties and not just objects created using the Array constructor. You can explore demos using these methods on the IE9 Test Drive site and they are summarized in the following table: Array method Description indexOf Search an array for the first occurrence of some value lastIndexOf Search an array for the last occurrence of some value forEach Apply a function to each element of an array every Determine if some condition is true for every element of an array some Determine if some condition is true for at least one element of an array map Apply a function to each element of an array and produce a new array containing the results filter Collect into a new array all the elements of an array for which some condition is true. reduce Accumulate a single value based upon all elements of an array. reduceRight Accumulate a single value based upon all elements of an array, processing them in reverse order. Enhanced Object Model. The most important new feature in this area is accessor properties. These are also sometimes called “getter/setter” properties because they allow JavaScript programmers to control what happens when the program gets or sets the property value. ES5’s enhanced object model also allows programmers to control whether individual properties can have their value changed, are enumerated by for-in statements, and whether or not the property can be deleted or redefined. It also allows the programmer to control whether new properties can be added to an object. ES5 also enables JavaScript programmers to more easily create objects that inherit from specific prototype object and to inspect and manipulate the property definitions of object. All of these enhanced object model capabilities are accessible via new function properties of the Object constructor. However, note that the current release of the IE9 platform preview does not yet fully support use of these methods with DOM objects. Object function Description Object.defineProperty Create or modify a property definition. The property can be defined as either a data or an accessor property and its writable, enumerable, and configurable property attributes can be set. Object.defineProperties Create or modify multiple property definitions in a single operation. Object.create Create a new object with a specified prototype and optionally a set of specified properties. Object.getPrototypeOf Retrieve the prototype object of the argument object. Object.getOwnPropertyDescriptor Return a complete description of the attributes of a property of an object. Object.getOwnPropertyDescriptor Return an array containing the names of all of an object’s non-inherited properties. Object.keys Return an array containing the names of all of an object’s non-inherited properties that would be iterated by the for-in statement. Object.seal Disallow adding any additional properties to the argument object and disallow deletion or redefinition of any existing properties. Individual property values may still be modified if their writable attribute have the value true. Object.freeze Disallow adding any additional properties to the argument object and disallow deletion or redefinition of any existing properties. In addition the values of existing property may not be modified. Object.isSealed Test whether an object is has been sealed using Object.seal. Object.isFrozen Test whether an object is has been frozen using Object.freeze. Object.preventExtensions Disallow adding any additional properties to an object. Object.isExtensible Test whether new properties may be added to an object. Other Computational Methods and Functions. In addition to the new Array and Object methods, ES5 adds or enhances several additional methods that perform useful computational operations. Method or Function Description String trim Removes “white space” from the beginning and end of a string. Date toISOString Convert a Date to a string format that all ES5 implementations must support. Date.parse Existing function enhance to recognize the format create by toISOString. Date.now Return a numeric timestamp Array.isArray Reliably test whether an object is an Array Function bind Preset some of the arguments of a function to fixed values. ES5 also includes a number of other minor changes and technical corrections to the language. Many have no impact on most JavaScript programmers because they simply standardize minor features that have always been supported by browsers. An example of such a feature is line continuations within string literals. One minor change is of more interest. Reserved names such as if, super, and public can now be used as property names within object literals and for property access following a dot. With this change, programmers no longer need to worry about a long and arbitrary list of words that they can’t easily use as property names. “Same Script, Same Markup” Updating IE9’s JavaScript implementation isn’t just about supporting new ES5 features. It’s also about ensuring that web developers can use the same markup and script within IE9 that they use in other browsers. Earlier this year we released documents that describe in detail how JavaScript as implemented in IE8 differs from the ECMAScript, Third Edition Specification. In IE9 standards mode, we looked closely at these differences and made changes to ensure that IE9 can execute the same script as other browsers.

