So far, you have seen how you can opt into the Windows 7 Taskbar Jump List experience by creating a Jump List for your application (in the Developing for the Windows 7 Taskbar – Jump into Jump Lists – Part 2 post.) You have also seen the Windows 7 default support for listing “Recent” or “Frequent” destinations as well as how to create your own custom categories. In this post, we will explore more of the Jump List features and discover how easy it is to add Tasks to your application's Jump List.

User tasks are customized tasks that get their own Tasks category. As a developer, you can set the title of the displayed task, the icon on the left and, more important, and the “application” that is launched once you activate this task. You can view user’s tasks as shortcuts to the functionality our applications can provide. As you might remember, user tasks are the verbs in our vocabulary; for example, Windows Media Player provides a “Resume last playlist” task and Sticky Notes provides a “New note” task.

A user task is usually an IShellLink object that launches any given application (your application or any other one you choose) with specific command line parameters. While you cannot categorize tasks, you can separate them using a special separator object. Here’s an example of a Jump List that uses a separator to split three tasks into a group of two plus an additional task:

So what does it take to add tasks to a Jump List? Well, not that much. Basically it is a single call to the AddUserTasks function in an interface that we are already familiar with, the ICustomDestinationList (ICustomDestinationList::AddUserTasks(IObjectArray) Method). Looking at the code, you will see a single line of code, hr = pcdl->AddUserTasks(poa);. However, as always, someone needs to create and build that poa, IObjectArray, and parameter and fill it with relevant information. Let’s review that process now.

We are going to create a collection of IShellLinks. This collection will be later cast to the required IObjectArray parameter. The following code is the beginning of that process.

IObjectCollection *poc;
HRESULT hr = CoCreateInstance(
D_EnumerableObjectCollection, NULL, CLSCTX_INPROC, IID_PPV_ARGS(&poc));
if (SUCCEEDED(hr))
{
    IShellLink * psl;
    hr = _CreateShellLink(L"/Task1", L"Task 1", &psl);
    if (SUCCEEDED(hr))
    {
        hr = poc->AddObject(psl);
        psl->Release();
    }
}

Here you can see that we used COM (again) and CoCreate and IObjectCollection, poc. Next, we call to a helper function called CreateShellLink that receives three parameters:

• The first parameter is the command line argument to the task
• The second parameter is the title that will be displayed
• The last parameter is a pointer to IShellLink

The object is then filed according to the relevant information.

Last, we add the recently created IShellLink to the object collection. You may ask yourself where the parameter that provides the path to the executable that we plan to launch is. Well that is a good question. For simplicity, we have hard-coded that information as shown in the following code snippet:

if (SUCCEEDED(hr))
{
    hr = _CreateShellLink2(
            L"C:\\Users\\<my user>\\Documents\\new text file.txt", 
            L"NotePad", 
            &psl);

    if (SUCCEEDED(hr))
    {
        hr = poc->AddObject(psl);
        psl->Release();
    }
}

Here you can see we call to a hard-coded _CreateShellLink2 function. This receives a path to a text file as one of its parameters and, as you can see, we are launching Notepad.

Here is the code for the CreateShellLink2 function:

HRESULT _CreateShellLink2(
            PCWSTR pszArguments, PCWSTR pszTitle, 
            IShellLink **ppsl)
{
    IShellLink *psl;
    HRESULT hr = CoCreateInstance(
                    CLSID_ShellLink, 
                    NULL, 
                    CLSCTX_INPROC_SERVER, 
                    IID_PPV_ARGS(&psl));
    if (SUCCEEDED(hr))
    {
        hr = psl->SetPath(c_szNotePadExecPath);
            if (SUCCEEDED(hr))
            {
                hr = psl->SetArguments(pszArguments);
                if (SUCCEEDED(hr))
                {
                    // The title property is required on Jump List items 
                    // provided as an IShellLink instance. This value is used 
                    // as the display name in the Jump List.
                    IPropertyStore *pps;
                    hr = psl->QueryInterface(IID_PPV_ARGS(&pps));
                    if (SUCCEEDED(hr))
                    {
                        PROPVARIANT propvar;
                        hr = InitPropVariantFromString(pszTitle, &propvar);
                        if (SUCCEEDED(hr))
                        {
                            hr = pps->SetValue(PKEY_Title, propvar);
                            if (SUCCEEDED(hr))
                            {
                                hr = pps->Commit();
                                if (SUCCEEDED(hr))
                                {
                                    hr = psl->QueryInterface
                                            (IID_PPV_ARGS(ppsl));
                                }
                            }
                            PropVariantClear(&propvar);
                        }
                        pps->Release();
                    }
                }
            }
        else
        {
            hr = HRESULT_FROM_WIN32(GetLastError());
        }
        psl->Release();
    }
    return hr;
}

To start with, again we need to use COM and CoCreate to create an IShellLink COM object. A quick look at the SDK reveals that the IShellLink object has many functions. Here are few that we will use:

• GetPath Gets the path and file name of a Shell link object, that is the path to the executable
• GetShowCmd Gets the show command for a Shell link object, the executable name
• SetArguments Sets the command-line arguments for a Shell link object
• SetDescription Sets the description for a Shell link object; the description can be any application-defined string
• SetIconLocation Sets the location (path and index) of the icon for a Shell link object SetPath Sets the path and file name of a Shell link object
• SetWorkingDirectory Sets the name of the working directory for a Shell link object

As you can see, for each parameter we must get and set appropriate methods. There are additional parameters; take a look at the SDK - IShellLink if you want to learn more.

In the above example, we set the path to Notepad (by default in the Windows 7 installation, c:\windows\notepad.exe). We also passed a hard-coded (not a good practice) command line argument pointing to a text file in my private document folder (C:\Users\<my user>\Documents\new text file.txt.) The rest of the code sets the title property that is required on Jump List items.

