Slashdot Mirror

← Back to Stories (view on slashdot.org)

Does IE8 Really Pass Acid2? [Updated]

Posted by kdawson on from the two-green-eyes-please dept.

thevirtualcat found some inconsistencies in IE8's Acid2 results that made him wonder what's going on. Can anyone replicate these results or, better yet, explain them?
Update: 03/22 23:54 GMT by KD : Several readers pointed out this has to do with cross-site scripting prevention, as described here.

174 comments

  1. The answer... by 26199 · · Score: 5, Informative

    As TFA mentions (at the very end!) this is explained here.

    Summary: cross-site security means that if you move the test off the original domain, the test changes. In fact IE8 does the wrong (nonstandard) thing in these cases, but according to them it's more secure (it fails earlier). They're considering making it more standards compliant once they're convinced it's secure enough.

    1. Re:The answer... by 26199 · · Score: 4, Insightful

      In a word, no.

      Next anti-Microsoft flame, please?

    2. Re:The answer... by zappepcs · · Score: 5, Interesting

      I can go one better for you. Technically, MS is correct. MS is thumbing it's nose at standards because they can say "Look, we did it your way. We made IE8 extremely secure and now you claim it's broke. We are not the people that broke web browsing and the Internet, you did it. If we did everything people suggest the Internet just doesn't work."

      To a point, they are right, but they did this to show they are better and only seem insecure because if they don't do such things as they have done the Internet will not work. Oh yes, btw, those other browsers are not secure either... see how their stuff still works?

      --
      Support NYCountryLawyer RIAA vs People
    3. Re:The answer... by jonaskoelker · · Score: 1
      I think the argument for Microsoft's decision is interesting:

      To maintain compatibility and be secure by default we didn't want to invoke fallback either, as original web authors might not have intended this behavior. I thought IE8 was about fixing all the broken behaviour (and becoming incompatible in the process)? As for the "web authors might not have intended this behaviour" point... why would web authors expect non-standard behaviour? The only way I can think of that would a web dev expect IE8's behaviour is if the site is coded specifically against IE8's behaviour. I'm thinking security requires predictability: if you don't know what your code is doing, how can you know it's secure?
    4. Re:The answer... by peragrin · · Score: 0

      The only reason MSFT has to do this though is because of the mess MSFT created with ActiveX controls. No one else is as vulnerable as MSFT is because no one else is dumb enough to use activeX, an Pi with total and complete remote control over your computer. Grated MSFT has been locking it down over the years, but it wasn't designed to be secure to begin with, and as such runs into numerous problems now.

      --
      i thought once I was found, but it was only a dream.
    5. Re:The answer... by Berserker · · Score: 1

      IE8 is definetely not ready for prime time. Just point it to maps.google.com , it makes a royal mess. However, I haven't found any really bad problems with Apples Safari for windows other than it's faster than IE8, but I think most browsers are now:-)

    6. Re:The answer... by kat_skan · · Score: 4, Informative

      Actually, Microsoft is not correct. The browser is supposed to be unable to load the object that is tripping IE's cross-domain security features. Regardless of whether the object fails to load because of security policies or because the resource flat out doesn't exist, the test is constructed so that the browser will display the fallback content for the object, which IE does not do.

    7. Re:The answer... by WhyMeWorry · · Score: 1

      Interesting. The blog actually gave enough information to state that the problem is Microsoft's. They explicitly state that they have chosen an implementation mechanism which creates a potential security problem. The bad rendering is indeed caused by security measures but the security problem is coming from Microsoft's implementation. If this causes them to change their rendering model it would be great.

    8. Re:The answer... by Skeetskeetskeet · · Score: 0

      Looks like someone from Microsoft is on break in the rec room.

      --
      Yeah, my karma sucks....but so do the mods.
    9. Re:The answer... by Brett+Buck · · Score: 1

      Right - but the problem is that it's using ActiveX for something where it shouldn't be required. And then the ActiveX security checks bomb it out. At least you can give them some credit for attempting to overcome the train wreck that constitutes ActiveX but the real solution is to just *get rid of ActiveX* and make it work correctly without it.

              Brett

    10. Re:The answer... by plague3106 · · Score: 1

      Yes, and then you'll scream "they broke everyone's site that was depending on AX!!!one!" And of course that's a great way to encourage users to upgrade to a newer more secure browser. Make sure it doesn't work with the company intranet. Wonderful.

    11. Re:The answer... by perlchild · · Score: 1

      So the behaviour mandated by the standard is insecure?

      And nobody thought to update the standard?

    12. Re:The answer... by cheater512 · · Score: 4, Informative

      Microsoft did the correct thing with the cross domain scripting stuff.

      However they then ignore the fall back content hence the problem.
      The standard says that if there is a problem with the object tag then the html inside the html tag should be shown.
      IE8 has a problem with the object tag and then ignores the fallback completely.

      Why does it work on the official site?
      Because its not cross scripting anymore, instead it fetches the page and gets a 404.
      It then uses the fallback content.

      In summary: Microsoft is making their own standard as per usual.

    13. Re:The answer... by HeroreV · · Score: 1

      Sort of. Their response was to claim that because the failure didn't occur on the original test (ignoring this, where IE8 also breaks), that the mirrors are unfair because they test something which the original did not.

      IE8's behavior is definitely wrong (and has nothing to do with XSS), but Microsoft claims the original test didn't test that particular behavior, so failing on that doesn't mean they fail the original test.

      It's not that big of a deal since this will most likely be resolved before the next release.

    14. Re:The answer... by cheater512 · · Score: 1

      No, the security checks are fine.

      The test in question should get a 404 then display the fallback content.
      Move it to a different domain and it fails the security checks but doesnt show the fallback content.

      A clear violation of the standard and IE 8 gets the FAIL rubber stamp.

    15. Re:The answer... by pohl · · Score: 5, Informative
      So the behaviour mandated by the standard is insecure?

      No, that is not the case. IE8 is trying to prevent exploitation of their own, proprietary ActiveX API, and simply needs to make some minor corrections to make sure that they do it in such a way that does not violate the standards. The standards don't need to be revised since nobody else implements the swiss cheese that is ActiveX.

      --

      The "cue the foo posts in 3, 2, 1..." posts will commence with no subsequent foo posts in 3, 2, 1...

    16. Re:The answer... by Anonymous Coward · · Score: 0

      MS implemented anti XSS protection? I guess it includes a lock that prevents it from blocking annoying ads by MS allies and a bug that prevents it from protecting the user from actual XSS attacks...

    17. Re:The answer... by ZephyrXero · · Score: 1, Interesting

      Who cares if they're ACID2 compliant anyway? That's old news now... Let me know when they can pass ACID3

      --
      "A truly wise man realizes he knows nothing."
    18. Re:The answer... by Silvrmane · · Score: 1

      Pass Acid 3? Is there a browser that can properly display the page you linked to? What is with all the "t"'s in reversed yellow boxes?

      --
      planet texture maps and more
    19. Re:The answer... by Anonymous Coward · · Score: 1, Interesting

      sorry but I have to agree with MS here (spit). The website is trying to get you to do something that is a security violation plain and simple and a significant security violation at that, security should override standards/compliance/or web page niceness, it should and does refuse to run that section and all bets should be off after that. Acid is in the wrong here.

    20. Re:The answer... by VGPowerlord · · Score: 5, Insightful
      I disagree. It should fall back to the data url when loading the other object failed. Not only that, but the HTML standard agrees with me on this:

      If the user agent is not able to render the object for whatever reason (configured not to, lack of resources, wrong architecture, etc.), it must try to render its contents.

      and

      One significant consequence of the OBJECT element's design is that it offers a mechanism for specifying alternate object renderings; each embedded OBJECT declaration may specify alternate content types. If a user agent cannot render the outermost OBJECT, it tries to render the contents, which may be another OBJECT element, etc.
      --
      GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
    21. Re:The answer... by Bill,+Shooter+of+Bul · · Score: 4, Interesting

      I can't say for certain who is int he right with this m=particular issue, but there is a larger issue here. If following a standard leads to an unavoidable security hole, should your follow it ?

      --
      Well.. maybe. Or Maybe not. But Definitely not sort of.
    22. Re:The answer... by zerocool^ · · Score: 1

      See, I agree with you, but this is what I got flamed for a couple of weeks ago:

      http://slashdot.org/comments.pl?sid=476844&cid=22660062

      The ACID Test is a measure of HOW WELL A BROWSER DOES ON THE ACID TEST, not how standards compliant it is, and not a measure of it's worth.

      Wish we'd get over the acid test already.

      --
      sig?
    23. Re:The answer... by VGPowerlord · · Score: 2, Informative

      But why is it OK to process the fallback (a data url) if the failed page is on the same domain, but not if it's on a different domain?

      The spec says you must try to render the fallback if an object is not processed because the browser is configured not to render it. I quoted the relevant section in my last post.

