Web Devout tidings

Missing posts

July 24th, 2009 by David Hammond

Today, someone asked me why I had deleted my last few posts here. I didn’t. It turns out, during a series of server moves, VMWare updates, and other shifting around, somehow the system clock got set back to January and NTP wasn’t kicking in. As a result, the posts made since January were considered “Scheduled” posts and weren’t appearing on the blog. I’ve now fixed the time issue, and all posts are visible again.

Microsoft continues their self-destructive campaigns

June 23rd, 2009 by David Hammond

Microsoft finally removed the more insulting lines from their Australian $10,000 campaign, but they also released a “Get The Facts” campaign apparently comparing a future version of IE 8 with some phantom versions of Firefox and Chrome invented by Microsoft for this campaign.


Yes for IE 8, no for Firefox and Chrome. Why? Because IE 8’s phishing and malware protection is supposedly “better” than the one that Firefox and Chrome inherit from Google. Microsoft calls this a “fact”.

Now, I’m sure Microsoft could come up with some studies to support their claim (although they didn’t), just as Mozilla or Google could come up with studies to show that they’re better. That isn’t the point. The point is that all three browsers feature rather similar anti-phishing and anti-malware protection, and yet Microsoft used those features as the sole justification for giving IE 8 the only check mark in this category.


Yes for IE 8, no for Firefox and Chrome. This time, it’s because of IE 8’s unique Incognito mode.

Er, sorry, I meant InPrivate mode. Incognito is the name of Chrome’s equivalent. But yeah, Microsoft decided that Chrome doesn’t deserve a check mark. Also, despite Firefox’s wealth of privacy features, it doesn’t earn a check mark because the InPrivate equivalent is only available in Firefox 3.5.

Ease of Use

Yes for IE 8, no for Firefox and Chrome. Because everyone knows that a bunch of confusing features that trigger at unexpected times makes the product more usable, and that Chrome’s streamlined experience makes it a hard-to-use piece of trash, right?

I forget, is this called “Get The Facts” or “Get Microsoft’s Opinions”?

Web Standards

Yes for all three. Considering we’re talking about a simple yes-or-no rating system here, I’d say that’s fair. They also accurately point out that Firefox and Chrome have better support for the upcoming HTML 5 and CSS 3 specifications, and they avoided claiming that IE 8 has perfect standards compliance.

Developer Tools

Yes for IE 8 and Firefox, no for Chrome.

Um… what? Chrome actually comes with more developer tools than Firefox out of the box. Of course, Firefox beats both once you add extensions like Firebug and Web Developer, but I don’t understand the basis on which Microsoft decided that Chrome is the one without a check mark.


Yes for IE 8, no for Firefox and Chrome. The sole basis for this was the combination of both tab isolation and crash recovery. In my experience, though, IE 8 and Chrome crash much more often than Firefox, so it boils down to whether you’d rather have fewer crashes with worse crash isolation or more crashes with better isolation. I prefer the former, especially when the browser also has good crash recovery (restoring the tabs as they were before the crash), so I’d pick Firefox as the winner in this category. But again, this is a subjective issue, and Microsoft is just expressing their opinion… in a campaign about “facts”.


Yes for all three, with a nod to Firefox’s large extension collection. Good so far.

But wait, Microsoft goes further: “many of the customizations you’d want to download for Firefox are already a part of Internet Explorer 8 – right out of the box.” Okay, they said “many” and not “most”, so technically this is accurate, but it’s misleading. According to Mozilla’s add-ons site, the most popular extensions are FlashGot, AdBlock Plus, NoScript, Video DownloadHelper, and DownThemAll. Out of the box, IE 8 doesn’t support the main functionality of any of those extensions. I mean, sure, you could disable JavaScript support in IE 8, but that isn’t close to the same thing as using NoScript. MS Paint technically supports the same editing functionality as Photoshop, but it would be a joke to honestly compare the two.

And yes, I’m aware that IE also has its own type of add-on system, but I’m addressing Microsoft’s “right out of the box” claim.

I’d also like to point out that the level of customizability that IE 8 and Chrome currently support doesn’t come close to Firefox’s capabilities. From the massive amount of settings in about:config, to the unchallenged wealth and diversity of extensions and themes, to lesser-known features like userChrome and userContent, there’s just no contest here. Considering the tiny feature differences that Microsoft used in other areas to deny check marks to other browsers, if Microsoft were being consistent they’d give Firefox the sole check mark in this area.


Yes for IE 8, no for Firefox and Chrome. “Internet Explorer 8 is more compatible with more sites on the Internet than any other browser.” Yeah, when you illegally use anticompetitive practices to shut out other browsers (practices for which you have been convicted in a court of law), and thus hold over 90% of the market for multiple years, effectively forcing web developers to cater to the most nonstandard implementation of web technology in significant use, you tend to end up with the most compatible browser. It’s a bit like a politician bragging about the number of votes he has accumulated in rigged elections.


Yes for IE 8, no for Firefox and Chrome. I don’t have experience in the area of enterprise-wide deployment, so I can’t really comment on this aspect.