We call the CreateShellLink2 and CreateShellLink a few more times to add all three shortcuts as shown in the above screen capture.

Now let’s add a separator.

To add a separator to our Task List, we need to create an IShellLink, and set the PKEY_AppUserModel_IsDestListSeparator property using the COM property variant as shown in the following code snippet:

// The Tasks category of Jump Lists supports separator items. 
// These are simply IShellLink instances that have the 
//  PKEY_AppUserModel_IsDestListSeparator property set to TRUE. 
// All other values are ignored when this property is set.
HRESULT _CreateSeparatorLink(IShellLink **ppsl)
{
    IPropertyStore *pps;
    HRESULT hr = CoCreateInstance(
                    CLSID_ShellLink, 
                    NULL, 
                    CLSCTX_INPROC_SERVER, 
                    IID_PPV_ARGS(&pps));
    if (SUCCEEDED(hr))
    {
        PROPVARIANT propvar;
        hr = InitPropVariantFromBoolean(TRUE, &propvar);
        if (SUCCEEDED(hr))
        {
            hr = pps->SetValue(PKEY_AppUserModel_IsDestListSeparator, propvar);
            if (SUCCEEDED(hr))
            {
                hr = pps->Commit();
                if (SUCCEEDED(hr))
                {
                    hr = pps->QueryInterface(IID_PPV_ARGS(ppsl));
                }
            }
            PropVariantClear(&propvar);
        }
        pps->Release();
    }
    return hr;
}

Here you can see that we used CoCreate to create an IShellLink object. Next, we set a PROPVARIANT, propvar, to true and set the IShellLink object PKEY_AppUserModel_IsDestListSeparator property to true. This will instruct the OS to render this IShellLink as a separator and not just as regular IShellLink.

OK, that was long. Now let’s look at the short version, using .NET. For that we are going to use the Windows API Code pack for the .NET Framework.

As we can expect from .NET, we get abstraction from most of the “COM code behind” that is required. The Microsoft.WindowsAPICodePack.Shell.Taskbar namespace includes a JumpListLink object that extends the ShellLink object and implements IJumpListTasks.

The JumpList class contains the UserTasks collection of IJumpListTasks to which you can simple add new JumpListLink objects as shown in the following code snippet:

// Path to Windows system folder
string systemFolder = 
        Environment.GetFolderPath(Environment.SpecialFolder.System);

jumpList.UserTasks.Add(new JumpListLink
{
    Title = "Open Notepad",
    Path = Path.Combine(systemFolder, "notepad.exe"),
    IconReference = new IconReference(
(systemFolder, "notepad.exe"), 0)
});

Using the C# 3.0 syntax, we initialize a new JumpListLink object and add it to the UserTasks collection. As you can see, the managed code JumpListLink has very similar properties to the native one (which makes perfect sense). We also added an icon to the Notepad shortcut to the above code, but didn't provide any command line parameters.

You want to add a separator? Well, that is also very easy: just add a JumpListSeperator object to the UserTasks collection.

jumpList.UserTasks.Add(new JumpListSeparator());

Taskbar.JumpList.RefreshTaskbarList();

After the refresh, the Jump List looks as follows:

I’ve compiled a version of a native example from the Windows 7 SDK. You can get a copy of that code from here

You can download the Windows API Code Pack that includes the manage code example we used in this post.

This concludes our Jump List discussion. Our next Taskbar topic is Icon Overlay.

If you haven visited Talking About Windows.com in a while, you are missing a lot!

You missed Microsoft Engineers like Ian Burgess talking about the engineering design of DirectAccess and BitLocker and Mario Garzia discussing application compatibility and how Windows 7 works with legacy applications.

You can interact with IT pros like Darren Baker, the National Director of Infrastructure Solutions for Sogeti USA talk about how virtualization and imaging has made implementing Windows 7 in his organization easier.

Talking About Windows.com is your chance to hear what Microsoft Engineers and IT pros like you have to say and gives you a chance to interact with them.

Hear what they have to say and get heard. Join the conversation.

Today I am featuring guest Blogger Jeremy Chapman from the Windows Product Team. To see more of Jeremy, view our latest VRT on Application Compatibility. To learn more, click here. Below is his interview with Jeff Wettlaufer from the System Center Team.

I recently interviewed fellow product manager, long-time friend and fellow “automator” of operating system deployment tasks, Jeff Wettlaufer, from the System Center team. He explained the new features in the recently released System Center Configuration Manager 2007 Service Pack 2 Beta (let’s just call it “ConfigMgr07 SP2” for short), and how that will help with Windows 7 deployment and management.   

Jeremy: What is ConfigMgr07 SP2 and where do people get it?
Jeff: Thanks for having me and thanks for saying configmgr and not sccm for once… SP2 adds support for new operating systems – Windows 7 and Server 2008 R2 and Windows Vista SP2 – along with exciting enhancements around Intel AMT integration. If you have the  Intel vPro hardware, there are many things we can do. Out of Box Wired/Wireless Management: Wireless Profile Management, End Point Access Control: 802.1x support, Access Monitor: Audit Log, Remote Power Management: Power State Configuration. You were at Microsoft Management Summit in May and already saw this, but we demoed waking Windows XP PCs up wirelessly and kicking off the deployment to Windows 7 using USMT and hard-link migration. Those machines were mid range Dell latitude laptops, and we migrated to Windows 7 with 4GB user data and apps in 18 minutes.

Jeremy: I saw that, it was amazing. There is a video of that on Microsoft PressPass. And I thought I was fast with 23-minute migrations from Windows XP on my computers. Let’s take a step back for a second. From the 10,000 ft level, how does ConfigMgr07 help with client management?