Being all in with HTML5 means being committed to enabling developers to use the Same Markup on the Web, and that includes the same JavaScript code. The Chakra JavaScript engine in the latest Platform Preview release of Internet Explorer 9 includes significantly improved support for the ECMAScript (ECMA-262) standard, including features new to the recently finalized ECMAScript Fifth Edition (often called ES5 for short). This also includes complete support for JavaScript tests in Bucket 6 of the Acid3 test suite. Microsoft has been a key contributor to the ES5 effort. During the drafting of ES5, Microsoft was the first to provide a private reference implementation of the specification along with conformance tests to the ECMA Technical Committee 39 (TC-39). Having the same markup work correctly across the web requires comprehensive tests that all browsers can rely on to deliver interoperable implementations. Microsoft has worked with the W3C to provide definitive test suite specifications for HTML, CSS, SVG, and other web standards. In recent months, we’ve contributed nearly 200 new tests to the W3C for these standards. Unlike specifications governed by W3C, JavaScript does not have a definitive test suite owned and sponsored by ECMA. In the absence of such a suite, browser vendors and others have tried to fill the gap. We have published a suite of tests for new features in ECMAScript 5 through Codeplex, and will soon publish them on the Internet Explorer Testing Center. Other browser vendors have their own test suites. While all these tests are useful, they also have inconsistencies: different coverage of standards, different test harnesses, and implementation issues. Many in the industry have questioned whether we should have a more consistent way to test ECMAScript by working together. That’s why Microsoft is now working with other browser vendors and other members of TC-39 to create an official test suite for ECMAScript sponsored by ECMA. We plan to help build this test suite, and contribute tests to it. We also welcome other browser vendors’ contributions to this effort. Ensuring the same script works everywhere is vital to web developers. We look forward to hearing your feedback as we can continue to work on making this a reality. Thanks, Shanku Niyogi General Manager, JavaScript Team http://extremetechsupport.com/data/MetaMirrorCache/0e0c395b9ee8304397b132a1e59aa63c._.gif View the full article

Have you tried using system restore to roll back to a dat before you got the update? Try doing that and then installing your drivers to see if that fixes the problem.

Bulletin Severity Rating:Important - This security update resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow data tampering of signed XML content without being detected. In custom applications, the security impact depends on how the signed content is used in the specific application. Scenarios in which signed XML messages are transmitted over a secure channel (such as SSL) are not affected by this vulnerability. View the full article

Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Internet Information Services (IIS). The vulnerability could allow remote code execution if a user received a specially crafted HTTP request. An attacker who successfully exploited this vulnerability could take complete control of an affected system. View the full article

Bulletin Severity Rating:Important - This security update resolves one publicly disclosed and two privately reported vulnerabilities in Microsoft SharePoint. The most severe vulnerability could allow elevation of privilege if an attacker convinced a user of a targeted SharePoint site to click on a specially crafted link. View the full article

Bulletin Severity Rating:Important - This security update resolves fourteen privately reported vulnerabilities in Microsoft Office. The more severe vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. View the full article

Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in the Windows OpenType Compact Font Format (CFF) driver. The vulnerability could allow elevation of privilege if a user views content rendered in a specially crafted CFF font. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. View the full article

Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in COM validation in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Excel, Word, Visio, Publisher, or PowerPoint file with an affected version of Microsoft Office. The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful a user must open an attachment that is sent in an e-mail message. View the full article

You could have a corrupt ISO. Try downloading it again or try burning it 1x speed.

You could have a corrupt ISO. Try downloading it again or try burning it 1x speed.

I'll be first to introduce myself to anyone that happens along. My name is Bob Schwarz and I am the owner of this community as well as a few other which are all a part of Schwarz Network. I am an avid Microsoft supporter and also a beta tester of Microsoft software. I like to be on the bleeding edge so I will run the betas as my main software. In doing so I learn a lot. I will use Microsoft Help Forums to share that knowledge and help people.

