US Gov looking for input about IE ONLY pre-patient web site...

Discussion in 'Computer Security' started by Imhotep, Aug 14, 2005.

  1. Imhotep

    StupidScript Guest

    All this would be nothing if only MSIE supported the official
    specifications consistently. They never have, and they never will.

    The problem comes from web developers who are unable to use the
    official specification to produce their work, and are trapped by their
    blindness to the common ground shared by MSIE and the browsers that do
    support the standards.

    There is simply no reason whatsoever for a modern website _not_ to
    adhere to the standards, thus allowing access to and successful
    interaction with it.

    Some folks here are confusing the way MSIE interprets pixel-based
    measurements (by far the least desireable and least-stable measurement
    system available to a competent developer) and the way it handles
    interaction. Frankly, I don't care if the menus line up, as long as I
    can submit my information and have the server-side app handle it
    correctly. That's not browser-land.

    Lastly, please read the proposal. It's for a new system of
    pre-registering copyrights before the work to be copyrighted is
    completed (published). This ain't banking or anything serious, and it's
    not a critical system for the office requesting it ... it's a TEST. You
    can always do it the old-fashioned way ... mail it in. In fact, that's
    the best way to do anything with the government ... leave a paper
    trail. Heck, in the proposal they even state quite clearly that their
    email system is not to be trusted by requiring emailed comments to the
    proposal to also be delivered (Original comment plus 5 copies, please)
    to the office by mail or hand delivery. Now THAT's progress!
    StupidScript, Aug 17, 2005
    1. Advertisements

  2. Imhotep

    Jim Watt Guest

    So you say, wheres the proof - my stats are taken from
    my website and there are logs to back them up.
    Because +you+ say so?
    Neither I nor the figures really care either way, but
    those are the figures for which is a
    OS neutral website with a modest but significant traffic
    and the top commercial website if you were to search
    google for the keyword Gibraltar, which people do.
    Jim Watt, Aug 17, 2005
    1. Advertisements

  3. Imhotep

    Jim Watt Guest

    Locally there are hardly any Macs, what few there are are
    used by graphics designers who don't buy any other software
    anyway all mac users are kinda wierd.
    Jim Watt, Aug 17, 2005
  4. You're getting there :eek:).. almost made perfect sense (the last bit certainly

    Fully agree that the end-justifies-means when it comes to web sites for the
    most part, *but* as the "confused folks" around here, I get rather annoyed
    that I spend hours tweaking a site, only to be told that Firefox supports
    standards perfectly, while IE doesn't.

    Oh, and by that damned pixel thing. A pixel is a "picture element". Always
    has been. Always should be. Face it, it's a dot on the screen (or paper).

    Although I can only claim pixel-plotting graphical experience since the
    ZX-81 (not quite a quarter century ago), that's always been the case. For
    *every* device with a digital graphical display, that's *always* been the
    case, in my experience. Even Christmas lights have a defined pixel size. As
    do 1970s LED watches. That's sort-of the definition betwixt digital and

    But not Nutscrape. Or things based upon its rendering engine.


    As discovered today, while beating my head against the SOAP implementation
    in Delphi 6 (yeah, I know. My copy of D2005 is *still* in the hands of Royal
    Mail, and I have one day to save the world/build a web app): FF CSS doesn't
    properly support margins at either top or right. Body/span hierarchy is
    broken. Font inheritance is broken (two identical pages with an identical
    CSS class table /really/ shouldn't look utterly different in their
    respective frames). EM spacing is still inconsistent. Font size is still
    inconsistent - but in a different way to 1.04; still trying to work out
    where it loaded that particular font size from, as it doesn't appear
    /anywhere/ in the hierarchy.

    I got that in an hour, just fiddling with one solitary HTML page.

    Oh, and centring of containers is *still* broken. After, what? A couple of
    years? I could talk about the HR tag, but no point really - it's never,
    ever, worked and is now deprecated by the W3C.

    Face it - if *anyone* can find that many basic flaws in a product in a mere
    hour, on a product that's been released for (current 1.06 version /only/)
    weeks, then it simply ain't been tested. Except maybe unit-tested by the
    people that wrote the code. Which *never* works.

    Or are we setting a challenge, here? I'm too busy at present (see above!)to
    see where in the Mozilla engine someone has started an array with 1 instead
    of zero.. but (experience says) that'll be the case. Feel free, Netizens, to
    put personal time where the mouth is... ;o)


    P.S. Hands-up who sizes their images in non-pixel units..?
    Hairy One Kenobi, Aug 18, 2005
  5. Imhotep

    Winged Guest

    A lot depends on the audience visiting the website. For example: One
    might find Mozilla flavors much more at a Linux site versus a free
    windows program download site.