Yes for all three. In fact, Microsoft calls it a tie. You know how every single speed test you’ve seen in the last few years has shown Internet Explorer to be the slowest by far (with IE 8 being only a minor improvement over IE 7, and IE 7 being only a minor improvement over IE 6)? Microsoft calls that a tie.

I’ll tell you what, Firefox and Chrome are a lot closer to each other than Internet Explorer is to either of them, and I can definitely notice that Chrome is faster than Firefox at most drawing operations. You don’t need slow-motion video to tell the difference, you just need to look at some of the next-generation web applications that haven’t reached the mainstream yet due to browser performance limitations!


The Internet Explorer development team earned a lot of credit with me on the standards support quality of IE 8. The recent series of misleading and sometimes insulting marketing campaigns has almost completely used up that credit. I assume that other web developers have felt similarly, and if so, Microsoft is doing a lot of damage to themselves by refusing to engage in the kind of honest dialog that Mozilla has particularly excelled at.

Oh, is this Web Devout site still around?

June 17th, 2009 by David Hammond

In case you haven’t noticed, I haven’t exactly made a lot of progress on the standards support testing. And I don’t anticipate that changing any time soon. I don’t have much time outside my day job (which has been increasingly demanding in the last couple of months), and the free time I have is usually spent taking a break from work or working on other projects that have higher importance for me.

I know I’ve been saying this for a long time, but I think the solution is to build a community-driven system that lets the public file, categorize, and vote on bug reports. Reports that have been confirmed by enough users would get added to a table structure like we currently have. A simple wiki wouldn’t be sufficient; more than 95% of the change requests I get in the current system are incorrect or of unusable quality, which has led me to basically ignore those submissions altogether. I really think a more robust system, with test cases and links to the bug reports on the vendor’s bug trackers, would be ideal. But then it’s an issue of actually writing such a system, and that again requires free time.

At some point, I’ll do something. When I start making promises about how I plan to use my free time, that’s when I tend to suddenly lose motivation to follow through on those plans. So, for now, I suggest looking into other resources for standards support information, but stay subscribed to my RSS feed.

WTF Microsoft?

June 17th, 2009 by David Hammond

Seeing this makes me really glad I didn’t take that job with Microsoft.


Seriously, I don’t know if you’re trying to be funny, but it comes across as really dickish, especially to those of us who’d rather not use Windows.

Update 2009-06-17: It looks like Microsoft took it down. Here’s TechCrunch’s article on it, along with a screenshot.

For reference, the “dickish” parts were the “But you’ll never find it using that browser. (So get rid of it, or get lost.)” part and the “Ditch the web browser you’re using. If you try to find the $10,000 with your current browser, you’ll get nowhere.” part.

The “[Internet Explorer 8 is] the only browser capable of cracking all the clues.” is also pretty misleading. A more accurate claim would be “You need Internet Explorer 8 to play, because we are blocking all other browsers.”

Update 2009-06-17: It’s up again.

Secunia stupidly removed their RSS feed

March 31st, 2009 by David Hammond

I just realized today that I hadn’t seen any Secunia vulnerability updates in a long time. I knew they had done some site redesign work, and I figured they just changed the URL of the RSS feed. So I sat down at my computer to find it, but there didn’t seem to be one anymore. A quick hop on Google led me to this forum post explaining that Secunia no longer provides a free RSS feed for vulnerabilities:

As you have noticed we no longer provide our vulnerability intelligence through the Secunia RSS Feed.


Today a large number of businesses and governments are subscribed to the commercial Vulnerability Feed from Secunia.

Over the past couple of years, Secunia has noticed that numerous businesses and governments have signed up for the Secunia RSS feed, as a result there has been a loss of revenue for Secunia which has limited us in our endeavors on providing sustainable and quality solutions.

It is naturally not fair toward our customers that larger IT departments are receiving intelligence free of charge – using our RSS feed – as others would have to invest in it.

The service that will replace the need for our RSS feed, will be the Secunia Vulnerability Intelligence Feed – VIF. This is naturally a commercial solution, please see attached PDF for further clarification.

In my opinion, this was a very dumb move by Secunia. Keep in mind that the RSS feed didn’t provide anything that wasn’t already public; it just provided it in a different format. In a few minutes, I could write something that generates a similar RSS feed from the HTML output of Secunia’s website (although their terms of service are also excessively heavy-handed about this). This is a common sense usability feature, not a product that should require a paid subscription. For Secunia to restrict its availability to paying customers is akin to if Google were to suddenly make message collapsing in Gmail conversations only available to people who fork over cash.

One of the things that made Secunia so appealing to me was how accessible their information was. Now, it’s like the site is living in the 1990s. It’s a real shame when a company is willing to cripple their service like this rather than find a legitimate business model. Secunia has some very valuable assets; if their business really depends on profit from a mere RSS feed of already-available data, they’re doing something wrong.

Because of the removal of the RSS feature, my Web browser security summary page is likely outdated. I’ll go through Secunia’s advisory archives and update my data sometime soon.