Jeff: A lot of people probably know about how ConfigMgr can help with their inventory, software update (patch) management, and application distribution - but you may not be aware of things like the ability to manage PCs over the Internet, in the ‘serverless’ branch, at home, on the road and wherever people work these days.  In addition, ConfigMgr can now deploy virtual applications in the same way as SMS and ConfigMgr have always delivered traditional physical formats.  We can stream apps to desktops, or deliver the apps locally in what’s called download and execute, so even mobile laptop users can use virtual apps.  There is a lot there and I’d encourage everyone to check out http://technet.microsoft.com/en-us/configmgr/default.aspx

Jeremy: Explain Internet-based client management.

Jeff: A lot of people say that mobile workforce management is a key challenge they face today on the client. Laptops are outselling desktops and people are taking these on the road, home or otherwise not connecting to the corporate network very often. So with ConfigMgr, we can manage ConfigMgr clients when they are not connected to your company network but have a standard Internet connections. This feature has a number of advantages, including the reduced costs of not having to run virtual private networks (VPNs) and being able to deploy software updates to remote users while they are traveling or at home. 

Jeremy: Explain the new client hardware compatibility reports in HW inventory.

Jeff: We’ve updated the hardware compatibility reports in ConfigMgr to include the minimum bars for Windows 7 hardware compatibility, so you can see which machines in your environment are capable of running Windows 7 in a single view.  We did this for Vista, and we found it really helped organizations understand where they were at the hardware level.  We are taking that work forward to also help customers understand from their existing inventory of managed systems, which ones meet the minimum requirements before they start for Windows 7.  As well as helping understand the hardware side of readiness, we also are providing support for applications. In the past we have provided support for the Application Compatibility Toolkit through a connector, that brings the app knowledge right into the Admin console.  As ACT moves to version 6 for Windows 7, we will update the connector to support that effort.  The ACT data is a real hidden gem, in 1 view you can see your apps – and organize your testing to compare it in that 1 view to the vendor, the community, and even Microsoft.  This information can really help make the right decisions moving forward, and ConfigMgr can help migrate apps by supporting Application virtualization where needed.

Jeremy: How about the operating system deployment support.

Jeff: With any operating system deployment, you have to migrate user files off the old system, lay down a new OS, configure it with updates, packages and apps, then restore the user files and settings you migrated off in the first step. ConfigMgr can automate the whole process and do it without you having to visit the targeted PCs. I know you’ve got a lot of videos walking through the Lite Touch Installation process on the web, but ConfigMgr can even target the PCs for installation and kick off the process for you. Along the way we encrypt your user state, passwords and product keys, so it is more automated and enterprise-class.  ConfigMgr has built on the great work in deployment technology from the Windows gang, by embracing and integrating the tools usage like WinPE, USMT, BitLocker and more.  Our Task Sequencer helps to truly separate the hardware from the OS and application layers, by using the boot.wim and install.wim formats from Windows, and then providing a console UI experience to chain user data migration, applications and other settings. 

Jeremy: Are all the Windows 7 deployment enhancements like the image servicing in DISM (Deployment Image Servicing and Management), hard-link migration, and Multicast included in the ConfigMgr SP2’s OS deployment?

Jeff: Like you saw at MMS, we do support USMT in ConfigMgr07, including hard-link migration. The Microsoft Deployment Toolkit 2010 Beta 2 extensions for SP2 enable hard-link migration without additional customization, or you can call the User State Migration Tool in a custom task to use the hard-link commands.  Multicast is also supported and since we use the Windows 7 deployment tools, dism.exe is leveraged as well.

Jeremy: When can we expect RTM release of SP2?

Jeff: We recently made the Beta available and the final version should be ready within 90 days of Windows 7 RTM. Everything depends on the customer feedback we get from the Beta though – quality is the priority.

Jeremy: Thanks Jeff. If you have ConfigMgr and want try to SP2 Beta, visit connect.microsoft.com, join the System Center Configuration Manager 2007 Service Pack 2 Connection and download SP2.

Back on May 26th, we announced Windows Vista SP2 and Windows Server 2008 SP2 hit the RTW milestone. The first wave of languages (English, German, French, Spanish, and Japanese) was made available on Windows Update at that time. Today, we are releasing the remaining languages for Windows Vista and Windows Server 2008 SP2 to Windows Update.

For more information, including languages, on Windows Vista and Windows Server 2008 SP2 click here.

If you have Windows Update configured to download updates automatically, Windows Update will notify you when Windows Vista SP2 and Windows Server 2008 SP2 is ready to be installed.

Last week we posted the promo teaser here on the Springboard Blog for the Virtual Roundtable on Application Compatibility. As of today, the rebroadcast is live and ready for you to view.

If you missed the live broadcast, here’s your chance to hear Aaron Margosis, Paul Schnell; Darren Baker (also watch for Darren’s interview on TalkingAboutWindows next week), Greg Lambert Michael Sciacqua, Gov Maharaj, Celine Allee, Jeremy Chapman, and of course Mark Russinovich discuss the issues in getting your Windows XP and Windows Vista applications to work with Windows 7 quickly and effectively. From ACT 5.5 and Shims to discussions on key resources and tools, this VRT is a must see for those IT pros looking to make the jump to Windows 7.

To view the complete VRT, click here. 

Also, here are some of our previous VRTs you can view as well.

• Windows Vista Performance
• Let’s Talk Windows Vista Security
• Windows Vista Adoption and Deployment

Hi, I am Michael Benny, a tester on networking in Internet Explorer. During the Internet Explorer 8 development cycle I was responsible for verifying many of the pieces of Compatibility View. We have discussed earlier about how the Compatibility View feature works and the steps a site author can take to ensure the Compatibility View button never displays for IE8 users visiting your site. There is another scenario that we have not yet covered, if my site was already added by an End-user to their Compatibility View list before my site was updated, and now it’s ready, how would I get the site off of that user’s list? I wanted to share one particular feature that we haven’t blogged about before – the ability to “trim” domains from a user’s Compatibility View list.

