Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > NZ Computing > Is Anybody Stupid Enough To Sniff User-Agent Strings?

Reply
Thread Tools

Is Anybody Stupid Enough To Sniff User-Agent Strings?

 
 
Lawrence D'Oliveiro
Guest
Posts: n/a
 
      04-03-2011
Google is going to make some changes to the User-Agent strings for its
Chrome and Chromium browsers
<http://www.h-online.com/open/news/item/Chrome-and-Chromium-to-change-their-UA-calling-cards-1220162.html>.

Is anybody’s code really going to be broken by this? I thought it was well
understood that you should check as directly as possible for the
functionality you need, not try to deduce it from purely informational
fields.
 
Reply With Quote
 
 
 
 
Lawrence D'Oliveiro
Guest
Posts: n/a
 
      04-03-2011
In message <(E-Mail Removed)>, Allistar wrote:

> There is no robust way to check for functionality, especially when it
> comes to bugs. It's not like there is a javascript function called
> "hasBuggyBoxModel" or something like that.


Just write a code sequence that tests for the bug. Give an example of such a
bug, and I’ll show you what I mean.
 
Reply With Quote
 
 
 
 
Lawrence D'Oliveiro
Guest
Posts: n/a
 
      04-04-2011
In message <(E-Mail Removed)>, Allistar wrote:

> Lawrence D'Oliveiro wrote:
>
>> In message <(E-Mail Removed)>, Allistar
>> wrote:
>>
>>> There is no robust way to check for functionality, especially when it
>>> comes to bugs. It's not like there is a javascript function called
>>> "hasBuggyBoxModel" or something like that.

>>
>> Just write a code sequence that tests for the bug. Give an example of
>> such a bug, and I’ll show you what I mean.

>
> And you execute that code every time a page loads? One per "feature" you
> want to test for?


Yup. What’s the big deal?
 
Reply With Quote
 
Richard
Guest
Posts: n/a
 
      04-04-2011
On 4/04/2011 10:21 a.m., Allistar wrote:
> Lawrence D'Oliveiro wrote:
>
>> In message<G_GdnchF2agWdQXQnZ2dnUVZ_tydnZ2d@giganews. com>, Allistar
>> wrote:
>>
>>> There is no robust way to check for functionality, especially when it
>>> comes to bugs. It's not like there is a javascript function called
>>> "hasBuggyBoxModel" or something like that.

>>
>> Just write a code sequence that tests for the bug. Give an example of such
>> a bug, and I’ll show you what I mean.

>
> And you execute that code every time a page loads? One per "feature" you
> want to test for?


Well its not running on your end, and you can cache the .js's used,
whats the problem?

Or if you need to vary the page generation based on it, use a cookie as
that comes down anyway so there is no additional penelty over using the
user agent string.
 
Reply With Quote
 
Ralph Fox
Guest
Posts: n/a
 
      04-04-2011
On Sun, 03 Apr 2011 18:58:10 +1200, in message <in95q2$i4p$(E-Mail Removed)>
Lawrence D'Oliveiro wrote:

> Is anybodys code really going to be broken by this? I thought it was well
> understood that you should check as directly as possible for the
> functionality you need, not try to deduce it from purely informational
> fields.



If that is what you actually believe, then how do you explain this ?

<"http://groups.google.com/group/mozilla.support.seamonkey/msg/628762d830897d64">



--
Kind regards
Ralph
 
Reply With Quote
 
Ralph Fox
Guest
Posts: n/a
 
      04-06-2011
On Mon, 04 Apr 2011 10:04:38 +1200, in message <inaqtm$gr4$(E-Mail Removed)>
Lawrence D'Oliveiro wrote:

> In message <(E-Mail Removed)>, Allistar wrote:
>
> > There is no robust way to check for functionality, especially when it
> > comes to bugs. It's not like there is a javascript function called
> > "hasBuggyBoxModel" or something like that.

>
> Just write a code sequence that tests for the bug. Give an example of such a
> bug, and Ill show you what I mean.



Ok. Provide the code sequence that tests for this bug.
Without crashing the browser (i.e. non-destructively):

http://www.mozilla.org/security/anno...sa2011-09.html



--
Kind regards
Ralph
 
Reply With Quote
 
Richard
Guest
Posts: n/a
 
      04-06-2011
On 6/04/2011 8:51 p.m., Ralph Fox wrote:
> On Mon, 04 Apr 2011 10:04:38 +1200, in message<inaqtm$gr4$(E-Mail Removed)>
> Lawrence D'Oliveiro wrote:
>
>> In message<G_GdnchF2agWdQXQnZ2dnUVZ_tydnZ2d@giganews. com>, Allistar wrote:
>>
>>> There is no robust way to check for functionality, especially when it
>>> comes to bugs. It's not like there is a javascript function called
>>> "hasBuggyBoxModel" or something like that.

>>
>> Just write a code sequence that tests for the bug. Give an example of such a
>> bug, and Ill show you what I mean.

>
>
> Ok. Provide the code sequence that tests for this bug.
> Without crashing the browser (i.e. non-destructively):
>
> http://www.mozilla.org/security/anno...sa2011-09.html


Explain what operation on a website requires it to be serving corrupt
jpegs to users of it?
 