Posted on half of Pete LePage on the Internet Explorer team. Protecting Windows customers is an absolute priority for the Internet Explorer engineering team. That's why we work hard to make sure our browser has some of the best safety and privacy features available today. We've spent a lot of time talking about some of the more visible safety and privacy features like our SmartScreen Filter, that protects users from socially engineered malware and phishing attacks; or the InPrivate features that put you in control of how you share your information. But there are a number of other features that aren't as visible and help prevent vulnerabilities from being exploited, though some are only available on newer platforms like Windows Vista or Windows 7. For example, Protected Mode helps ensure exploited code cannot access system or other resources. Address Space Layout Randomization (ASLR)helps prevent attackers from getting memory addresses to use in buffer overflow situations. Data Execution Prevention (DEP) helps to foil attacks by preventing code from running in memory that is marked non-executable. These defense in depth protections are designed to make it significantly harder for attackers to exploit vulnerabilities. One way to think about what defense in depth techniques do is similar to the features offered by fire-proof safes that make them last longer in a fire. Without defense in depth techniques, a fire-proof safe may only protect its contents for an hour or two. A stronger fire-proof safe with several defense in depth features still won't guarantee the valuables forever, but adds significant time and protection to how long the contents will last. Recently, there has been some news from some security researchers about how they've managed to bypass DEP or ASLR in Internet Explorer (and Firefox as well). But like the fire-proof safe example above, defense in depth techniques aren't designed to prevent every attack forever, but to instead make it significantly harder to exploit a vulnerability. Defense in depth features, including DEP and ASLR continue to be highly effective protection mechanisms. Internet Explorer 8 on Windows 7 helps protect users with all of these defense in depth features, and there is nothing that you have to do to enable them - they're on by default. That's one of the reasons why we encourage users to make sure they're running the latest and most up-to-date software. http://windowsteamblog.com/aggbug.aspx?PostID=536758 View the full article

Earlier today, Core Security Technologies issued a security advisory for our Virtual PC (VPC) software. The advisory calls out a proof of concept where the virtual machine monitor allows memory pages above the 2GB level to be read from or written to by user-space programs running within a guest operating system. The advisory explicitly calls into question the effectiveness of many of the security hardening features of Windows, including DEP, SafeSEH, and ASLR. Folks are already starting to ask questions about this advisory, so I thought it would be best to answer them here. First and foremost, customers should rest assured that this advisory does not affect the security of Windows 7 systems directly. The security safeguards (DEP, ASLR, SafeSEH, etc.) that are in place remain effective at helping protect users from malware on that system. In addition, Our Windows Server virtualization technology, Hyper-V, is also not affected by this advisory. Applications running inside a Hyper-V guest continue to benefit from these same security safeguards. The functionality that Core calls out is not an actual vulnerability per se. Instead, they are describing a way for an attacker to more easily exploit security vulnerabilities that must already be present on the system. It's a subtle point, but one that folks should really understand. The protection mechanisms that are present in the Windows kernel are rendered less effective inside of a virtual machine as opposed to a physical machine. There is no vulnerability introduced, just a loss of certain security protection mechanisms. The functionality described only affects the guest operating system that is running within a Virtual PC environment. In practice, the guest operating system in a Virtual PC environment is typically Windows XP as part of Windows XP Mode. Of the safeguards Core calls out, it should be noted that only DEP is available in Windows XP SP3; Windows XP doesn't contain ASLR. The net result? An attacker can only exploit a vulnerable application running "inside" the guest virtual machine on Windows XP, rather than Windows 7! We believe that Windows XP Mode and Windows Virtual PC are great bridging strategies to help customers who have legacy applications get up and running on Windows 7. For those customers who need Windows XP Mode, they should look to install only the required subset of applications that need Windows XP in order to function properly while planning to move those applications to Windows 7 in the future. One final point, whether the version of Windows you are running is virtualized or running physically on a computer, it's equally important to follow sound security practices. You should make sure your firewall is enabled, that you have anti-virus software installed, and that you keep your software up to date through automatic updates. For more information on how to protect your PC, visit http://www.microsoft.com/protect/. http://windowsteamblog.com/aggbug.aspx?PostID=535645 View the full article

The RSA Security Conference is underway this week in San Francisco and Microsoft's own Scott Charney, Corporate Vice President Trustworthy Computing, delivered one of yesterday's keynote addresses: Creating a Safer, More Trusted Internet. The keynote centered on Microsoft's Trustworthy Computing initiative, our End to End Trust vision, and how we have been working to further protect the security and privacy of for all the users of the Internet. The End to End Trust vision has not changed over the last couple of years and we don't anticipate it changing for some time. We continue to make progress along this vision and Scott outlined many areas where we are actively engaged and providing thought leadership. The keynote showcased how our vision for End to End Trust applies to cloud computing, detailed progress toward a claims-based identity meta-system, and called for public and private organizations alike to prevent and disrupt cybercrime. One of the most interesting aspects from my perspective was the notion of creating a "World Health Organization" model for the Internet. We are calling on the governments and industry to creatively help prevent cybercrime by implementing technology and policy models that assess PC health before connecting the machine to the Internet. This is an ambitious vision and one I am proud to support. If you want to know more about the things Scott talked about in his keynote and our End To End vision, I encourage you to visit the newly revamped End To End Trust website for more details. http://windowsteamblog.com/aggbug.aspx?PostID=534863 View the full article

