65 comments

[ 1.8 ms ] story [ 127 ms ] thread
Alternatively: http://utilu.com/IECollection/

IE 1.0 to IE 8.0 as standalone versions in a single installer.

IE Collection is great on Windows. I recommend it and use it often.
IE 7 and 8 are not available in the installer; I'm running Win7 x64 with IE 9.0 installed. Falling back to XP Mode for now.
So if you go to Tools > Developer Tools the browser modes for IE 7 and 8 are not there?
I put together ievms because IECollection and IETester don't accurately represent true standalone IE versions. Things like PNG transparency polyfills and Flash/JS communication will not work as expected with those tools. Plus you'll have to manage your own (licensed) Windows instance.
from the github wiki:

Rough VM size estimates:

IE7: 13GB IE8: 8.4GB IE9: 13GB Currently, the script will leave the compressed RAR files in place, which means you're looking at something like 45 freaking GB if you don't prune them manually (in ~/.ievms/vhd/). This wasn't a big deal for me on my company workstation, but kinda sucks on my Macbook Air, so I'll be adding a cleanup option shortly. You probably don't need to keep the compressed files around anyway since we take a snapshot like you mentioned.

I know you aren't the creator of those VMs but, any idea why they are so big?

What's weird is that there's a jump from 8.4 GB to 13 GB on Windows 7. What is on the IE9 vhd that isn't on the IE8 vhd?

Edit: Nevermind, from the official link the IE9 vm comes with additional tools.

On Win7, the jump is due to WinSxS. Every DLL several times and several versions. DLL hell solved.
DLL hell solved indeed. How many versions do you keep?

For what it's worth, the DLLs in System32 are projected out of WinSxS with hardlinks, so they should not take up extra space. You still have the multiple version thing, however that can be somewhat mitigated by making service packs permanent[1].

[1] http://blogs.technet.com/b/joscon/archive/2011/02/15/how-to-...

That quantity of hard links takes up quite a bit of space though!
Is there a way to make this work with KVM, or is this using something special from the virtualbox distrubution to convert the .vhds?
qemu-img can convert the VirtualPC (VHD) image format.

For example, qemu-img convert -O qcow2 Win7_IE8.vhd Win7_IE8.qcow2

I thought VirtualBox could mount the .vhds natively? I'm pretty sure I'm running one right now...
Personally speaking, I would love to see Google release an offical, downloadable ChromeOS images that could be used with VMWare or Virtualbox. Something like that could be a real boon for some users.
The magic in ChromeOS is the hardware Google uses from the Chromebooks. There is an unofficial site with images for Chromium(?)OS but it doesn't look pretty.
What is the magic beyond SSD (and good acpi/power management integration), trusted boot (using a TPM), and OpenGL?
Beyond that I hope they have some better fonts on the Chromebooks.

I can't imagine what would one do with a ChromeOS VM when you have native Chrome builds available. Once the novelty factor wears out (and it does, pretty quickly), there is nothing to be done except delete the vm.

Otoh, I see the value in a secure device like the Chromebook and I think this is what ChromeOS is selling, not just the actual OS.

FWIW, my copy of Parallels 6 has a "Download Chrome OS" in its File menu. Last time I tried it, after some delay I was met with a functional copy of Chrome OS (I don't even recall having to answer any questions).
I can't believe Microsoft is giving away free Windows licenses as long as you use the vm image for IE.

Which is basically the only reason I do have an old Windows XP vm on my Mac.

You can't get the VMs to pass WGA so they are only good for 30 days before they have to be reset; which pretty much makes them only good for testing / qa purposes.

This seems like a very reasonable decision on Microsoft's part: they make it easier / legal / quick to test on their platform and more people will support and develop on it.

By reset do you mean they have to be redownloaded?
Per the docs: "A snapshot is automatically taken upon install, allowing rollback to the pristine virtual environment configuration."

You can just roll back to that snapshot at the end of your 30 days and everything will continue to be usable.

I dunno, it could be useful for a number of things.

For example, I know a few online banking solutions that are IE-only. The most you need there might be a certificate, so resetting the vm every 30 days isn't such a big deal.

I try to keep the VMs as small as possible anyhow and if you need data, you keep it in a VM shared folder that you map in the Windows guest.

Don't worry I'm sure some bean counter crunched the numbers and they decided it was an acceptable risk.