As a quick refresher on Compatibility View, Internet Explorer 8 uses its most standards-compliant rendering behavior by default. This configuration may cause problems with websites that expect the older, less interoperable behavior from IE. As a site administrator, you have a number of tools at your disposal to ensure IE8 clients have a compatible experience with your website – taking advantage of the standards improvements in IE8 or using the X-UA-Compatible header to tell IE8 “display content as IE7 would have” being the two most common options site authors have requested.

End-users also have a way to mitigate compatibility issues they may encounter in the course of normal browsing on sites that do not have the X-UA-Compatible option explicitly set. They can choose to view a site in Compatibility View, an IE7 emulation mode, by toggling a button on the browser’s address bar. Internet Explorer 8 remembers Compatibility Button presses on a per-domain basis in order to provide a more seamless return-visit experience. These domains are stored in a registry location on the client at HKCU\Software\Microsoft\Internet Explorer\Browser Emulation.

When a site is in a user’s Compatibility View list, the default document rendering behavior will be set to IE7 Emulation mode and it will affect the User Agent String used to request pages. As a site admin, you are always in control of how your site is displayed. Using the X-UA-Compatible tag, you can override Compatibility View on the client and dictate the exact rendering mode your site should be displayed in. Site admins also have the option to deploy the X-UA-Compatible header for a large section of pages as an HTTP header (Example: IIS and Apache). You can take this one step further by using the X-UA-Compatible to also remove your domain’s entry from the user’s Compatibility View list. Here’s how…

For a domain to be trimmed, the End-user must first land on a page with the X-UA-Compatible Meta tag or HTTP Header. The presence of an IE8 <META> tag does indeed trigger the list clean-up process, but that’s not all there is to it. The next step is to look for a file called ‘IEStandards.xml’ placed at the domain root. IE will first make an HTTP HEAD request for this file looking for its presence. Absence of the file means that the domain remains in the user list. If the HEAD request is returned successfully, then IE will perform an HTTP GET request for the file. In the file, a tag called ‘IE8StandardsMode’ signals the list entry is really ready to be trimmed. Here is an example of the correct server configuration for ‘example.com’:

1. Set the page X-UA-Compatible header set to a value indicating IE8 mode
   <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE8">
2. Place a file at the root of the domain ‘example.com’
   http://example.com/IEStandards.xml
3. The file should have a root XML element called IE8StandardsMode:
   <IE8StandardsMode/>

Site admins should be aware that this affects all sub-domains. So if a user visits a page at ‘support.example.com’, which is configured as shown here, but there is another sub-domain like ‘mail.example.com’, which would still like to respect the user’s choice to put the site into Compatibility View, then the ‘mail’ sub-domain will use IE8 Standards mode rendering.

The entries on the Compatibility View list reflect an entire domain, example: ‘example.com’, rather than subdomains like ‘mail.example.com’ and ‘support.example.com’. IE must process the request to trim the domain entry from a source that represents the entire domain, otherwise side effects to subdomains may occur. As an example, suppose the entire ‘example.com’ domain is on the user’s Compatibility View list. Later, ‘support.example.com’ does great work to update their site to support IE8 and includes a HTTP header / <META> tag indicating that portion of the site is best viewed in IE8 Standards Mode. ‘example.com’ and ‘mail.example.com’ have still not been updated. If IE were to remove the entry for ‘example.com’ from the user’s list based solely on the presence of the HTTP header / <META> tag value found at ‘support.example.com’, the user could encounter a compatibility failure when they visit non-updated content at ‘example.com’ or ‘mail.example.com’. Checking for the ‘IE8StandardsMode’ file at the root domain level solves this case by requiring that someone “authoritative” for the domain signal list cleanup. That way, IE users can be assured of a consistent compatibility experience on the domain.

Getting the IEStandards.xml file follows a very similar model to how IE will request favorite icons for domains, but we wanted to address the issue of server overhead. To avoid IE8 making multiple and unnecessary requests to a server for this file on every page navigation with the X-UA-Compatible option set, there exists a 30 day timeout period since the last request. This 30 day timeout period is also set when a user adds a domain to their user list, so do not be alarmed if you still see IE8 Compatibility View requests after deploying the file to the domain root.

Thanks,
Michael Benny
IE Test

Update 6/4/09: Correcting a reference to IESettings.xml which should be IEStandards.xml

For those of you who manage your organization’s desktops using Windows Server Update Services (WSUS) Internet Explorer 8 will be made available via this technology starting August 25, 2009.  Internet Explorer 8 will be made available as an “Update rollup” and will be applicable to all supported languages.

Is my organization affected?

If your organization uses WSUS and has it configured to auto-approve Update rollup packages, upon acceptance of the Internet Explorer 8 End User License Agreement (EULA) by the WSUS administrator, Internet Explorer 8 will install automatically on computers running Internet Explorer 6 or 7 on supported operating systems.

What should I do if I auto-approve Update rollups but want to control when I deploy Internet Explorer 8?

To give you control over how and when Internet Explorer 8 is deployed in your environment, perform the following steps:

Before August 25, 2009:

1. Turn off auto-approve for “Update rollup” packages in WSUS, and approve the updates manually.  Note: Even if Auto-Approve for “Update rollup” is on, you will still be required to approve the Internet Explorer 8 EULA before Internet Explorer 8 is deployed to downstream clients.

After August 25, 2009:

1. Synchronize your WSUS server.
2. Decline the Internet Explorer 8 update packages.
3. If you typically auto-approve update rollup packages, you can re-enable automatic approval for “Update rollups.”

What other Internet Explorer 8 updates will be available via WSUS?