Reply With Quote
 
Ralph Fox
Guest
Posts: n/a
 
      04-06-2011
On Wed, 06 Apr 2011 23:11:02 +1200, in message <inhho6$t21$(E-Mail Removed)>
Richard wrote:

> On 6/04/2011 8:51 p.m., Ralph Fox wrote:
> > On Mon, 04 Apr 2011 10:04:38 +1200, in message<inaqtm$gr4$(E-Mail Removed)>
> > Lawrence D'Oliveiro wrote:
> >
> >> In message<G_GdnchF2agWdQXQnZ2dnUVZ_tydnZ2d@giganews. com>, Allistar wrote:
> >>
> >>> There is no robust way to check for functionality, especially when it
> >>> comes to bugs. It's not like there is a javascript function called
> >>> "hasBuggyBoxModel" or something like that.
> >>
> >> Just write a code sequence that tests for the bug. Give an example of such a
> >> bug, and Ill show you what I mean.

> >
> >
> > Ok. Provide the code sequence that tests for this bug.
> > Without crashing the browser (i.e. non-destructively):
> >
> > http://www.mozilla.org/security/anno...sa2011-09.html

>
> Explain what operation on a website requires it to be serving corrupt
> jpegs to users of it?



Your intervention still does not keep Lawrence from his offer.

Take one of the browser crashes caused by logic errors in the browser
code, and not by corrupt data from the web site. Provide the code
sequence that tests for this bug. Without crashing the browser (i.e.
non-destructively):

http://www.mozilla.org/security/anno...sa2010-48.html



--
Kind regards
Ralph
 
Reply With Quote
 
Murray Symon
Guest
Posts: n/a
 
      04-07-2011
Ralph Fox wrote:

> On Wed, 06 Apr 2011 23:11:02 +1200, in message
> <inhho6$t21$(E-Mail Removed)> Richard wrote:
>
>> On 6/04/2011 8:51 p.m., Ralph Fox wrote:
>> > On Mon, 04 Apr 2011 10:04:38 +1200, in
>> > message<inaqtm$gr4$(E-Mail Removed)> Lawrence D'Oliveiro wrote:
>> >
>> >> In message<G_GdnchF2agWdQXQnZ2dnUVZ_tydnZ2d@giganews. com>, Allistar
>> >> wrote:
>> >>
>> >>> There is no robust way to check for functionality, especially when it
>> >>> comes to bugs. It's not like there is a javascript function called
>> >>> "hasBuggyBoxModel" or something like that.
>> >>
>> >> Just write a code sequence that tests for the bug. Give an example of
>> >> such a bug, and I’ll show you what I mean.
>> >
>> >
>> > Ok. Provide the code sequence that tests for this bug.
>> > Without crashing the browser (i.e. non-destructively):
>> >
>> > http://www.mozilla.org/security/anno...sa2011-09.html

>>
>> Explain what operation on a website requires it to be serving corrupt
>> jpegs to users of it?

>
>
> Your intervention still does not keep Lawrence from his offer.
>
> Take one of the browser crashes caused by logic errors in the browser
> code, and not by corrupt data from the web site. Provide the code
> sequence that tests for this bug. Without crashing the browser (i.e.
> non-destructively):
>
> • http://www.mozilla.org/security/anno...sa2010-48.html
>


Sounds like Turing's/Godel's "halting problem" all over again.
How to programmatically test if a program will halt or loop infinitely?
I think one of the theoretical solutions may require an oracle.


 
Reply With Quote
 
Ralph Fox
Guest
Posts: n/a
 
      04-11-2011
On Thu, 07 Apr 2011 20:41:15 +1200, in message <injtbb$he1$(E-Mail Removed)>
Murray Symon wrote:

> > Take one of the browser crashes caused by logic errors in the browser
> > code, and not by corrupt data from the web site. Provide the code
> > sequence that tests for this bug. Without crashing the browser (i.e.
> > non-destructively):
> >
> > http://www.mozilla.org/security/anno...sa2010-48.html
> >

>
> Sounds like Turing's/Godel's "halting problem" all over again.
> How to programmatically test if a program will halt or loop infinitely?
> I think one of the theoretical solutions may require an oracle.



AFAICS the "loop infinitely" case is not one of the outcomes here.

It is more like this:

Your snappy new web page has a piece of JavaScript which executes
a finite number of operations and produces a result in a finite time.
After testing, you find that on version 3.6.7 of browser BRZ, the
browser will crash (again in a finite time) with (say) a "use after
deallocate" fault.

You decide to serve the old web page just to BRZ version 3.6.7 users,
and the snappy new web page to users of other browser versions.

One way is for the web server to sniff the User-Agent string and
serve one or the other page accordingly. Of course this may not
always be correct, as User-Agent strings can be faked. But is
there a more accurate method (apart from crashing all BRZ version
3.6.7 browsers)?



--
Kind regards
Ralph
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Enough is enough... Imhotep Computer Security 16 09-28-2005 03:36 PM
Stupid question. Please, only stupid responders. If you're not sureif you're stupid, you probably aren't. =?ISO-8859-1?Q?R=F4g=EAr?= Computer Support 6 07-18-2005 05:11 AM
stupid stupid stupid kpg MCSE 17 11-26-2004 02:59 PM
Enough is enough.... ajacobs2 Digital Photography 33 10-05-2003 12:14 PM
Resolution - when is Enough ENOUGH? (a personal view) VT Digital Photography 43 09-12-2003 11:15 AM



Advertisments