I mean, if you want a fully functional pirated version that doesn't expire every 30 days and you never have to activate you don't exactly have to look very hard, or far.

> curl -s https://raw.github.com/xdissent/ievms/master/ievms.sh | bash

Bad trend in the open-source community. Please don't ask your users to install stuff this way. Not that you can't be trusted, it leads to people dropping their guard.

This comes up every time an install script like that is used, and in a lot of cases, it's a warrantless criticism.

Projects like this are obviously targeted towards developers as they're hosted on github. If you really want to check out what the script is doing, just look at the file. Or better yet, clone the repo and use it/install however you want.

I understand your point and I'm open to suggestions on how to assuage any security concerns while maintaining convenience. I don't know if users are more likely to read and understand the source if it's provided only as a separate download, however. Perhaps just a big honkin warning in the README?
Is it particularly worse than downloading and blindly running the code in separate steps? I don't think the majority of users have ever extensively audited the software they run, so it's not exactly a new trend. If you are capable of evaluating this script, you already know how to do it.
I would bet a fair amount would open the script up in an editor and say, "Yep. That's code alright".
I kind of view bash piping as the worlds easiest install package.

Unequivocally, it is dangerous to run random pieces of code from the internet, it just seems odd to me that if this same code was in a nice packaged install wizard nobody would say anything about it.

Maybe it should include a first step of piping it to less for review, followed by piping to bash if it looks fine. Slightly better...
At which point the people who know how to read it will do so (I did, out of curiosity) because it's so easy, and the people who don't will get

  jargonjargon [*&*@![]2\3
  if [[jargon -f "words!"]]
    jargon # jargon jargon
    jargon /&$_)(82
  fi # jargon the jargon
  jar(){
    gon                           # yay pictures!        #
    ∑´∞§∞¶•ø¨ˆ∆£˜¡–ª¢ø•ª¶π™˜£º¥µ # <(^.^)>              #
    ˚∆∂¥•¡º™ª•¶ƒ˙¨ˆ               #                      #
    ˙π¡˜ø£•¶√≠˚•™µº–£¨≤           # <= ˚∆˚! but it works #
  }
and just go to the next step.
Did you just come up with that? Hilarious
Why is it worse than running an installer? It has identical capabilities, but the .sh file can be read.
If you install a package via the package managers on debian, ubuntu, fedora, and other major distros you can be reasonably sure that the packages aren't malicious because they've been security reviewed before they made it into APT/YUM/etc. Downloading some shell script off the internet and running it without even reading it first is a really bad idea by comparison.
So, you mean like everything on OSX and Windows, where you don't have such package management systems with (long-standing, trustable) benevolent hosts? Yeah, downloading some application off the internet and running them is a really bad idea - how is this worse?

edit: how about iOS? There have been news entries about them sending data where they shouldn't - that's a curated host. iOS is a lot more sandboxed, but that doesn't make the danger nonexistent.

(comment deleted)
I take it you don't use pip, gem, sbt, (insert your favorite language's package manager) either?

If you do, what's the difference?

> If you install a package via the package managers on debian, ubuntu, fedora, and other major distros you can be reasonably sure that the packages aren't malicious because they've been security reviewed before they made it into APT/YUM/etc

When people are delivering software that isn't in the official repository, downloading a script and running it is no less secure than the alternatives.

(comment deleted)
> Bad trend in the open-source community. Please don't ask your users to install stuff this way. Not that you can't be trusted, it leads to people dropping their guard.

And what will be the right way to do it? The way people don't drop their guard? `./configure && make && sudo make install`? Or `sudo apt-get install`? How are any of these or many other options seemingly better than this?

You probably mean 'add-apt-repository foorepo && apt-get update && apt-get install foopkg' or 'dpkg -i foopkg' (as root) because as is, 'apt-get install' is innocuous given one uses the default trusted, signed and whatnot repos.
I'd support this more if they weren't using https - since the user's going to run it anyway, there's no real advantage over any other means of getting this file onto their system. Well-known http:// urls are worse since they allow interesting spoofing attacks if they become popular.
A small meta-comment:

xdissent[1], the author of this package, is a HN user, but he has negative karma because his fourth comment was snarky and got heavily downvoted. Even though he's aware of the ban he clings to this handle and continues to post messages seen by almost no one (he posted twice on this comment page [2,3]). The rest of the messages eversince the incident have been fine (enable "showdead" in the user control pannel if you want to read them).