      --
      GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
    24. Re:The answer... by Bill,+Shooter+of+Bul · · Score: 1

      Again, I'm not clear on this specific issue. I'm talking about in general should you follow an insecure standard, or break it to make it more secure?

      --
      Well.. maybe. Or Maybe not. But Definitely not sort of.
    25. Re:The answer... by MickDownUnder · · Score: 1

      It's a beta.

      Why don't you save the huffiness for when it's actually released?

      They'll probably fix this issue for the RTM.

    26. Re:The answer... by cheater512 · · Score: 1

      I'm huffy because the MSN Blog article about is boasting about how its really secure.

    27. Re:The answer... by MickDownUnder · · Score: 1

      It didn't sound like boasting at all, I think you've read that into the article. To me it sounded like a simple explanation disparity between results on the acid 2 tests. It simply states the behavior is due to how they have implemented security on cross domain content, it doesn't say this is the appropriate behavior, failing to process the html within the object tag is probably NOT the appropriate behavior. I think the only defensiveness I can see in this post, is that they don't want people leaping to a more cynical conclusion for the issue that they have simply written code in IE8 that looks like if (url == acid2 test) print acid2 graphic

    28. Re:The answer... by ronadams · · Score: 1

      The Acid test uses actual web standards. Therefore, browsers that pass it conform to the web standards used in the test. Does that sense to you now? Can you understand how a browser passing the Acid test might represent some degree of conformance to WC3 standards?

      --
      Appended to the end of comments you post. 120 chars.
    29. Re:The answer... by amorsen · · Score: 1

      I'm talking about in general should you follow an insecure standard, or break it to make it more secure? Do you find that to be a difficult question to answer?
      --
      Finally! A year of moderation! Ready for 2019?
    30. Re:The answer... by jimbojw · · Score: 1
      At the bottom, TFA links to this IEBlog which states:

      To maintain compatibility and be secure by default we didn't want to invoke fallback either, as original web authors might not have intended this behavior.

      Dear MS:

      A fallback, be definition, means that if you can't render the original, fall back to this content. This is exactly what the web author would have wanted. Thank you.

    31. Re:The answer... by bhtooefr · · Score: 1

      Actually, in those cases, what would happen is nobody would update to IE8, and they'd just keep running IE7.

      The cost of moving to a browser that doesn't support ActiveX (read: rewriting all ActiveX-dependent applications) has got to be higher than the cost of running IE7.

    32. Re:The answer... by plague3106 · · Score: 1

      Yes, that was my point, that people would run IE7 even though 8 might actually be more secure / more standards compliant.

    33. Re:The answer... by Blakey+Rat · · Score: 1

      Actually, I'd really like to hear from someone why the hell I should care. 140+ comments on some crazy test that shows conditions that will never actually arise in actual websites, and, to boot, doesn't have any guarantee that the browser can render *correct* code correctly? This is a total waste of time.

      I'd much rather Microsoft, or any browser maker, put in actual features rather than spending all their time testing obscure error conditions that'll never come up in practice.

      --
      Comment of the year
    34. Re:The answer... by Anonymous Coward · · Score: 0

      The standards say yes.

    35. Re:The answer... by Bill,+Shooter+of+Bul · · Score: 1

      If the answer comes to you too quickly, I'm not sure you understand it. Its not a specific situation that you can easily make a decision on, its one where you should have to imagine different scenarios where there might be a real conflict between the two with no good answer. The mental exercise should help you, if you should ever have to design such a spec yourself. There are some situations in which the two are in conflict in the web app security space. I imagine Microsoft is also confronted with the issue often as well. Its one well worth spending some time contemplating.

      --
      Well.. maybe. Or Maybe not. But Definitely not sort of.
    36. Re:The answer... by amorsen · · Score: 1

      Its not a specific situation that you can easily make a decision on, its one where you should have to imagine different scenarios where there might be a real conflict between the two with no good answer. I just have trouble finding a case where security doesn't take priority.
      --
      Finally! A year of moderation! Ready for 2019?
    37. Re:The answer... by Anonymous Coward · · Score: 0

      Is it? It might arguably be one, but it's pretty moot considering the nature of that type of situation. Security is written into the specs. I don't know if you've misunderstood somewhere, but the web standards are not written with a look-at-the-pretty-things-we-can-do intent. The standards are written to define proper user agent behavior when coming upon various content; security is definitely a major consideration during the spec writing process. The pretty-things are an accessory.

      A lot of the processes that browsers go through when making security considerations are there because of the standard. If that wasn't the case, if the spec writers delegated this type of stuff to the browser developers, as an implementation-dependent "gray area," to act in what the developers feel is the best practice, then the browser makers would attempt to safeguard against all loopholes that occurred to them during development, then after deployment would be when bugs were filed along the lines of "Security risk: there's a flaw in the design of the way <whatever> is handled."

      But that's not the way things are done. The way things actually work is that the developers in the previous scenario are replaced by spec-writers and the bugs filed against the software are instead bugs filed against the spec. So any input about possible design flaws is made before the design process has ended.

      Not to mention, that, again, this is all a moot point since this is irrelevant to the topic of the article, so to pursue that avenue of thought is no more than a red herring.

    38. Re:The answer... by rrkap · · Score: 1

      I just have trouble finding a case where security doesn't take priority.

      How about: The contract you're working under specifies that your product will meet the standard.

      --
      I like my beverages with warning labels!
    39. Re:The answer... by Bill,+Shooter+of+Bul · · Score: 1

      I suggest you look into the nature of the Cross site Request forgery. How do you prevent that in a browser and stay compliant to the relevant standards? failing to do so could put your users in jail

      I think general situations are more interesting than specific ones.

      --
      Well.. maybe. Or Maybe not. But Definitely not sort of.
    40. Re:The answer... by zerocool^ · · Score: 1

      The Acid test uses actual web standards. Therefore, browsers that pass it conform to the web standards used in the test.

      Well, yes and no. The acid test, where actual web standards are well established and universally agreed upon, does test these. But the problem with the acid test is that in all actuality, it tests a series of obscure, next-generation "standards", some of which haven't been hammered out in their entirety. Which means, in this case, that the Acid 3 test, and the Acid 2 test before it, at the time they were released, didn't test web standards. They tested the author's *interpretation* of web standards.

      This is one of those situations, in IE8. It fails in a more secure way than the acid 2 test dictates. Well, who's to say that after actually reading the standard that Microsoft is wrong the way they did it? Have you read the spec? I have, and it is written in such a way that it's open to interpretation.

      Therein lies the crux of the Acid Test Testing Model - it assumes that it tests for well-established tests with no room for interpretation, when in actuality, not only is the test not indicative of real-world usage, but also in the real world, we deal with standards that are fluid, moving targets, and that have a lot of wiggle room for interpretation.

      Not to mention, what's the point of a test that no browser passes? Who gives a shit? That's like an independent car testing company developing a test that says that a car should be able to slam into a steel wall 6 ft thick at 150 miles per hour and also have a bomb go off in the trunk, and all of the passengers should be present with not only an airbag to save their lives, but also a pleasant scent of lilac for their troubles.

      Not gonna happen, and also utterly and completely worthless in the real world. As proof of this, when websites fail in Safari, where to people turn? Firefox, if they have the option - firefox, according to the Acid test is *LESS* standards compliant than Safari, but somehow *MORE* functional. And when Firefox doesn't work, where to people turn? Internet Explorer, which is HORRIBLE at standards compliance. Why is this? You could say it's because everyone who isn't safari is doing it wrong. But you'd have 99.999% of the browser-using population that doesn't care about your bullshit, and just wants to be able to view their webpage / play their web game / order their new shoes / view their video.

      In my book, 99.999% writes the standard. The other 0.001% who think they're right, and everyone else is wrong, can go piss up a rope.

      Get over the acid test.

      ~Wx

      --
      sig?
    41. Re:The answer... by amorsen · · Score: 1

      How about: The contract you're working under specifies that your product will meet the standard. You generally don't get to make moral judgements about contracts after the fact. The issue is out of your hands, as long as the other party to the contract is informed about the implications.
      --
      Finally! A year of moderation! Ready for 2019?
  2. Answer by gcnaddict · · Score: 1, Redundant

    Problems with IE8's Acid2 results stem from cross site scripting issues which they're still working on. Rendering is done just fine, but the cross site scripting is posing a problem.

    I heard the exact details about this over at MIX but I don't remember them now.

    --
    Viable Slashdot alternatives: https://pipedot.org/ and http://soylentnews.org/
    1. Re:Answer by ClubStew · · Score: 1

      There aren't cross-site "issues" regarding this situation. It's all intention, failing cross-site attempts early as a security precaution.

  3. Known Cross-domain security issue by Ececheira · · Score: 5, Interesting

    The reason you're seeing the result is due to an "overly secure" default for beta 1 when it comes to cross-domain embedded objects.