    I always liked The statistics at w3 schools (good free training site for
    those inclined).

    The stats are skewed due to their visitors. I would consider their
    19.8% Firefox measurement high. I found the indicative downturn with
    Firefox coincides with several quick upgrades to fix critical issues,
    and a number of Microsoft press heads clamoring how Firefox is no more
    secure, which in some ways, has some truth to the issue.

    That said I am still a Firefox user as I don't have sites hounding me to
    turn on activeX before the let me peruse their site. If you turn off
    ActiveX and all the other vulnerabilities, IE can be relatively safe,
    but the bad guys don't cooperate. I have only been prompted for ActiveX
    at Microsoft, with Firefox I don't get nagged elsewhere and I just like
    it better.

    Firefox usually fixes quickly, unlike IE which may take months or even
    years to fix known holes. But Avant, for example, is a much more secure
    overlay for IE interface and even has tabbed browsing, however because
    it is built on top of IE has "some" of the same vulnerabilities, but it
    stops a number of other holes in IE..shrugs.

    In the same vein for testing IE communications MS has a free tool called
    fiddler that can enlighten on on server client communications and even
    can be used to probe a site for various specific vulnerabilities. I
    have found the tool useful for looking at various http communications.

    Back on the original subject:

    The following is an article that Linux acceptance is gaining ground in
    US Government.

    It seems, as always, various agencies policies vary by the person
    driving at the moment, usually without a steering wheel.


    I was perusing NIST and came across this list of NIST security
    checklists for various computer OS's and products. I have just started
    looking at some of these documents specifically XP, but there is a lot
    of information in these lock down guides. It took a bit for me to drill
    down to the actual guides but there is a treasure trove of information
    on locking down and securing various systems. Thought I'd pass it along.

    Winged, Aug 18, 2005
  6. Imhotep

    Winged Guest

    Well to some there are advantages, for example .NET applications. Not
    saying I concur totally, but there are some business applications that
    are more robust, faster to production, and allow improved security
    features using .NET. .NET allows one to use more code more language
    types even more insecurely :)

    Yes, we have used Java to build applications, but this induces a number
    of developmental issues, and there are a number of things Javascript
    doesn't do easily, for example: run a text editor with dictionaries etc
    from the Web application. We have done this in JAVA, but there are
    security issues induced in the JAVA application environment that relate
    to application layer communications.

    I do not know if .NET is the driver in this case, but I suspect it may be.

    Winged, Aug 18, 2005
  7. Imhotep

    Imhotep Guest

    Say what you want about netscape. opera, etc. However, MS INTENTIONALLY
    makes there crapware browser non compliant because it fitsthere business
    plan. It will get worse...

    Imhotep, Aug 18, 2005
  8. Imhotep

    Imhotep Guest

    Jim, come on....
    Imhotep, Aug 18, 2005
  9. Imhotep

    Jim Watt Guest

    IMG SRC="checkin1.jpg" WIDTH="100%"

    But you are quite right, its the exception rather than
    the rule. Problem today is the extremes of screen
    size one has to cater for. Also if one is stretching
    an image it has to be capable of resizing without
    turning to crap. The above one is.
    Jim Watt, Aug 18, 2005
  10. Imhotep

    Jim Watt Guest

    True, however mine is a good example as its of general
    interest and has a high volume. The pages are of a wide
    age and should be browser neutral. The earlier ones were
    designed for netscape 3 in mind at 480 x 640.
    Jim Watt, Aug 18, 2005
  11. Ah. So what you're saying is that a theoretical, unreleased, version on IE
    will be worse that the whole series of errors that I posted for the current
    FireFox release?

    Nice to see that blather is s-o-o-o-o-o much more important than what has
    already been reliably tested to fail years-old tests. Not.

    Hell, given the gauntlet I threw down in the other thread, perhaps you'd be
    willing to pay me real money to find at least one of these Mozilla/Firefox
    bugs/shortcomings..? Very much Dutch courage, in my case, as I haven't even
    looked at the code. Gotta be better than "Ravi Patel", though. You really,
    really /don't/ want to know! (Even assuming that someone still teaches
    FORTRAN IV) ;o)

    Hairy One Kenobi, Aug 19, 2005
  12. Imhotep

    Jim Watt Guest

    its a religious crusade and the only thing he 'knows for
    sure' are that me and Mr Gates are 'bad people' take care
    otherwise you will be added to the list :)
    Jim Watt, Aug 19, 2005
  13. Imhotep

    Imhotep Guest

    ....Honestly, I think the best source for this kind of statistics would be a
    site like is neutral and used by everyone. Furthermore
    searching for data is such a common task that the data would probably be
    closes to the truth...
    Imhotep, Aug 20, 2005
  14. Imhotep

    Imhotep Guest

    That is the thing you confuse Jim. People like me do not care about Mr.
    Gates. I am neither for nor against him. We do not like the business
    practices of Microsoft as a company. We do not like how they have forgot
    the general rule of business "The best product at the best price wins."