Since he seems attached to the handle, it would be nice if he could be upvoted back to the positive side so that he can once again participate.

He's got three upvotable posts in history (before the ban). His karma is currently at -32. This means that he needs 11 brave souls to break even. You know what to do :).

1. http://news.ycombinator.com/user?id=xdissent, comments: http://news.ycombinator.com/threads?id=xdissent

2. http://news.ycombinator.com/item?id=2955430

3. http://news.ycombinator.com/item?id=2955411

.

Edit: 58 minutes later: -10. Thanks to the upvoters.

pygy_ you are my hero. I'm speechless in a different sense than earlier today. Thank you and everyone who up voted me and thanks for reaffirming that karma works.
xdissent: you appear to be still banned (at least, 4 hours after my post, you still were). Since you now have a positive karma, could you answer this post as a test?
I don't seem to see his posts unless I enable "showdead".

I didn't even know karma worked this way on HN. Quite ridiculous, IMHO, to completely hide someone if their karma runs too low. Especially if it can happen by unfortunate accident and ends up hiding a positive contributor completely from view--basically means the system is broken.

The dead-ban system makes the life of the moderators much easier by starving trolls who would otherwise create a new account as soon as they got banned. At HN's scale, it is necessary.

This case is unfortunate, though, but I guess that's why the showdead option exists.

I don't know if a negative karma turns on an irreversible ban flag, or if going back to positive will alleviate the ban. If not, I'll write a mail to pg.

Testing 1 2 3. This thing on?
Now it is :-)

You may want to repost your earlier answers in this thread.

    2011/9/3 Paul Graham <pg@ycombinator.com>
    >
    > fixed
    >
    > 2011/9/3 Pierre-Yves Gérardy <pygy79@gmail.com>:
    > > Hello,
    > > would it be possible to unban xdissent?
    > > See http://news.ycombinator.com/item?id=2955023 for the details.
    > > Kind regards,
    > > -- Pierre-Yves
You're still banned. Time to drop a line to pg.
I have, on occasion, wanted to write almost exactly this script - but the thing that stopped me was that VirtualPC apparently emulates a slightly different IDE controller than VirtualBox, and so when Windows XP starts up in the new VM, it doesn't have a driver installed for the IDE controller, can't find its own hard-drive, and blue-screens. It's possible to edit the registry to install the required driver, but that requires booting into Windows... a Catch-22 if ever there was one.

I was eager to see how the problem had been solved... but apparently Windows Vista and Windows 7 don't have that particular problem, and the IE6 VM (with Windows XP) just says "IE6 support is currently disabled".

That's kind of sad; at least for the light web-development I've done, IE7 and IE8 aren't nearly as fussy and hair-pulling as IE6.

The IE6 VM from MS runs XP, which doesn't natively include drivers for any of the VirtualBox network adapters. That means ievms wouldn't really be of much great utility unless it could install one of those drivers for you. Unfortunately licensing restrictions prevent me from including the drivers (or even an OS to boot and install them). I'm still looking for a solution and will update the docs if I can figure it out.
Why not use IEtester and run all versions of IE on a vista/w7 free vmware player install?

W7 trial iso will work without a key, it will just shutdown every 30 minutes which is fine for testing purposes.

IEtester also has debugbar which sometimes is even better than some firefox tools I use.

As far as I'm concerned, IE Tester doesn't have an exact copy of IE's code, hence not 100% reliable.
+1 IETester better than nothing and a decent fallback, but running the actual IE's better than IETEster.
I've found IEtester to be really keen to cache code, to the point of having to clear cache's in settings sometimes - clearly not great for development.
3 hours later (slow internet) and got all 3 working perfectly on OS X (snow leopard).
Is it legal?
The images and everything Microsofty are provided by Microsoft for this use. VirtualBox is open source and ideal for something like this.

The automation might be mired in some obscure clause on either end, but it's just doing things you can legally do by hand.

Only last week I downloaded the IE9 VM's mentioned here, but got the never ending BSOD-reboot loop when trying to use them in VirtualBox. This is going to make my day when I get back in the office next week!
How do you get away with saying: "With a single command, you can have IE6, IE7, IE8 and IE9 running in separate virtual machines." - when in the first paragraph it says IE6 is not supported.