    Here's the explanation:
    http://blogs.msdn.com/ie/archive/2008/03/05/why-isn-t-ie8-passing-acid2.aspx

    Google is your friend next time... :)

    1. Re:Known Cross-domain security issue by GravityStar · · Score: 1
      It's an interesting argument. Well, not because of what it says in the blog. But because it makes me question what exactly should be considered cross-site. There can be two opinions on where a potential cross site exploit is located in the html.
      A:
      <object data="data:application/x-unknown,ERROR">
      <object data="HTTP://WWW.EVIL.INC/404/" type="text/html">
      <object data="data:*the eyes DATAURI* ...>
      </object>
      </object>

      B:
      <object data="data:application/x-unknown,ERROR">
      <OBJECT DATA="HTTP://WWW.EVIL.INC/404/" TYPE="TEXT/HTML">
      <OBJECT DATA="DATA:*THE EYES DATAURI* ...>
      </OBJECT>
      </object>

      The evil code is either the EVIL.INC url by itself and only that, or the entire object with all of its contents that were tainted by the cross-site url. In the first case, we can safely render the embedded fallback, in the other case the fallback has become as suspicious as the cross-site url. I don't believe cross site vulnerabilities, and how browsers should react to them or avoid them, are mentioned anywhere in the HTML spec.

      I don't know, both possibilities can be valid. I'm glad I don't build browsers.

  4. Comment removed by account_deleted · · Score: 2, Informative

    Comment removed based on user account deletion

  5. On another note... Acid3 by urbanriot · · Score: 0

    Did anyone else find it intriguing that a day or two Microsoft announces that they passed Acid2 with IE8, The Web Standard Project announces Acid3 which IE8 epically fails?

    1. Re:On another note... Acid3 by Anonymous Coward · · Score: 1

      I would go with "inaccurate" over "intriguing", actually.

    2. Re:On another note... Acid3 by urbanriot · · Score: 1
      Care to elaborate?

      I read on various web sites that IE8 passes Acid2... a day or two later I read that Acid3 has just come out, and IE8 fails. Can you correct the inaccuracies please? I'm sincerely curious of the truth.

      I would go with "inaccurate" over "intriguing", actually.
    3. Re:On another note... Acid3 by LostCluster · · Score: 1

      Notice they have a "Task Force" for testing Microsoft, but no such group for Firefox, Opera, Safari, etc.

    4. Re:On another note... Acid3 by Your.Master · · Score: 4, Informative

      The IE team announced their internal IE8 build passed Acid2 in mid-December. Acid3 was released March 3. IE8's first public beta went out on March 5.

    5. Re:On another note... Acid3 by Anonymous Coward · · Score: 0

      Acid3 has been in the works since before IE8 passed Acid2, and is still not finalized.

    6. Re:On another note... Acid3 by LighterShadeOfBlack · · Score: 3, Interesting

      Acid3 had been in development for 11 months so it's not like this suddenly sprung into existence overnight to "prove" Microsoft's inadequacies or anything. Even if you consider the release date to be intriguing, I'm not sure what difference you think the Acid3 developers thought it would make to have IE8 fail Acid3. It's not like there are really any users who decide which browser to use based on its ability to accurately render complete standards anyway. Most people don't know what the web standards Acid tests are and won't care even if you tell them.

      Putting all that aside, it would still hardly constitute some unfair conspiracy. For one thing every other renderer in released browsers fails quite miserably at it too. Secondly, it's not some arbitrary test, Acid3 measures accuracy of conformance to DOM and ECMAscript standards. Acid3 didn't just make up the standards on the spot, they have existed for years and IE could have (and should have) been attempting to conform the whole time (as should every other renderer).

      In other words: No, I don't find it intriguing. It's a mild coincidence, nothing more.

      --
      Spelling mistakes, grammatical errors, and stupid comments are intentional.
    7. Re:On another note... Acid3 by ben+there... · · Score: 3, Insightful

      Notice they have a "Task Force" for testing Microsoft, but no such group for Firefox, Opera, Safari, etc. Not that surprising, really. There are entire websites devoted to helping web designers hack around IE bugs. If only a single browser could pass Acid2 and Acid3, ideally that browser would be IE. It's used by the most people, so you must design around its flaws. Not to mention, if that were to happen, Firefox and Opera would do everything possible to catch up immediately. Then we wouldn't have to hack around any browser's flaws.
    8. Re:On another note... Acid3 by daveb · · Score: 1

      >if that were to happen, Firefox and Opera would do everything possible to catch up immediately. But firefox doesn't pass acid2 either. I must have missed your point (or you're wrong)

    9. Re:On another note... Acid3 by urbanriot · · Score: 1
      Ah, okay, I must have missed that December announcement and from my point of view, it seemed like new news as the 'internet', Slashdot front page and IRC was buzzing about it. In fact, I'd seen the link to "IE8 Passes Acid2" pasted to IRC at least ten times a few weeks back... and then "IE8 Fails Acid3" a few days later.

      Ah well, I guess I'll put my tin foil hat back on.

      The IE team announced their internal IE8 build passed Acid2 in mid-December. Acid3 was released March 3. IE8's first public beta went out on March 5.
    10. Re:On another note... Acid3 by calebt3 · · Score: 1

      You obviously do not have the beta.

    11. Re:On another note... Acid3 by 10101001+10101001 · · Score: 1

      I believe his point was that if IE supported Acid2 and Acid3, Firefox and Opera would strive even harder to maintain competitive against IE with even further standards compliance. But, that'd seem to be a general truism, given how Firefox and Opera are already striving rather hard for standards compliance.

      --
      Eurohacker European paranoia, gun rights, and h
    12. Re:On another note... Acid3 by Naughty+Bob · · Score: 5, Funny

      Did anyone else find it intriguing that a day or two Microsoft announces that they passed Acid2 with IE8, The Web Standard Project announces Acid3 which IE8 epically fails?
      It's like this- The Web Standards Project is like a kindly teacher, who waited patiently for the slowest kid in the class to understand the current lesson, before moving on to the next one.
      --
      "Be light, stinging, insolent and melancholy"
    13. Re:On another note... Acid3 by BobPaul · · Score: 1

      >if that were to happen, Firefox and Opera would do everything possible to catch up immediately.

      But firefox doesn't pass acid2 either. I must have missed your point (or you're wrong) You must have. His statement is as follows:
      if( IEPasses(ACID2) && IEPasses(ACID3) ) {
          FirefoxWorkHarder(StandardsCompliance);
          OperaWorkHarder(Standardcompliance);
      } else {
          continue(PresentSituation);
      }
      We're stuck in the else case since, you know, IE doesn't pass both tests yet...
    14. Re:On another note... Acid3 by sltd · · Score: 1

      IE8 Beta 1 - 18%
      Firefox 3 Beta 4 - 68%
      Safari - 75%

    15. Re:On another note... Acid3 by Malevolyn · · Score: 1

      But then that code just terminates before reevaluating whether or not IE passes the Acid tests. This would work better:

      while (1) {
      while (!IEPasses(ACID2) || !IEPasses(ACID3)) continue(PresentSituation,60*60*24*365); /* wait 1 year, then break loop to check again */
      FirefoxWorkHarder(StandardsCompliance);
      OperaWorkHarder(StandardsCompliance);
      }

      Assuming, that is, that this is an ongoing cycle for the rest of eternity. This could probably be a little more elegant, too.

      --
      Your ad here.
    16. Re:On another note... Acid3 by daveb · · Score: 1

      true - i don't

    17. Re:On another note... Acid3 by Nethemas+the+Great · · Score: 1

      Catch up? 64bit build of Konqueror 4.0.2 on my Gentoo box is pulling a score of 61 on the Acid 3. Firefox 2.0.0.12 is only scoring 52. If the anecdotes of others are correct, IE 8 can't even break 20.

      The IE team is playing games with site developers. They have the market share and couldn't care less whether or not they follow standards. This is the company that instructs their development teams to come up with ways of ensuring that cross compatibility is not possible. They're forcing web developers to spend all of their time working out the idiosyncrasies of IE so that there's no time/budget left to ensure a quality user experience with other browsers. It isn't by accident nor incompetence that IE refuses standards and is such a problematic pain the in hind end to develop content for.

      --
      Two of my imaginary friends reproduced once ... with negative results.
    18. Re:On another note... Acid3 by Anonymous Coward · · Score: 0

      Yes, but acid3 is structured, so I hear, so that later tests are dependent on earlier tests, meaning if you fail early, but are more compliant, you get a lower score.

    19. Re:On another note... Acid3 by Your.Master · · Score: 1

      In the GP's case, perhaps he's using a language where continue is not a keyword but is in fact the function you were looking at, and therefore the else case is in fact recursive.

