"Discovered a very interesting thing about DeepSeek-R1 and all reasoning models: The wrong answers are much longer while the correct answers are much shorter."
For Windows, IE11/Trident. This may sound ridiculous, but if you think about it, it's still maintained security-wise (and will be forever, as per MS), and since its codebase has been frozen a few years ago, its attack surface can only shrink with time.
So if you're OK with the limited compatibility, it might be worth considering.
>it's still maintained security-wise (and will be forever, as per MS),
Source? According to microsoft:
>Please note that the Internet Explorer (IE) 11 desktop application will end support for certain operating systems starting June 15, 2022
>Customers are encouraged to move to Microsoft Edge with IE mode. IE mode enables backward compatibility and will be supported through at least 2029. Additionally, Microsoft will provide notice one year prior to retiring IE mode.
Your best bet right now for IE 11 is an installation of windows server 2022, which contains IE 11 and will be supported till Oct 14, 2031. Still, it's unknown whether IE 11 would be supported by then.
A lot of confusion between various comments so far so this is my attempt to re-baseline:
- Chakra is the JavaScript engine in I.E. 11 (and later forked for the old MS Edge), Trident (MSHTML) was the browser engine (forked into EdgeHTML for the old MS Edge).
- The I.E. 11 desktop application is just that, the desktop application. It is not all of I.E. 11 or it's engines, the rest of which are still in Windows 11 even.
- I.E. mode is the first party way to access the remaining portions of I.E. 11 via the current Chromium Edge, this is what allowed them to sunset the I.E. desktop application.
All that said I don't particularly buy this as being particularly more secure. Sure, it's only getting security fixes but that doesn't inherently mean it is more secure or getting more security fixes than modern solutions. It could just be becoming an outdated security architecture that is only patched often enough to keep the minute userbase happy enough.
It depends on what "Javascript engine" means, and what sort of javascript you want to execute.
If you want something that can run ES5 code, this might be your ticket. But if you want something that can run "modern javascript" (where the meaning of "modern" changes over time), then IE11/Trident won't help. It doesn't even support ES6, which came out in 2015. Modern websites often depend on javascript language features newer than that. Npm packages are the same.
i think the problem with IE11 is going to be the rendering moreso than the javascript engine. it doesn't support css variables and only a custom version of the grid syntax, so sites are only going to get more broken
I just love MS. A company so focused on security and caring about its customers. I always encourage people to use Edge. We need to stop spyware companies like Google.
My what a difference twenty years makes. the relative food and evil of MS and Google have totally swapped. Shows the cost of Google's failure to find other profitable businesses than ads. It is sad for the software revolution, with so much talent in their employees, they had so much potential to improve the world.
Microsoft is not focused on security. The amount of trivially exploitable extremely serious security bugs in Azure scream "nobody even pretends to think about security here".
I'm assuming all cloud providers have vulnerabilities discovered, reported and patched all the time, as it happens in any complex set of software.
Do you have any link where the cloud providers are compared to show that Azure in particular has a higher rate or are you just making unfounded speculations?
Is a good starting point. No other big cloud provider has had vulnerabilities that allow crossing the tenant barrier, and Azure has had two of them. If you read the details, both of them are simply unacceptable - especially the second one is trivial and shouldn't have passed any sort of security review.
It's not the ability to display alerts that is concerning, but rather, the ability to run untrusted Javascript. This was a proof of concept that showed that it has a serious XSS vulnerability
If the goal is to put them the crosshairs of their own government's law enforcement. However, that said, in those parts the line between law enforcement and criminal organization is pretty gray and fluid.