Normally, Start Menu Search can only be used to search for programs and files. But with a simple change, you can also use it to trigger Internet searches using your default browser and search engine. View the full article

As a web browser, Internet Explorer is a platform for many kinds of add-ons (here are some great examples). IE users generally don’t distinguish between add-ons and Internet Explorer when it comes to performance, reliability, or privacy. They just use IE and expect it to work. That’s why the best add-ons do a good job of integrating with the IE user model, letting customers “just browseâ€Â. Recently, Adobe announced that their latest version of Flash supports InPrivate Browsing. Version 10.1 of Flash will now respond to interfaces we built into IE8 when we first released it. When you browse to a site with Flash, it can store “Flash Cookiesâ€Â, which are files created by Flash that websites can use to store data. Now, just like your IE history and cookies, these Flash objects will be deleted when you close your InPrivate Browsing window. We’re really happy to see Flash adopt our InPrivate Browsing feature, and happy to see that they’ve also supported private browsing in Firefox and Chrome as well. Great job Flash team! Andy Zeigler Program Managerhttp://extremetechsupport.com/data/MetaMirrorCache/0d0741b78a9de6396b439a7e493f5dc8._.gif View the full article

Microsoft is updating the anti-piracy technologies in Windows 7 to thwart new hacks and exploits. But the big news is that the update will always be optional and won't change the Windows 7 user experience in any way. View the full article

Last week at the Black Hat DC conference a presenter showed how one manufacturer's Trusted Platform Module (TPM) could be physically compromised to gain access to the secrets stored inside. Since that presentation, I have had plenty of questions from customers wanting to know how this might affect Windows. The answer? We believe that using a TPM is still an effective means to help protect sensitive information and accordingly take advantage of a TPM (if available) with our BitLocker Drive Encryption feature in Windows 7. The attack shown requires physical possession of the PC and requires someone with specialized equipment, intimate knowledge of semiconductor design, and advanced skills. While this attack is certainly interesting, these methods are difficult to duplicate, and as such, pose a very low risk in practice. Furthermore, it is possible to configure BitLocker in a way that mitigates this unlikely attack. With our design for BitLocker in Windows 7, we took into account the theoretical possibility that a TPM might become compromised due to advanced attacks like this one, or because of poor designs and implementations. The engineering team changed the cryptographic structure for BitLocker when configured to use enhanced pin technology, discussed in the BitLocker Drive Encryption in Windows 7: Frequently Asked Questions. As a result, an attacker must not only be able to retrieve the appropriate secret from the TPM, they must also find the user-configured PIN. If the PIN is sufficiently complex, this poses a hard, if not infeasible, problem to solve in order to obtain the required key to unlock the BitLocker protected disk volume. BitLocker remains an effective solution to help safeguard personal and private data on mobile computers. For more information on BitLocker best practices, we have published guidance in The Data Encryption Toolkit for Mobile PCs. This toolkit discusses the balance of security and usability and details that the most secure method to use BitLocker in hibernate mode and a TPM+PIN configuration. With the advancements in Windows 7, users that are worries about potential attacks such as this one should also enable the Allow enhanced PINs for startup group policy setting for their environment. http://windowsteamblog.com/aggbug.aspx?PostID=533441 View the full article

With the dust settling, it's time to take a final pre-release look at Apple's iPad. Does it live up to the hype? Or it is just another unnecessary device that few will need? View the full article

Is Microsoft no longer the company that brings us the future? A former Microsoft executive blames internecine warfare for the company's failures. But Maybe Microsoft is simply too big not to fail. View the full article

Bulletin Severity Rating:Important - This security update resolves one publicly disclosed and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on to the system and then ran a specially crafted application. To exploit either vulnerability, an attacker must have valid logon credentials and be able to log on locally. The vulnerabilities could not be exploited remotely or by anonymous users. View the full article