    20. Re:On another note... Acid3 by Malevolyn · · Score: 1

      Actually, I was assuming just that. But since there was no API reference for continue() in the GP's language, I can't assume it will return in such a way that the block will be reevaluated.

      --
      Your ad here.
    21. Re:On another note... Acid3 by Tony+Hoyle · · Score: 1

      Safari 3.1 is at 75, and looks pretty close to the correct image.
      Firefox 3 beta allegedly gets 63 (haven't tested that yet, just downloading it. btw. didn't realize the mozilla downloads were hosted on facebook before..)

    22. Re:On another note... Acid3 by rdavidson3 · · Score: 0

      It is also interesting to note that Firefox 3 beta 4 scored a 68 / 100 on the Acid3 test.

    23. Re:On another note... Acid3 by Tacvek · · Score: 1

      Acid3 has been in the works since before IE8 passed Acid2, and is still not finalized. Really? Looking at http://www.webstandards.org/press/releases/20080303/ I see "The Web Standards Project (WaSP) today announced the release of Acid3, the latest in a line of tests designed to expose flaws in the implementation of mature Web standards in Web browsers." That implies to me that it is intended to be final. Hixie will surely fix any test in Acid3 that turns out to be broken, assuming of course any of the tests are broken. Otherwise, the test will probably not be changing from this point forward.
      --
      Stylish sheet to fix many problems in Slashdot's D3: https://gist.github.com/801524
    24. Re:On another note... Acid3 by 99BottlesOfBeerInMyF · · Score: 1

      Safari 3.1 is at 75, and looks pretty close to the correct image.

      I'd add the Webkit nightly (Plus Safari) is up to 95, as of yesterday night.

      Firefox 3 beta allegedly gets 63

      The Firefox 3 beta For OS X and Linux scores a 67, or at least it did the day after the Acid 3 was finalized. The Firefox 3 beta for Windows scored a 59. There may be a newer beta by now.

      Note: all these numbers were from my own testing on the same machine, not claims from others.

  6. IP address by sdhoigt · · Score: 1

    Dude, you forgot to mask out your IP address in one of your screens.

    SD

  7. Incorrectly set up website fails to render by Gordonjcp · · Score: 2, Funny

    Film at 11.

  8. I smell bullshit at the IE blog by Dracos · · Score: 3, Interesting

    The Acid tests are test cases used to assess a browser's web standards support.

    Yet, in the explanation of the incorrect rendering at the IE blog, AciveX is invoked, with some excuse about cross-domain security.

    ActiveX has absolutely nothing to do with Web Standards.

    This leads me to believe that MS plans to keep playing the Internet game by their rules for a while yet.

    1. Re:I smell bullshit at the IE blog by Chris+Snook · · Score: 5, Informative

      IE8 is using ActiveX *internally* because it can't natively render the html OBJECT. Invoking ActiveX triggers XSS checks. The bottom line is that they technically pass the test, but many web designers will do things that really should work, but won't in IE8. It's not because MS is cheating, just that they haven't fully implemented this feature, and they're erring on the side of caution with their partial implementation. Regardless of standards compliance, they'll need to fix this before IE8 is released.

      --
      There's no failure quite as dissatisfying as a complete and total solution to the wrong problem.
    2. Re:I smell bullshit at the IE blog by Anonymous Coward · · Score: 2, Insightful

      They said that their implementation uses ActiveX to handle HTML in OBJECT tags. They weren't saying the test was using an ActiveX control.

      Also, it was not an excuse, it is a reasonable security measure. Frankly, most web developers are far too reckless about security. Rule #1 of secure programming: be as paranoid as you can, and then be more paranoid. If you don't think that every user is out to get you, then you're not being paranoid enough.

      You obviously didn't comprehend what you read. :)

    3. Re:I smell bullshit at the IE blog by boltik · · Score: 1

      Rule #1 of secure programming: be as paranoid as you can, and then be more paranoid. If you don't think that every user is out to get you, then you're not being paranoid enough. And the use of ActiveX is amazingly consistent with rule # 1
  9. The FUD is deep today. by lantastik · · Score: 1

    n/t

  10. Re:Yes, that's true. by Naughty+Bob · · Score: 5, Funny

    M$ has gone it's own way so long that the quickest route for them to a standards compliant browser is to download Firefox.
    Another way would be to update iTunes....
    --
    "Be light, stinging, insolent and melancholy"
  11. Cross-domain == cross-site by poor_boi · · Score: 4, Interesting

    Microsoft is right to turn cross-domain restrictions on by default. Cross-domain is the same as cross-site, and we all know the pain XSS vulnerabilities can bring. The failure of "copies" of acid2 to render correctly in IE8 are actually due to the "copies" of acid2 being "copied" incorrectly. To copy the acid2 test, you have to make slight modifications to the test contents itself to update the test for the domain it is being hosted on. Them are the breaks of complex tests. Acid2 is a complex test and cannot simply be copied carte blanche.

    1. Re:Cross-domain == cross-site by Jerome+H · · Score: 2, Insightful

      "carte blanche"
      Please... don't use an expression that you don't understand.

      --
      int main() { while(1) fork(); }
    2. Re:Cross-domain == cross-site by Anonymous Coward · · Score: 0

      If they wanted to make it copyable, all they had to do was to make it a relative URL.

    3. Re:Cross-domain == cross-site by Anonymous Coward · · Score: 0

      Bullshit.

      wget the file, then pull it up in a browser. Click the Take the Acid 2 Test, and it should work with no failure.

      The following browsers find it just fine after a second, in which the eyes aren't shown (orange bar) Opera 9.50 beta 1, Konqueror 3.5.8. They correctly rendered from a local file.

      IE fails the test, due to improper handling of the object, and it's part of the test.

      In particular the eyes from the acid2 test (with most of the png removed):
      <div class="eyes"><div id="eyes-a"><object data="data:application/x-unknown,ERROR"><object data="http://www.webstandards.org/404/" type="text/html"><object data="data:image/png;base64,iVBORw0KGgoAAAANS...SuQmCC">ERROR</object></object></object></div><div id="eyes-b"></div><div id="eyes-c"></div></div> <!-- that's a PNG with 8bit alpha containing two eyes -->

      Can you guess where the failure is?

    4. Re:Cross-domain == cross-site by Bogtha · · Score: 1

      Making it a relative URL means they can't guarantee that the <object> element fails to render. They needed it to be an absolute URL so that they could be certain it returned a 404.

      --
      Bogtha Bogtha Bogtha
    5. Re:Cross-domain == cross-site by SuiteSisterMary · · Score: 1

      Indeed; the correct phrases to use here would be, 'as-is,' 'unmodified,' 'in toto' or perhaps even 'all willy-nilly.'

      --
      Vintage computer games and RPG books available. Email me if you're interested.
  12. If you're gonna try the test on your own site by Anonymous Coward · · Score: 0

    ...make sure you copy all the files the test depends on, and make hard-coded links such as http://www.webstandards.org/404/ to point to your copy. Not rocket science.

  13. This is not a security problem, per se. by WK2 · · Score: 3, Insightful

    IE8 has a problem initiating fallback content when a resource can not be acquired. This is exactly what this particular part of the acid2 test is meant to test, fallback code. The fact is, that IE8's fallback behavior works correctly in some cases, but not in others. Specifically, the fallback code works if the failed to acquire resource is supposed to be on the same domain as the acid2 test, whereas if they are on different domains, IE8's code fails to behave properly.

    The fact that the blog writer mentions security is a red herring. While it is true that this does have something to do with security code, the real problem is that the fallback behavior is poor.

    --
    Write your own Choose Your Own Adventure. http://www.freegameengines.org/gamebook-engine/
    1. Re:This is not a security problem, per se. by Anonymous Coward · · Score: 0

      So if the web standards made by whoever has a security bug in it, MS should purposefully code in the bug? That's the lamest excuse to bash MS I've ever heard and I read this site daily.

    2. Re:This is not a security problem, per se. by Anonymous Coward · · Score: 2, Informative

      You should read. The explanation that he gave, I will now give, in my own words, hoping that you will read them correctly this time.

      The portion of the acid2 test that is at issue with IE8 here works like this:

      1. The test has markup that points to an object at http://www.webstandards.org/404/; basically, the object's not there, on purpose.
      2. The test has subsequent markup that contains a data: URI with embedded replacement/fallback content.

      What should happen?

      Two claims:

      1. MS IE team: Because the lark document resides on a different domain if you run the test from another site, they feel it's insecure to check some other domain's content like that.
      2. Rest of us: We acknowledge that it is in fact nice of them to be security minded in this way, BUT the fallback content is still there, embedded in the test, and they should go ahead and render it if they aren't able to get the first-ordered content because of a 404 OR because they are paranoid.

      It's content designed to be used in the place of the real content if for whatever reason (offline browsing? paranoia? maybe the original content was eaten by a grue?)