Cumulative security updates for Internet Explorer 8 and Internet Explorer 8 Compatibility View List updates will also be released via WSUS as they become available.

To deploy Internet Explorer 8 today, visit the Internet Explorer TechNet Center – among other useful resources you’ll find an Internet Explorer Deployment Guide and information about the Internet Explorer Administration Kit which explains how to generate a MSI installer and distribute it using Systems Management Server or Group Policy.

Eric Hebenstreit
Lead Program Manager

We are pleased to announce the availability of Internet Explorer 8 on Windows XP for 5 additional languages today.  These languages were tagged as “Coming Soon” in our blog post early June. Please visit our World wide sites page to download Internet Explorer in your preferred locale/ language.

Languages newly available on Windows XP:

• Telugu
• Malayalam
• Punjabi (India)
• Kannada
• Bengali (India)

For reference, here’s a table with the full list of IE8 availability:

Thanks,
Vishwac Sena Kannan,
International Program Manager | Internet Explorer.

Recently, a number of people have asked me what I think about Mozilla’s Content Security Policy draft spec.  Back in January, I went on record as being someone who thinks that CSP is a good idea. 

CSP is a mechanism for declarative security, whereby a site communicates its intent and leaves it up to the user-agent to determine how to enforce it.

There are a number of benefits to declarative security mechanisms:

1. Reduced compatibility risks. Because sites must opt-in and declare what, if any, restrictions they want, new security features may be added to the user-agent with decreased compatibility fallout.
2. Clear intent. By plainly declaring which restrictions are desired, browsers need not try to “guess” the site’s intent.  For instance, when explaining that frame-breaking JavaScript cannot be relied upon to prevent ClickJacking, Kymberlee noted:
   

   If you don’t design something to prevent a security vulnerability, odds are that it doesn’t do a very good job of doing it.
   
   Because declarative security features are designed solely to mitigate security threats, browsers may implement the restrictions however they want, and can patch any holes found in the restrictions without unexpectedly breaking unrelated functionality.

3. Usability. By allowing a site to declare its security policy, browsers can make some security decisions on the user’s behalf.
4. Auditability. It is straightforward to build tools that scan content for policies and determine if they meet the publishing organization’s expectations.

Internet Explorer has a rich history in this space: HTTPOnly, SECURITY=RESTRICTED frames, X-Content-Type-Options, X-Download-Options, X-Frame-Options are all declarative security mechanisms first implemented in IE, and now supported by other browsers to varying degrees. 

The ideas behind the CSP draft are not new, and it is but one of many proposals for declarative security, from BEEP to HTML5 sandboxing.  In some respects it overlaps with other mechanisms for restricting script, although if CSP is successful, new directives will likely be created to provide uniform specification of the available policies.

While valuable, declarative security mechanisms are not without their challenges:

1. Plugins. Unless plugins have been blocked outright, they must be aware of, and enforce, the declared security policies.  Because plugins are provided by many different vendors, this requirement may prove challenging in real-world deployments.
2. Misconfiguration.  CSP is only as valuable as the policies configured by the developer or administrator, and a number of major sites have suffered breaches due to misconfiguration of security policy files. Ira Winkler claims [p143] that government studies indicate that 70% of computer intrusions are a result of configuration problems.
3. New attack surface. The very mechanisms used to implement CSP will be probed by hackers, and comprehensive fuzzing and penetration testing will be required to help mitigate the attack surface added.  Furthermore, if a hole is found that enables an attacker to circumvent a given policy within a given user-agent, that user-agent’s reputation may be harmed-- even if other user-agents do not attempt to support that policy.
4. Debuggability. Web developers already face significant challenges in developing their pages, and introducing new security policies will require that tools be updated to clearly indicate when content has been blocked due to security policies. Sites might inadvertently set overly restrictive policies and failure to catch mistakes via comprehensive testing could lead to a confusing user experience.
5. Dynamic content. It may prove difficult to author workable policies for some dynamic-content scenarios (e.g. email composition, blog authoring, etc) because the user may herself add content to a given page from origins unknown to the web developer.
6. Adoption. Perhaps the biggest challenge for CSP and competing proposals is related to the fact that they offer “off-by-default” security.  While this is great for compatibility, it’s not-so-great for protecting sites and users, because benefits are only attained after web developers update their sites.  To succeed, CSP must balance power/flexibility against simplicity/understandability.

No security technology is a panacea, and for comprehensive protection, I think browsers need to offer both:

1. Rich security APIs that enable sites to prevent XSS attacks.
2. Automated protections to shield sites that can’t/won’t update their code immediately / ever.

To combat XSS attacks, IE8 introduced a number of attack-surface-reductions, a few new APIs, as well as the declarative security mechanisms (X-* headers) mentioned above. But we knew that sites wouldn’t immediately adopt these APIs and declarative security features, so we built the XSS Filter, an on-by-default, no-questions-asked, no-code-changes required mechanism which helps mitigate the most common types of XSS attacks in the wild today.

I’m eager to see the progress on CSP, which I believe is a promising approach to helping websites secure themselves against the growing alphabet soup of web threats.  You can provide feedback on the CSP draft spec using Mozilla’s Talk page.

-Eric Lawrence

There have already been a few posts on Compatibility View in Internet Explorer 8 (here, here, here, here, here, and here), but none have gone into detail about the user research data we used to help design this feature. We collected data on Compatibility View throughout the IE8 beta releases and have made multiple decisions about its design based on our data from lab studies, field studies, instrumentation, and community feedback. What I’d like to do is go through some common questions we’ve received about the user experience of Compatibility View, and explain how user data has influenced our decisions. Hopefully, this will give you some insight into our design process and how we use data to make feature design decisions.

