January 29, 2010

Google starts killing IE6 support

According to Google's Enterprise Blog, Google is starting to phase out IE6 support, starting with Google Docs and Google Sites by March 1st. While this won't affect the big enterprises (who probably don't use those Google services much), this is a good first step and as more follow IE6 in the enterprise will finally die.

Posted by doron at 2:26 PM | Comments (1) | TrackBack (0)

January 27, 2009

Why Auto Updating Browsers Matter

Good article at Ars about a browser updating study.

No surprise, Firefox users got security fixes first (obviously this applies to all Moz apps that have auto update). Another reason why plugins-as-extensions is such a good idea - plugin updates can easily be provided, since Flash has a history of holes (and it is the most used plugin by far).

This is also important for enterprises - it is true that they like to limit version upgrades until compatibility tests have been done - but this takes a lot of time and puts their employees at risk (and their confidential data).

Posted by doron at 12:41 PM | Comments (1) | TrackBack (12)

October 15, 2008

Opera: only 4.13% of the web is standards compliant

Ars reports on an Opera study that only 4.13% of websites are standards compliant.

While it is no surprise that very few websites are completely standards compliant, their methodology seems flawed. Websites are doing more and more dynamic javascript stuff after page load which could affect such stats. Also, major js libs are linked in via cdns, so it is unclear how useful their XMLHttpRequest usage stat is.

But I can totally verify that chinese websites love flash. I still have nightmares from the AOL China gecko testing days. Flashing, scrolling, floating ads are scary.

Posted by doron at 6:51 PM | Comments (2) | TrackBack (0)

September 2, 2008

Google Chrome

First thing Google Chrome did - install a GoogleUpdate service. Of course, uninstalling it didn't remove the .exe for the update service.

Apple auto-installs iTunes, everyone screams murder. Google does it, it is fine. Nice.

I'm sticking to Netscape 4, uses even less memory!

Posted by doron at 6:29 PM | Comments (3) | TrackBack (8)

July 2, 2008

IE8 And XSS Protection

The IEBlog talks about a new IE8 feature that helps prevent some XSS attacks..

While quite interesting, I do wonder if the algorithm should be released as an W3C standard so that browser vendors and others can improve on it in an open fashion. Web apps may break because of this and if each vendor does it differently, this could be yet another pain for developers.

Posted by doron at 8:17 PM | Comments (3) | TrackBack (8)

June 30, 2008

Extensions and Firefox 3 - nsICookieService Behavior Change

Several users of the Gmail Notifier have reported a bizarre bug that only happens in Firefox 3, and after some digging, I found out it seems nsICookieService has changed its behavior.

I was basically creating sandboxed http requests and storing off the cookies. When the user wants to visit Gmail, I load in the stored off cookies into the browser and load Gmail into a tab. I was using nsICookieService::setCookieString, yet somehow the cookies were not being loaded in Firefox 3.

A user figured out it was because he had Firefox set to not accept 3rd party cookies. It seems in Firefox 3, that preference now affects nsICookieService's behavior when adding new cookies.

nsICookieService::setCookieString does take an optional nsIChannel which would bypass this new restriction, but I need the cookie to be set for the browser in general and not just for one channel.

Enter nsICookieManager2, which has a ::add method. The comments even call it a backdoor method, and it seems to not care about the preference.

So basically, if your extension wants to set browser-wide cookies, the 3rd party acceptance flag (found in preferences under Privacy -> Accept 3rd Party Cookies) may break your extension.

Posted by doron at 10:43 PM | Comments (5) | TrackBack (6)

June 24, 2008

document.createExpression change between Firefox 2 and Firefox 3

Ran into this with an IBM product I am working on:

In Firefox 3 (Gecko 1.9), there seems to have been a change that affects XPath and document.createExpression. In particular, you now have to call createExpression on the document you will run the XPath against. Before, you could call createExpression on another document.

In Firefox 2, the following would work:
    var expr = document.createExpression(...);
    expr.evaluate(anotherDocument, ...)

In Firefox 3, you will get:
    Node cannot be used in a document other than the one in which it was created" code: "4

Example showing this: http://nexgenmedia.net/mozilla/playgroundxpath.html

Hopefully this will save people time when running into this.

Posted by doron at 9:34 AM | Comments (3) | TrackBack (4)

June 16, 2008

SproutCore Is Crap

Loads in Firefox 2, but if I use Seamonkey or Minefield, I get nothing.

I thought everyone agreed user-agent sniffing was bad back at the start of the century...

Posted by doron at 6:03 PM | Comments (1) | TrackBack (3)

March 27, 2008

New Add-ons Site Is Awsome

The new add-ons site is awesome, especially for us extension developers.

The Statistics Dashboard especially is a welcome addition. Being able to see the active daily users count is a great way to boost ones ego :)

The basic download/activity data is available as a feed right now, but I wonder if having the more detailed data (operating systems, applications, etc) available would be of any use? Right now one can download the CSV files. Of course privacy becomes an issue as well.

Posted by doron at 8:56 AM | Comments (5) | TrackBack (0)

March 8, 2008

Trusting 3rd Party Programs

Interesting little story about 3rd party password stealing.

What was interesting to me was that my own Gmail Notifier was accused of stealing passwords early on. It turned out the person actually downloaded the extension from another site and not my own (back when there was no addons.mozilla.org) and had his account "hacked".

Luckily, we have addons.mozilla.org now for a central location to get extensions. Hopefully the extension reviewers are doing a good job filtering out evil extensions :)

Of course, it is easier for us as most extensions are pure xml/js and that makes auditing much easier.

Posted by doron at 6:37 PM | Comments (3) | TrackBack (0)

The postings on this site are my own and don't necessarily represent my employer's, IBM, positions, strategies or opinions.