  14. Simple stuff like CSS by Cruciform · · Score: 1, Insightful

    I was kind of hoping that IE8 would at least be more compatible with CSS as I possess only basic HTML skills and find it a huge pain to try and make things look similar in multiple browsers by using javascript hacks and other crap.

    But even the most basic CSS like

    margin-left: auto;
    margin-right: auto;

    to center a DIV doesn't work in IE8 while it works great in Firefox.
    Maybe I just read the wrong HTML/CSS tutorial sites but it would be nice if they rendered things consistently.

    1. Re:Simple stuff like CSS by Anonymous Coward · · Score: 0

      That works in IE7, I haven't tried IE 8 but it seems kind of odd that it would work in IE7 not IE8

    2. Re:Simple stuff like CSS by Anonymous Coward · · Score: 2, Informative

      Have you specified a valid doctype? Even IE8 will probably degrade into quirks mode without one, which will cause auto margins to fail.

    3. Re:Simple stuff like CSS by Bogtha · · Score: 4, Informative

      Auto margins failing to centre block elements is a hallmark of quirks mode, which means that you aren't using a doctype, which means that you are writing invalid code, which means that you aren't in any position to criticise others for not following the specifications.

      --
      Bogtha Bogtha Bogtha
    4. Re:Simple stuff like CSS by Rigrig · · Score: 1

      I was kind of hoping that IE8 would at least be more compatible with CSS as I possess only basic HTML skills and find it a huge pain to try and make things look similar in multiple browsers by using javascript hacks and other crap. Just assume ie* needs special treatment. The way I see it, the more ie8 is 'ms standards compliant' the more work I'll have updating the hacks that made any page look ok in ie7.
      Whenever I work on a personal project though, I check it's standard compliant, and don't care if it doesn't look so good in ie. If it looks the same in firefox, safari and opera, passes the validator and is readable in ie, I'm not going to bother with any ie-specific code.(haven't really encountered any page ie breaks hard enough to make it unusable in ie so far)
      --
      **TODO** [X] Steal someone elses sig.
    5. Re:Simple stuff like CSS by Anonymous Coward · · Score: 1, Insightful

      How does something patently and demonstrably false get modded +4 Insightful?

    6. Re:Simple stuff like CSS by Anonymous Coward · · Score: 1, Funny

      Because the mods are over-zealous anti-M$ Linux fanbois that not only wouldn't test IE8 out, but would automatically assume that not only does IE8 get a 0% on ALL the Acid tests, but is responsible for cancer, AIDS, and global warming?

    7. Re:Simple stuff like CSS by tepples · · Score: 1

      Auto margins failing to centre block elements is a hallmark of quirks mode, which means that you aren't using a doctype, which means that you are writing invalid code Is the doctype <!DOCTYPE html PUBLIC> invalid? Is the ISO HTML 2000 version doctype invalid? Is it considered invalid to put the XML prolog before the doctype of an XHTML document? Is it considered invalid to put an SGML comment before the doctype? Wikipedia says all of those situations will put some IE versions into quirks mode despite the presence of a doctype.
    8. Re:Simple stuff like CSS by Bogtha · · Score: 3, Interesting

      Is the doctype <!DOCTYPE html PUBLIC> invalid?

      Validity is a property of documents; a doctype declaration alone cannot be valid or invalid. But that code is incorrect, you've forgotten the public identifier. That code also puts other browsers into quirks mode.

      Is the ISO HTML 2000 version doctype invalid?

      There's more than one ISO HTML 2000 doctype declaration available. As for correctness, that depends on whether or not you screw the syntax up. But next to nobody uses that doctype anyway. Can you name a single HTML tutorial that mentions it? The OP wondered if he was reading the wrong tutorials, in my experience, it's common for tutorials to miss out doctypes altogether and unheard of for them to mention ISO-HTML at all. So we can reasonably eliminate that from consideration as well.

      Is it considered invalid to put the XML prolog before the doctype of an XHTML document?

      It is not invalid, but you shouldn't do so when serving it as text/html as it goes against the compatibility guidelines in the XHTML 1.0 specification, which RFC 2854 requires you to follow. Further, Internet Explorer hasn't chosen quirks mode for documents with XML prologues since version 6, so that's not the issue here either.

      Is it considered invalid to put an SGML comment before the doctype?

      There's nothing wrong with that, although again, it's not something tutorials teach. You can divide HTML tutorials into two different groups: one doesn't mention doctypes and the other says that the doctype must come first (or straight after the XML prologue).

      Wikipedia says all of those situations will put some IE versions into quirks mode despite the presence of a doctype.

      But "some IE versions" isn't relevant here, we are talking about version 8 in particular. Are you actually looking for an explanation for the problem, or are you just trying to find a way of blaming Microsoft? Doctype switching has been around for many years, all major browsers do it, and it's silly to blame Microsoft for auto margin centring not working when Internet Explorer has supported it for seven years.

      --
      Bogtha Bogtha Bogtha
    9. Re:Simple stuff like CSS by Anonymous Coward · · Score: 0

      But that code is incorrect, you've forgotten the public identifier.
      So I suppose the HTML5 standard itself is in error? After all, the proposed HTML5 doctype is simply <!DOCTYPE html>.

      There's nothing wrong with that, although again, it's not something tutorials teach.
      Given the absolute embarrassment that is HTML tutorials in general (though they're not quite as bad as Javascript tutorials, I'll give them that), I have to wonder what kind of answer that is to a question about whether something is invalid or should reasonably trigger quirks mode in a standards-based browser.
    10. Re:Simple stuff like CSS by Bogtha · · Score: 1

      So I suppose the HTML5 standard itself is in error?

      "The HTML5 standard"? No such thing. Not yet at least. So far only drafts exist.

      After all, the proposed HTML5 doctype is simply <!DOCTYPE html>.

      Yes, which is not what tepples posted. The doctype tepples posted included PUBLIC, indicating that a public identifier was coming up, and then failed to include it.

      And in the context of the discussion at hand, the HTML 5 doctype makes Internet Explorer 8 use its newest rendering engine, not quirks mode, so again, are you actually looking for an explanation for the problem, or are you just trying to moan about Microsoft?

      Given the absolute embarrassment that is HTML tutorials in general (though they're not quite as bad as Javascript tutorials, I'll give them that), I have to wonder what kind of answer that is to a question about whether something is invalid or should reasonably trigger quirks mode in a standards-based browser.

      Please read the thread for context. Cruciform was complaining that their code doesn't work in Internet Explorer 8 and wondered if they were reading the right tutorials. I responded that the symptoms he reports indicate that he's doing something wrong himself. Then tipples responded with edge cases that cause Internet Explorer to go into quirks mode even when a doctype is supplied. I responded that those cases either a) don't apply to Internet Explorer 8, b) are incorrect code, or c) aren't taught by tutorials, meaning none of them are at all likely to be causing Cruciform's problem and that the reasonable conclusion is in fact my original one, that he's doing something wrong himself.

      --
      Bogtha Bogtha Bogtha
    11. Re:Simple stuff like CSS by Cruciform · · Score: 1

      Heh, you know, that's probably it.
      I saw the article a short while back about them complaining that the doctype declaration that everyone uses generates pointless traffic to the site so I removed it.
      Like I said, I'm just an HTML noob. The interesting thing is that I've seen tons of sites declaring how to fix said quirks with javascript, and none have mentioned the doctype.

      You should have more than +2
      Thanks

  15. WTF? why is this on Slashdot? by xxdesmus · · Score: 0

    http://blogs.msdn.com/ie/archive/2008/03/05/why-isn-t-ie8-passing-acid2.aspx This has long since been addressed already.

  16. No, it does not. Security problem is their problem by porneL · · Score: 4, Interesting

    No, it does not pass.

    There is no cross-domain insecurity in <object> as defined by the HTML specification. There is a problem in IE8's broken implementation.

    If object can't be displayed, browser should ignore it. Ignored <object> isn't any more dangerous than <div>. In such case there's only one document, with one DOM, all within same domain.

    But apparently IE8 can't ignore undisplayable <object> properly, so they've hacked around the problem by spawning new IE8 instance that pretends to be a plug-in that handles the invalid <object> (an <iframe> effectively). And when you do stupid things like that, of course you've got a security problem!

    No Acid2-passing browser has any problems with displaying same-origin fallback to cross-domain object.

  17. Re:Yes, that's true. by bistromath007 · · Score: 1, Informative

    I 3 Firefox and all, but it's not standards compliant. Tried Acid 3?

  18. Re:Yes, that's true. by poetmatt · · Score: 1

    Umm, misinformation a bit?

    Acid3 was recently released so that people have new standards to meet. Nobody is 100% Acid3 compliant as of yet, and not everyone is Acid 2 compliant. This has been discussed to death in a million threads.