    Instead they lie, they practice illegal business practices so as to keep
    their rivals at bay. That is NOT a fair free market by any definition. They
    will have more legals battles with more governments in the near future,
    mark my words.

    Imhotep, Aug 20, 2005
  15. Imhotep

    Jim Watt Guest

    Nonsense, it would be skewed against AOL and MSN users
    for a start. But when you have a website with some reasonable
    traffic come back with the stats. You could start one with your
    views on computer security, or life in general, and see how it

    heres some figures for

    Browser % of Total Visitors
    1 Internet Explorer 6.x 68.27%
    2 Netscape 6.x 11.91%
    3 Internet Explorer 5.x 8.43%
    4 Others 4.00%
    5 Netscape 4.x 2.14%
    6 Opera 98 0.94%
    7 Netscape 7. 0.94%
    8 Netscape 5.x 0.80%
    19 Netscape 2.x 0.13%

    Yes there are still people using Netscape 2 not sure
    how they manage with other sites.
    Jim Watt, Aug 20, 2005
  16. Imhotep

    Imhotep Guest

    I see your point but, don't agree with 100% of it. My point is that google
    has become more than a search engine. In fact the other day my mother, of
    all people, actually said "Google it" when someone asked her for a name of
    a web site. Now she is a AOL user. Google has become so popular that all
    users are aware and seem to be using it. This is why I would trust their
    data. 1) All users use it 2) it is a search engine and as such the content
    is universal and not tied to any genre.

    Nothing personal I am sure your data is probably "in the ball park" but, I
    would bet Google's data is pretty damn close to the real numbers.

    Again, the browser stats are well off topic as I posted this to alert people
    that the Music Industry and Microsoft is trying everything it can to rid
    the World of Linux/BSD....

    Imhotep, Aug 21, 2005
  17. Imhotep

    Jim Watt Guest

    Even if they were representative, which they are not we do not have
    access to Google's logs and which google ? is going to be
    different to

    Companies are interested in making a profit and addressing the largest
    markets, one of the things MS have done is defragment to market in the
    same way that IBM did in introducing a 'standard' PC

    It takes less time to design for IE only and time is money. Having
    said that my pages are browser neutral and tested with firefox - quite
    how they look in opera and some of the wierd minority products is
    another thing.
    Jim Watt, Aug 21, 2005
  18. Nope - they're a search engine seeking to become a universal source of
    "information by searching".

    The verb "to Google" entered even respectable UK dictionaries a fair few
    years ago.

    Now, was there a point to all this? Regarding typical browser utility (and,
    hopefully, with some form of ultimately tenuous reasons as to why this might
    be of interest to this particular froup?), this looks to be more of a
    religious argument - "my POV" vs. someone else's "my POV".


    P.S. Still waiting for the HTML link to that particular fix... ;o)
    Hairy One Kenobi, Aug 21, 2005
  19. Imhotep

    Imhotep Guest

    Nope? Nope to what Google is not very popular?
    That illustrates my point. When a search engine has become so popular as to
    be included in a dictionary, you can bet that all sorts of people are using
    It was a side discussion about browser stats. I simply made the comment that
    getting the browsers stats from a popular search engine would probably be
    more accurate than a small specialized web site.
    ...again, please read the previous posts. This was a side discussion...
    Not everything has to do with religion....neither is this...simply a talk
    about getting accurate browsers stats...

    Google it

    Imhotep, Aug 22, 2005
  20. Imhotep

    Imhotep Guest

    Good point. It would be nice to compile the stats for all of there sites. I
    have no idea what they would tell us but, I would trust that data over
    other sources again because they are popular and 2) everyone does searches
    pretty regularly...
    If you are truly interested in the largest market for your product then I
    would thing you would want your site to be neutral...why setting for only
    80% of browsers able to view your sites when you can get 100%. Now, there
    are many web based building applications that allow you to choose which
    browsers you want to be compatible with (Macromedia Dreamweaver, etc). So,
    I am sorry but again I see your point but do not agree with 100% of it...
    Not true. Look at Macromedia's Dreamweaver. At the start of building a site,
    I click the browsers I want to be compatible with and go. It takes 10
    seconds and the app builds the code....Time is money and that costs about
    10 cents but, the benefit of having 100% of people able to view my sites is
    the real money...
    Now, I will give you credit for that. I too do not want to rule anyone out
    when viewing my sites...

    Imhotep, Aug 22, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.