Current design

So that we’re on the same page, let’s do a quick review. The current design places the Compatibility View button at the end of the Address Bar, next to the Refresh button in the default layout, on sites that do not include the compatibility meta tag or HTTP header. The button has a “page” icon on it. The first two times a user is on a page with the button visible and refreshes the page, a notification balloon will pop pointing to Compatibility View.

Now that we’ve reviewed the design, let’s look at some of our top questions.

Why put the icon next to the Refresh button?

One of our top concerns with Compatibility View has always been its discoverability. If users can’t find this feature, they could have a severely compromised experience. When we first tested Compatibility View in our user research labs, it was a button on the Command Bar named “Emulate IE7.”

To test it, we created a task in which participants were asked to use a site that we knew would be unusable before switching to Compatibility View. When they arrived at the site and found it unusable, we asked them, “What would you do if you came to a site that looked like this?” The most common response by far was to click the Refresh button. After probing deeper into why people would try to “fix” a page in this way, most responses focused on a specific incident in the past where the participant had seen a page that was “off” somehow and refreshing the page had fixed the issue. Another common response was to look for something in the Tools menu.

Side note: We use the term “fix” a page in this article a lot because that is how our participants referred to what they were doing. We know the technical accurateness of this term is debatable in a lot of cases but we’re sticking with how our participants thought about the scenarios.

Almost no one thought to use the “Emulate IE7” button, even though they had seen an explanation of it earlier in the session. The main problem was that the word “Emulate” had little to nothing to do with “fixing” sites to our participants. It was a technical description of the feature instead of describing what the user was looking for in these situations. Also, we knew that the problem wasn’t that it didn’t stand out enough. I mean, it was a BIG button that was totally new in the Command Bar. Our problem wasn’t that it didn’t catch user’s eyes, it was that it didn’t fit into user’s mental models.

Based on this data, we knew that the majority of users will likely look to the Refresh button when they encounter a page that needs to be “fixed.” To take advantage of this natural tendency, we place the Compatibility View button next to the Refresh button – next to the most likely place a user will look when a page looks “off.” Additionally, to catch the small percentage of users who we expected to look in the Tools menu, we added a link there as well.

Why use that icon?

We knew that having a button with a name as long as “Emulate IE7” was not going to work being placed next to the Refresh button. It would take up too much space and we already knew that the idea of emulating IE7 in IE8 was strange for most users. We brainstormed and developed a series of potential icons that could work for Compatibility View. One challenge we faced was that communicating what Compatibility View does with only an icon is quite difficult. We tried various iterations such as showing blocks misaligned, representing areas of the page that could be out of alignment. These versions were too abstract to communicate the general idea and often it’s not a case of elements being misaligned (e.g., menus might have the wrong background color). We decided on the “page” icon because this correlated best with how participants were describing the pages that were not rendering correctly (e.g., “broken”, “screwed up”).

In refining the final design, we worked to make it fit as part of our family of icons in the address bar, including stop, refresh and go. We tried options that had different colors and textures for the page but found the page white design was most recognizable as a “web page”. We used the same colors, line weights and gradients present in the other icons to “ground” the icon to the overall address bar design.

When we tested the icon in the lab, we found that the majority of participants understood that the icon had something to do with the page with a problem they were looking at. Seeing the icon led most people to read the tooltip that explains the feature. After reading the tooltip, we saw many positive reactions to the icon and that it made sense given what the feature does.

Some reviewers felt that showing this icon on pages that were potentially fine would confuse users and make them think that the page was broken somehow, but we saw no indication of that in our studies. Participants did not even look toward the Compatibility View button unless they were in situations where it could potentially help them, which was one of our design goals.

Will people understand what it’s for?

We expect most users to understand Compatibility View and when to use it.  Of our lab participants who read the Compatibility View tooltip, the notification balloon, or tried the feature, all have understood the feature’s purpose. Most importantly, everyone who understood the the feature, continued to use it on the sites they encountered that had issues. This was true for our lab participants and also for our field research participants.

Why have balloon notifications?

After a few rounds of testing in the lab, and getting feedback from participants in our field research, we still saw some participants didn’t notice the Compatibility View button, even after they hit Refresh on a page with layout issues. Quite naturally, they got into an automatic pattern of quickly clicking Refresh and then putting their eyes right back to the page content to see if it fixed their problem. We had an important decision to make--do we add some kind of notification that lets the user know about Compatibility View when it could help them? The upside is that more people who would benefit from Compatibility View will find it. The downside is that we are adding another notification to the system.

We tested a build with the notification balloons in the lab and in our field research and found that displaying a balloon did in fact help more people discover Compatibility View. We didn’t take the decision lightly but felt the added awareness was worth the added notification.

Why have two balloon notifications?

Originally the balloon notification only showed once when a user refreshed a page displaying the Compatibility View icon for the first time. As I mentioned above, even showing this once was a strongly-debated decision. But, there were many concerns that once was not enough so we tested the possibility of showing the notification up to three times (after the first three times someone refreshed a page displaying the Compatibility View icon).

In the lab, we showed participants from one to three different sites with layout or content problems. At each site we asked them what they would do if they came to a site like this. Most clicked Refresh as we expected. What we found was that of people who saw the notifications, about two thirds reacted to the first notification and the other third reacted to the second notification. Showing the second notification caught the attention of a group of people who were very focused on the content of the page at the first site but were more likely to notice things outside of their normal pattern at the second site.

There was also a group who saw all three notifications and dismissed or ignored them all. We believe these users would not pay attention to the notification no matter how many times we showed it.  This lead us to not show the notification three times “to be safe” because we had no evidence that showing the notification more than two times will catch any additional users and there is a real cost to over communicating with users (e.g., data in the recent e7 blog post about Action Center).

Conclusion

I hope this gives you some insight into how we as an engineering team use user research data to make some of our design decisions. As you can see, a lot of time, research, and deliberation can go into a feature (and this was just a summary, I didn’t even get into our instrumentation data). We always want to base important decisions on the best data possible and that includes data from the lab, field, instrumentation, and community feedback. If you’d like to find out more about user research at Microsoft, please check out our user research website.