    Firefox is and will likely continually be one of the more compliant browsers, as opposed to IE, which will continually be one of the less compliant browsers. That's just how it is. Not "the best" or "the worst".

  19. Re:Yes, that's true. by Brian+Gordon · · Score: 0

    "more" compliant? Either you're compliant or you're not and neither Firefox nor IE are.

  20. just use firefox by rock3r · · Score: 0, Offtopic

    Well firefox is better don't matter. My blog http://scenewarez.blogspot.com/

    1. Re:just use firefox by liquiddark · · Score: 2, Informative

      Of course, 2.0.0.1.2 Firefox doesn't pass Acid2 either. So, not so much.

    2. Re:just use firefox by JohnBailey · · Score: 1

      Of course, 2.0.0.1.2 Firefox doesn't pass Acid2 either. So, not so much. It will be an old version in a few months when Firefox 3 comes out, and FF3 beta 4 passes Acid 2. I just tried it and it renders the whole thing perfectly.
      --
      It is difficult to get a man to understand something when his job depends on not understanding it.
    3. Re:just use firefox by SCPRedMage · · Score: 1

      Gee, you mean if we're comparing the latest beta version of Internet Explorer against Firefox, we should compare it to Firefox's latest beta?

      Madness!

      --
      My sig can beat up your sig.
    4. Re:just use firefox by liquiddark · · Score: 1

      If you're comparing anything based on beta versions you should just lube up and use your hand instead. It's meaningless until they're in wide usage and breaking things on a global basis.

  21. Does it matter if you Pass Acid 2? by Tazz_ben · · Score: 1

    I think the Acid 2 test is great in all as a way to test if a browser supports CSS well. But it seems as though IE is now targeted at Acid 2... What I mean by that is that, from the few days of playing with IE8 I've noticed a great deal of problems with some really basic CSS (like padding) when in "standards mode". Sites that function perfectly in all modern browsers fall apart in IE8 (Google Maps come to mind). And, it might be just me, but it seems as though the IE team worked very hard to pass Acid 2, not to build a browser that renders CSS correctly and as a result passes Acid2.

    --
    Developer of Heap CRM and Torch Project Management (WBP SYSTEMS)
    1. Re:Does it matter if you Pass Acid 2? by Tony+Hoyle · · Score: 1

      Passing acid2 is a measure of your ability to pass acid2.

      Opera has the same issue despite passing acis2.. Some sites that render just fine in IE and Firefox without modification break in Opera because it fails to implement some parts of CSS correctly that the others do right - and acid2 was no help in finding this issue (my wife showed me one ages ago, where she had a CSS laid out page, written 100% to standards and validated correctly, and it looked like crap on Opera because the CSS she was using wasn't implemented in it).

  22. Microsoft Has Lost The Race by Whuffo · · Score: 2, Insightful
    Microsoft continues to trumpet their excellence but their products don't preform as they claim. Look at Vista; piece of crap. Sure, they're selling a bunch of copies - mostly pre-installed copies on new computers and a few more from people who want the latest and greatest from Redmond. The majority of their market has decided to stay well away from Vista.

    Internet Explorer is losing ground to Firefox, so they come out with a new version and claim that it meets standards and works better. Nope, it's just more of their marketing spin.

    The real problem is that Microsoft has lost sight of the goal. They're supposed to be producing software that meets the needs and desires of their customers, but they're busily producing software that's only intended to further their goal of "world domination". Their marketing department is busy trying to make that pig look like a swan, but it's not working.

    Too bad that Linux distributions aren't quite "there" yet - close, but not yet. This is a golden opportunity for a real competitor...

    1. Re:Microsoft Has Lost The Race by Ilgaz · · Score: 2, Interesting

      They won the race long time ago. It is impossible to have windows with mshtml.dll (or web frameworks) removed. That was all the big deal. They weren't really caring about their end user, they were caring about even the most basic blog owner can't have peace without looking "If IE shows his page fine". There are companies who offers "test with IE" service to users did you know? For money!

      It is still impossible to have 100% (not 99%) perfect web experience for end user if he/she is not using Windows XP/Vista without IE. You will get stuck somewhere for sure. That is a win too.

      So, they can even pass Über Quantum Acid 1000 test, it won't matter to them. So, they clicked some switch to stop conspiring w3c standard sites and voila, it passes.

      You didn't actually believe MS of a small country size is really incompetent to code w3c standard browser yes? IE 5 for Macs (of its release date) supports more standards than any browser on market at that time.

  23. Re:Yes, that's true. by jack455 · · Score: 1

    That would be true in situations like horseshoes and hand grenades, but not here where mostly compliant is very good and not very compliant sucks and causes headaches. Where browsers like Firefox, Opera and Safari fail are largely (unfortunately not exclusively) obscure test cases that don't show up in the real world. I would like it to be that an even slight failure to meet the standards would set a browser apart from everyone else. But that just isn't true.

  24. Standards Test or Not? by d00m.wizard · · Score: 1

    Its just a bit strange to me to have Microsoft acknowledge the problem, yet be so nonchalant about the fact that its because objects are handled by Active X. Okay back up. Last I checked Active X isn't a standard. Its just so lame the fact that things may look like they render correctly or have engineers trying to make one test pass (though crookedly). Its not standards compliant. Nuff said.

    --
    * A world imprisoned screams with pain There are no leaders you can blame Your avarice destroyed your sphere And the
    1. Re:Standards Test or Not? by ashridah · · Score: 1

      You're right. Activex isn't a standard.

      *it's an implementation detail*

      It should also be noted that the security problem doesn't go away if activex is taken out of the picture. Whatever is implemented in it's place still has to be security checked. The difference being that it might be possible to sandbox the object renderer.

      The question that I want to know the answer to is "does the part of the standard this feature is attempting to test describe what the security implications should be?"

      If the answer is "No", then the people working on IE have every right (and infact, a duty) to look at this from a "More security = better" standpoint than "Make sure it works" standpoint.

  25. Re:Yes, that's true. by Bogtha · · Score: 4, Insightful

    Acid3 was recently released so that people have new standards to meet.

    Acid3 isn't a standard, it's a set of tests for specifications that have already existed for years. Acid3 didn't make Firefox less compliant, it merely pointed out ways in which Firefox was already non-compliant.

    --
    Bogtha Bogtha Bogtha
  26. Re:No, it does not. Security problem is their prob by Bogtha · · Score: 1

    If object can't be displayed, browser should ignore it.

    No, that's exactly wrong. If an <object> element can't be rendered, its content should be rendered instead.

    --
    Bogtha Bogtha Bogtha
  27. Re:Yes, that's true. by cheater512 · · Score: 3, Interesting

    If you go to the appropriate wikipedia page you will see a long list of CSS 2 and 3 features.
    Beside this list is all the major browsers and how they implement each feature (fully, partially, broken, not implemented, etc...).

    Voila! Partial compliance.

  28. It's a massive improvement... by marm · · Score: 4, Interesting

    ...even if it's a shame it's taken this long to get there. Pre-releases of Safari and Konqueror passed this almost exactly 3 years ago, and Opera's Presto engine wasn't far behind. The fact that Gecko has taken nearly as long to catch up as IE/Trident is disturbing, but they had their own self-inflicted issues to fix (XPCOM? ewww).

    All of this can only mean web developers sleep more soundly at night, and more real work gets done. The IE developers can give themselves a big pat on the back for achieving something useful that will make everyone's lives better, like they used to do with IE3 and 4 and initial CSS1 support. Shame the management decided to slack off on IE development so long. Microsoft: intelligent geeks, ruined by management.

    Now, on to Acid 3. IE8 is still clearly trailing everyone else by some distance and is probably going to play catchup for a while yet until they implement native SVG (think about the possibilities for Explorer and Office, that Apple, KDE and friends are just beginning to explore).

    As an aside, think how good MS Office might be if they had this level of competition due to having to implement a proper Open Document standard not specified by them. Everyone would get more work done, would be fitter, happier, healthier and better, and Microsoft would probably still have the lion's share of the market. OOXML needs to die now, for everyone's sake, including Microsoft's.

    1. Re:It's a massive improvement... by 99BottlesOfBeerInMyF · · Score: 2, Informative

      Now, on to Acid 3. IE8 is still clearly trailing everyone else by some distance and is probably going to play catchup for a while yet until they implement native SVG...

      The Webkit nightly is up to 95/100 on Acid 3. Anyone run Gecko nightly lately?

    2. Re:It's a massive improvement... by Bodero · · Score: 1, Insightful

      As an aside, think how good MS Office might be if they had this level of competition due to having to implement a proper Open Document standard not specified by them. Everyone would get more work done, would be fitter, happier, healthier and better, and Microsoft would probably still have the lion's share of the market.


      What the fuck? Yeah, I know I'd gain at least 3 hours per week in productivity if Office used a standard XML format than its current implementation.

      ...Where do people come up with this stuff?

    3. Re:It's a massive improvement... by marm · · Score: 1

      My rather obvious point (that I thought everyone would understand) being that if everyone used a standard format, then there'd be proper competition, and that would make MS Office better. Forest, trees, spot the difference?

    4. Re:It's a massive improvement... by Bodero · · Score: 1

      Still don't get it. You already can export into a standard format (RTF or any other formatted filetype). Now if competition actually existed that rivaled Office, that would make Office better. But how does a file format do that?

    5. Re:It's a massive improvement... by marm · · Score: 3, Insightful

      Because the file format limitations are what (at least as far as I can see) are what keep the competitors from being viable alternatives.

      I'm an IT manager by trade. I don't care who provides my company with software or what platform it runs on, as long as the business I provide IT for benefits from it and it is cost-effective, ideally giving me an advantage over my company's own competitors. The changes in UI between MS Office XP (which they're mostly using now), 2003 and especially 2007 are big enough that I have to retrain my users to use them, and frankly the cost of training my users to use 2007 is enough that I've been seriously considering moving them to OpenOffice.org.

      However, the lack of a properly standardized file format prevents me from doing that. I have experimented with OOo with some of my users, and the biggest complaint (once I have trained them up a bit in OOo) I have is that .doc documents they are sent frequently don't look or print right, or they don't look right on the receiving end. If they can cope with that, I have found OOo gives me fewer support calls, primarily because the text rendering engine in OO Writer is more predictable than that in MS Word. Every few days I have to send someone to look at a user's Word document because the formatting does not work as they expect, particularly if the document contains columns or per-paragraph margins. In OO writer, those same documents behave exactly as expected. I can't understand how MS Word has got it wrong for so long - the bugs I see in Office XP are exactly the same in 2007. OO.org does it right, MS Word doesn't, and the only reason I can't reduce those support calls is that my users expect to be able to import and export external documents perfectly each time. There are similar issues with OO Calc vs. Excel also, particularly with regards to external data sources that Excel seems to forget about with no rhyme or reason, but which OO Calc gets right all the time, every time.

      I know from experience with KOffice that I get better import - pretty much spot-on for the fairly complex documents my users create - from that into OO.org as ODF than I do Word documents into OO.org, so there must be something good about having a properly standardized file format. My conclusion therefore is that if MS Office had to support ODF, then MS would be forced to fix the bugs in Word and Excel rather than rely on their proprietary file format to keep competitors out and ignore the problems.

      This is a similar situation with IE8 finally fixing long-standing bugs in order to pass the Acid 2 test, which is only possible by HTML and CSS being properly standardized.

    6. Re:It's a massive improvement... by marm · · Score: 1

      I should probably add, having got slightly carried away with my last reply, that RTF doesn't come anywhere close to providing good enough fidelity - for the documents I have tried - between different word processors, I suspect because it's specified by one entity (Microsoft) and everyone else has to play catch-up. HTML and CSS, on the other hand are specified by a group of people all interested in the same outcome - interoperability. RTF also has no bearing on spreadsheet interop...

      OOXML will probably have exactly the same issues as RTF, because it's specified in the same way.

    7. Re:It's a massive improvement... by fat_mike · · Score: 1

      I'm an IT manager by trade. I don't care who provides my company with software or what platform it runs on, as long as the business I provide IT for benefits from it and it is cost-effective, ideally giving me an advantage over my company's own competitors. The changes in UI between MS Office XP (which they're mostly using now), 2003 and especially 2007 are big enough that I have to retrain my users to use them, and frankly the cost of training my users to use 2007 is enough that I've been seriously considering moving them to OpenOffice.org.
      Obviously not a very good IT manager by your post.

      1. Its a good thing you don't care what your company uses and have no interest in the decision, I mean as a manager and stuff.
      2. Um, how is the standard business application going to give you an advantage over competitors.
      3. So, you're willing to spend the money on an Office upgrade but won't because the user interfaces are so different and don't want to spend the money to retrain your employees so you'll switch to an entirely different program that of course because its free you won't have to spend any money training your employees.

      Did that last one make sense? No, kind of like how Microsoft bashing posts get 3 insightful. Cult of Apple...screw that..Cult of Slashdot.
    8. Re:It's a massive improvement... by marm · · Score: 1

      1. I use whatever provides the best return on investment, reduces my support load, is acceptable to my users, but most importantly gets the job done. Frequently, that's something written by Microsoft, but increasingly, it's not. It used to be that people bought Microsoft because it was supportable - you could get people to look after it much cheaper than anything else. I see a lot of entry-level CS graduates with plenty of open source experience now though, and the up-front software price is hard to beat - notwithstanding my own experience and preferences. People are also much more comfortable these days with web apps and hosted services, hence I've been looking at replacing Exchange and Outlook with e.g. the corporate Google Mail and Calendaring services. Almost every one of my users has a personal Hotmail, Yahoo or Google mail account that they're very happy using - many of them prefer it to Outlook for email.

      2. If people can get their work done more quickly and with less fuss, the company can do more with the same number of people. That's surely an advantage over competitors who haven't tried to improve their productivity.

      3. It will cost somewhat less to move to OO.org rather than MS Office 2007, by my estimates: the amount of training required is about the same, and the up-front cost of OOo is obviously less. So far it seems I might be able to use fewer support resources once people are comfortable with it. However, I can't really move to OOo because of the file format issues, even though it's getting better with each release of OOo and the (hopefully) gradual acceptance of ODF as a format.

    9. Re:It's a massive improvement... by Ilgaz · · Score: 1

      They basically did something like ./configure --enable-w3c

      After Opera ASA from Norway, that little company has taken them to court to SUPPORT WEB STANDARDS. That happened while everyone joking with them. I am sure they are still being joked at.

      http://yro.slashdot.org/article.pl?sid=07/12/13/1524233

      Hard to prove? Of course, it is closed source, nobody knows what IE8.zip source code contains. I just say you can't simply code w3c standard compliant code from a non standards supporting/ conspiring code over 3-4 months. People give their years to make sure all standards supported. If you could code magical w3c compliant browser in matter of months, AOL/Early Mozilla would do it with Netscape source code and wouldn't live that hassle for years.

    10. Re:It's a massive improvement... by Anonymous Coward · · Score: 0

      That must be one of the worst answers ever. You clearly didn't (want to) understand very much of what he said.

    11. Re:It's a massive improvement... by ncryptd · · Score: 1

      Everyone would get more work done, would be fitter, happier Not to mention more productive, comfortable, and not drinking too much.
    12. Re:It's a massive improvement... by Blakey+Rat · · Score: 1

      Except Office, using their horrible nasty proprietary file formats that give Slashdotters nightmares, is already better than all of the competition. Unless you know about some competing product I'm not aware of. Office is good because it has decades of development behind it, because Microsoft surveys their users and does on-site tests to find out what works and what doesn't (thus the new UI in 2007), and because Microsoft hires very smart people to design the features (for example, the statistical features in Excel that are unmatched in any other spreadsheet program.)

      What makes you think that opening up file formats of all things would suddenly make 50 competitors to Office appear out of the woodwork and put pressure on Microsoft?

      --
      Comment of the year
    13. Re:It's a massive improvement... by Blakey+Rat · · Score: 1

      The changes in UI between MS Office XP (which they're mostly using now), 2003 and especially 2007 are big enough that I have to retrain my users to use them, and frankly the cost of training my users to use 2007 is enough that I've been seriously considering moving them to OpenOffice.org.

      I'm calling bunk on that for two reasons:
      1) Office 2003 was virtually identical to Office 2000. Cost of retraining: $0.
      2) Office 2007's UI is a better interface among every single Office user I've talked to. And that's in a company that has no training on Office at all. Of course determining this involves getting out of your little IT Manager office and actually talking to your users... why not try a pilot program with a couple secretaries and see how it works out?

      I think the real reason is one of:
      * You really, really hate Microsoft
      * You're cheap and don't want to pay for upgrades.

      Those are fine reasons, but at least don't delude yourself into thinking you're doing your users some kind of favor by keeping them on Office 2000. Tell your accounting department that Office 2007 supports a million rows in Excel and they'll be knocking down your door.

      And BTW, if you move your users to OpenOffice, they'll hate you. It has crappy Track Changes support and Mail Merge, it has no "Normal View" for typing documents, it fucks up the Word Count feature in languages other than English, it won't run any of the VBA scripts they've built up over the years, and that's ignoring the horrible performance issues.

      And also BTW, there isn't a standard file format because none of the formats proposed for standardization, except Microsoft's own, actually support all the features of Word. Joel On Software covered this recently: http://www.joelonsoftware.com/items/2008/02/19.html ... to be able to read Office files 100% correctly, your program needs to support every feature Office has and every feature Office *had* in the past. That's millions of man-hours worth of coding, and right now there's pretty much only one product that can claim that kind of feature-parity: Office.