It’s finally summer in Seattle, and baseball games when the roof on Safeco Field is open are the best. With Windows Live Calendar and subscriptions to a couple of online calendars, I can figure out when the Seattle Mariners are playing at home and what the weather forecast is. Then I’ll know when I should try to score some tickets.

Why subscribe instead of import calendars?

Well, there are a few differences between subscribing and importing:

• If you subscribe to an online calendar, whenever the third-party calendar is updated, your calendar is updated as well. This is great for calendars on the web, like sports schedules. To subscribe to an online calendar, all you need to know is the URL for the calendar and then paste it into Windows Live Calendar.
• If you import an online calendar, you don’t get calendar updates, you get a copy or “snapshot” of the calendar. This is great for uploading calendars from a computer, like migrating from an old calendar to Windows Live Calendar. To import a calendar, you need to save the .ics file to your computer and then import it into Windows Live Calendar.

After a little web searching on Bing, I found the two calendars that I need: the Mariner’s home game schedule for 2009, and the weekly Seattle weather forecast.

To subscribe to an online calendar:

1. Go to Windows Live Calendar and sign in with your Windows Live ID.
2. Click Subscribe at the top of the web page.
3. In the Calendar URL box, paste the URL for the online calendar, name the calendar, change the color (if you want), and click Subscribe to calendar.

Subscribing to the Mariner’s home game schedule

Windows Live Calendar lets you know that your subscription was added. Just click Done to see your calendars. And if the events don't show up on your calendar right away, check back because it will be updated shortly.

The Mariner’s home game schedule on my Windows Live calendar

And now, just repeat for the Seattle weather calendar.

Voila, the Seattle weather forecast is there, too

Darn, no home games this week. I guess I’ll just have to keep checking my Windows Live Calendar.

Dawn Hollingsworth, CrackerJack fan
- Windows Live team

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Comments policy
Unfortunately, we’ve had to temporarily block reader comments due to the volume of recent comments that violate our code of conduct. If you have feedback, now as always, we're listening. Please use the following links to send us feedback or get help.
Send us feedback about Calendar | Send us feedback about other Windows Live products | Get help with Windows Live | Get help with Hotmail | Get help from Microsoft Support

We are happy to announce that Hotmail customers in the US, Canada, and Brazil can now add other e-mail accounts to Hotmail!* No need to sign into multiple services to check all your messages on the web. Instead, you can see any POP-enabled e-mail account (including Yahoo! Mail (Plus), AOL Mail, and Gmail) right from your Hotmail account. You can put all of your messages together in your inbox or each e-mail account in its own folder, your choice.

You can set this up in Hotmail in three simple steps:

1. Click Add an e-mail account on the left-hand side of the Hotmail inbox.
2. Type the e-mail address and password for your other account, and click Next.
3. Choose where you want the messages to go, and click Save.

Note: In order for this to work, make sure POP has been turned on in the POP-enabled e-mail service you want to add (this could involve signing in to the service and changing your settings there).

We hope this feature will help you simplify your digital life!

- Windows Live Hotmail Team

* This feature was launched earlier this year in the UK, France, Netherlands, Italy, Spain, Japan, and Germany, and was greeted with some very positive feedback. Today, customers in the US, Canada, and Brazil will see the feature for the first time. More countries will come later this year.

(Republished courtesy of the Hotmail team blog) 

Comments policy
Unfortunately, we’ve had to temporarily block reader comments due to the volume of recent comments that violate our code of conduct. If you have feedback, now as always, we're listening. Please use the following links to send us feedback or get help.
Send us feedback | Get help with Windows Live | Get help with Hotmail | Get help from Microsoft Support

With new web-based instant messaging (IM) now available in Windows Live Hotmail worldwide, we are preparing to retire MSN Web Messenger. The old MSN Web Messenger experience will end on June 30, 2009.

With Hotmail’s new web-based IM, you can chat from your Hotmail inbox or contact list, instead of going to MSN Web Messenger (http://webmessenger.msn.com/). Go directly to the Windows Live People page (also known as “your contact list”) at http://people.live.com and sign into Messenger (orange arrow in the picture below) to continue instant messaging on the web with your Messenger friends.

Instant messaging from Hotmail makes it easier to communicate and share in new ways in comparison to MSN Web Messenger. For example, our integration with the suite of other Windows Live services allows you to see when your Messenger friends are online while reading an e-mail and immediately start a chat to clarify something in your friend’s e-mail message.

Give it a try! We hope that you’ll enjoy Hotmail’s web-based IM, the new version of Messenger on the web.

- Your Windows Live Hotmail Team

(Republished courtesy of the Hotmail team blog)

Comments policy
Unfortunately, we’ve had to temporarily block reader comments due to the volume of recent comments that violate our code of conduct. If you have feedback, now as always, we're listening. Please use the following links to send us feedback or get help.
Send us feedback | Get help with Windows Live | Get help with Hotmail | Get help from Microsoft Support

As we mentioned last week, Windows Live Messenger is turning 10 very soon and as part of our celebration, we will be sharing, here on our blog, different stories from our users, tips/tricks and fun facts, leading up to big day, July 22nd 2009.  We’ll also have special guest posts from people that work on Messenger and from around the community.  It’s going to be a great month so stay tuned.

Today’s Fun Factoid

If Windows Live Messenger was a country, it would be the third largest country in the world (behind China and India, and before the United States) and almost 10 times the size of Canada.

Today’s Messenger user story

Thanks everyone for the stories.  We’ve gotten an overwhelming number of funny, touching and odd stories and there is still time to submit one.  If you want to share your story and let others participate in your special moment with Messenger, please send your short story in English to IloveMessenger@live.com by June 28th.

Our first story comes from Clem from Canada.

“I had just met a really cute girl and we started exchanging IMs on Windows Live Messenger.  Even though we were on IM, I was still pretty nervous (yes, lame i know) but of course, tried to keep it cool.  Things seemed like they were going pretty well and we chatted for a little while until she said she had to go, to work on a finance homework problem that she was stuck on.  Being the helpful guy that I am, I offered to help… (limited finance knowledge, but hey, I had to try).  She sent me the problem over IM and I was in luck, a good friend of mine, Jon, was online.  He’d know the answer.  Quickly, I drafted the IM…

“Yo Jon, I’m trying hard to impress this really cute girl I just met, do you have a moment to help me figure out the answer to a finance problem so I can send it on to her.  You need to help me out, she is so hot!”

…then hit send.  It would probably take him a moment to respond, so I went back to the conversation with the girl… I read the last message and saw my message to Jon posted there… oh I guess I hadn’t switched windows, so I doubled checked… and that’s when I realized that I had posted that message to HER instead of Jon by accident.  My jaw hit the ground and stomach fell out.  I can’t really explain how embarrassed I was, and although I didn’t look in the mirror, I could feel my face heat up and I’m sure I was glowing with embarrassment like a tomato…

I didn’t know what to do… I wished you guys had built in an ‘undo’ at that point. :)  All I saw from her end was ‘Jen is typing’… but no message… then ‘Jen is typing’ but no words… that went on for about 4-5 minutes, then finally, she said something like “I have to go to bed, bye” and went offline.

We actually ended up becoming friends but nothing beyond that.  We never mentioned that ‘incident’, but my friends still get a good kick out of telling the story to people (yes, I have great friends) ;).  Anyways, I hope you enjoyed that and keep up the great work.”

I actually LOL’ed when I read that the first time.  Thanks for sharing Clem.  I bet many of us have done something similar. :)

Tip/Trick – Create your own custom emoticon

Did you know you can make your own emoticons from your own photos/images?  This has been around for a little while and is a nice way to be creative and have some fun in Messenger.  Here’s how.

	Step 1 – Click the Show menu button Step 2 – Click Tools Step 3 – Click Emoticons Now the Emoticon window will pop up.
	Step 4 – Click Create. Step 5 – Pick a photo/image to use. Note: It can be a bmp, jpg, png or even an animated gif. Step 6 – Type the keys that you want to use to bring up the emoticon.  In this case I’ve picked “woof” because it’s a picture of my dog.  Note: You can pick any keys you’d like. Just make sure it’s not something you type too often or it will keep appearing in your sentences. :) When you are done hit OK.
	Step 7 – Now scroll down to see your “Custom emoticons.” Step 8 – Your emoticon now shows up and you can use it.
	I open a chat with Dharmesh, since he loves dogs, and I send him the emoticon just by typing “woof.”  Once it shows up in his conversation window, he can right-click and add it to his collection. Have fun!

Thanks for reading.

- The Windows Live Messenger team

(Republished from the Windows Live Messenger blog)

Comments policy
Unfortunately, we’ve had to temporarily block reader comments due to the volume of recent comments that violate our code of conduct. If you have feedback, now as always, we're listening. Please use the following links to send us feedback or get help.
Send us feedback | Get help with Windows Live | Get help with Hotmail | Get help from Microsoft Support

Hi – I’m Ann and I design stuff in the social networking area of Windows Live. One of the things I love about Windows Live is the variety of settings you can change to suit your preferences. You can pick different layouts and themes, what kind of content you want to see, and how you want to be contacted.

Earlier I wrote a blog entry on how to decide who can see your stuff on Windows Live, but this entry is devoted to deciding who can send you invitations or private messages, or ask to see your space. You may be getting contacted by people you don’t know (and don’t want to know!). It’s really easy to stop the insanity.

How to change who can contact you

1. Go to your general options page. You can get there from the options dropdown on your homepage or profile. Click Options, and then click More options.
   
2. On the general options page, in the Notifications section, click Communications preferences.
3. Use the dropdown menus to set who can contact you. The different choices are:
• Anyone – this means anyone on the Internet can contact you
• People in your network - these are the people on your profile, in Messenger, or both
• People in your extended network - these are the people connected with the people in your network (you can think of them as “friends of your friends”)
• No one
4. If you make any changes, be sure to click Save.

How I decided on my settings

There are benefits and drawbacks to each of these settings, depending on your perspective. For “Who can invite you to their network?” I chose “People in your extended network.”

That means only people who know my friends can invite me to be friends. This seems reasonable but doesn’t account for long-lost friends who might Bing me and want to be friends but don’t know anyone I’m currently connected to. I’ve decided that’s ok because, for sending private messages, I chose “Anyone.” I have it set to “Anyone” because sometimes people read my blog and want to comment privately about something I wrote and I want them to be able to do that.

However, using the extended network setting is only as good as your network is choosy! One of my friends, Chris, has 873 friends! Now, I know he doesn’t know 873 people – he’s just accepting every invitation he receives, so some of them might be spammers. That means all of those people can send me invitations, which some of them do. For now, I’m living with it, and Chris gets a ribbing from all of us at every opportunity.

The remaining option is for space access requests, which are irrelevant for me since my space is public. Your space may not be public, so this setting might be valuable to you.

So that’s how you set who can contact you. If you have any comments or suggestions, please send us feedback.

- Ann, Social Media UX
  Windows Live team

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Comments policy
Unfortunately, we’ve had to temporarily block reader comments due to the volume of recent comments that violate our code of conduct. If you have feedback, now as always, we're listening. Please use the following links to send us feedback or get help.
Send us feedback | Get help with Windows Live | Get help with Hotmail | Get help from Microsoft Support