      Are you seriously an IT Manager? Do you make your users jobs easier or harder?

      --
      Comment of the year
    14. Re:It's a massive improvement... by BenoitRen · · Score: 1

      The fact that Gecko has taken nearly as long to catch up as IE/Trident is disturbing, but they had their own self-inflicted issues to fix (XPCOM? ewww).

      Oh come on. It's just a test. It does note indicate overall standards compliance. Gecko is quite good at that. For instance, it's still the only web browser to implement the CSS2 :last-child pseudo-selector.

  29. The reason. by Tokerat · · Score: 4, Funny

    IEBlog article:

    To maintain compatibility and be secure by default we didn't want to invoke fallback either, as original web authors might not have intended this behavior. As we all know, developers (developers, developers, developers) NEVER intend for a fallback resource to be utilized when primary resources fail. Microsoft has once again taken the initiative to embrace the developer community as a loving parent and save us from our own incompetent, foolish selves.

    "What does 'It's not a bug, it's a feature' mean, daddy?"

    "I'll tell you when you're older."
    --
    CAn'T CompreHend SARcaSm?
    1. Re:The reason. by Anonymous Coward · · Score: 0

      Umm, you do know that web authors aren't "developers", right?

    2. Re:The reason. by Anonymous Coward · · Score: 0

      Umm, you do know that web authors aren't "developers", right? Not true, perhaps you have active content, then you're a scripter.

      Maybe you also developed a backend in Java or (if you're a real man) C. Now you're a developer. In fact, if your code serves up HTML content, you've technically just written a "web author". I'd be willing to stand behind that statement, as many humans who can only write HTML don't pass a Turing test, either :\
  30. Other object types by RalphSleigh · · Score: 3, Interesting

    One must ask, does IE 8 only fail on cross site objects of type text/html, or are other cross site objects affected? (e.g. flash, embedded youtube videos, quicktime, etc)...

    --
    Come as you are, do what you must, be who you will.
  31. Re:Yes, that's true. by quantumplacet · · Score: 1

    Aren't horeshoes and hand grenades two situations where close does count (as you're attempting to claim browser compliance is as well)?

  32. Re:Yes, that's true. by NickCatal · · Score: 2, Informative

    Actually, the nightly build of WebKit (OS X) is already at 95/100. The latest Safari isn't nearly as high.

    Not like it matters. By the time anyone trys something that is in the ACID3 test there will be an ACID4 that nobody can get to 100 with

    --
    -nick
  33. Lay off by vegitto · · Score: 1

    In terms of web standards I think IE8 has moved dramatically forward, and its a great thing to see. The biggest issue with IE8 which I am surprised no one has mentioned, is the performance. My PC (AMD XP1600+, ATI x700 and 1.4gb of ram), STRUGGLES to render anything! For example, if I go to slashdot, the menu on the left chugs and chugs and has huge delays in when the containers register hover effects. And don't even get me started on scrolling.

    1. Re:Lay off by XNine · · Score: 2, Funny

      E8 has moved dramatically forward, and its a great thing to see. The biggest issue with IE8 which I am surprised no one has mentioned, is the performance. My PC (AMD XP1600+, ATI x700 and 1.4gb of ram), STRUGGLES Err... and STRUGGLING is a dramatic improvement? Damn, no wonder watching youtube is like watching paint dry. Who'da thunkit?
      --
      Never monkey with another monkey's monkey.
  34. Reverse yellow boxes.... by AstroPHX · · Score: 2, Informative

    All ACID tests are attempts at benchmarking the ability of a browser to apply standards (W3C standards, to be specific) correctly. Unless your browser showed you the image exactly as it appears here http://acid3.acidtests.org/reference.html, your browser did not pass the ACID3 test.

    I do not see any "'t's in reversed yellow boxes" in the reference document, so I am going to go out on a limb and suggest your browser does not pass the ACID3 test.

    1. Re:Reverse yellow boxes.... by argiedot · · Score: 1

      That's because you didn't link to the test itself. That action page, it seems to have a highlight on every t on Firefox 2.

    2. Re:Reverse yellow boxes.... by Silvrmane · · Score: 1

      Yes, and also in Safari (Windows) as well. Weird.

      --
      planet texture maps and more
  35. Re:I smell bullshit at the IE blog... meanwhile... by Anonymous Coward · · Score: 0

    Meanwhile Acid3 test anyone? lol!
    Safari 3.1 got to 75 (out of 100?) on my 733mhz G4 Mac, better than the 25 3.0 got

  36. Safari 3.1 fails Acid2 by asa · · Score: 1

    Reload the page and watch Safari 3.1 fail on Windows and Mac.

    1. Re:Safari 3.1 fails Acid2 by Val314 · · Score: 1

      or try the Acid2 (no Data) Test from http://hixie.ch/tests/evil/acid/002-no-data/ that will fail as well.

      (the Bug is http://bugs.webkit.org/show_bug.cgi?id=4911 )

  37. Who cares? by GNUPublicLicense · · Score: 0

    Indeed, it's not even open source. And everybody knows they copied gecko/webkit/... code out there.

    1. Re:Who cares? by meson2439 · · Score: 2, Interesting

      Opera already passes all the ACID test :)
      It renders fast and has a lot of fun features to play with. I'm already addicted to the mouse gestures up to the point the normal clicking i do with windows feels boring. I wonder if there is any OS that offers mouse gestures??

    2. Re:Who cares? by GNUPublicLicense · · Score: 0

      ? Here the subject is the ugly browser from the borg collective. And opera is proprietary too, then I don't even look at it.

  38. How does the link work? by Anonymous Coward · · Score: 0

    possibly a newbie HTML question but, when you go to http://www.webstandards.org/files/acid2/test.html it shows one bit of text, and when you go to http://www.webstandards.org/files/acid2/test.html#top it shows another. How did they do that? I can't figure it out.

    1. Re:How does the link work? by majmunsograne · · Score: 1

      Simply, the test part has a big top margin which puts it down below the screen edge, and scrollbars are "disabled" by overflow:hidden. Try a couple of Page Downs on the first page, you should be able to scroll down to test part that way.

  39. Re:Yes, that's true. by kapoios · · Score: 1

    rtfm.
    The Acid3 test is a NEW test that uses/tests the NEW feature that the CSS3 intoduces.
    CSS3 intoduces many changes, that right now, non existent browser has implemented, so it is obviously that all current browser will fail. So, dont cry for your poor browser, firefox.
    Btw, for some reason, it seems that opera can handdle better the Acid3 test. The animation reach the 46/100, and the appearence looks really close to the reference (in comparison with firefox).

  40. Re:Can anyone explain why? by Ilgaz · · Score: 1

    Some of us, subscribers seeing the "story in future" alerted Slashdot about it (msdn link) before it made to front page. As you can see from some comments, people (who knows to develop) aren't so satisfied from MS explanation so it could be the right thing that story wasn't pulled.

  41. Re:Yes, that's true. by Bogtha · · Score: 4, Informative

    The Acid3 test is a NEW test that uses/tests the NEW feature that the CSS3 intoduces.

    Let's do exactly what you suggest, and "RTFM". From the Acid3 page at webstandards.org, with links to the specifications and dates added by me:

    Here is the list of specifications tested:

    As you can see, the majority of the Acid3 test is comprised of behaviour described in specifications published years ago, with a substantial portion of them over five years old and some over a decade old.

    CSS3 intoduces many changes,

    Actually, CSS 3 is not a single specification, but a group of

    --
    Bogtha Bogtha Bogtha
  42. Re:No, it does not. Security problem is their prob by porneL · · Score: 1

    That's what I had in mind - ignore the tag, but not its content.

  43. Re:Yes, that's true. by kapoios · · Score: 1

    Nice work with the dates. Just to give one more hint, most of these specifications are in "Candidate Recommendation" state, and not yet in "Web Standard".

  44. Re:Yes, that's true. by Bogtha · · Score: 1

    most of these specifications are in "Candidate Recommendation" state, and not yet in "Web Standard".

    I'm sorry, that's not true either. I count eleven Recommendations, one ECMA standard, five Candidate Recommendations and two RFCs.

    Candidate Recommendation is the stage when browsers are supposed to implement them. They don't reach final Recommendation status ("Web Standard") until after there are two interoperable implementations.

    So of the nineteen specifications listed, over half have final Recommendation status and all have reached the stage where they should be implemented. So again, the Acid3 test is primarily a test of things browsers should have had years ago.

    --
    Bogtha Bogtha Bogtha
  45. Re:Yes, that's true. by Bogtha · · Score: 1

    You know, I needn't have gone to the bother of checking the dates. Here it is, straight from Ian Hickson's weblog:

    The behaviour expected by the test must be justifiable using only standards that were in the Candidate Recommendation stage or better in 2004.

    Here's another quote to confirm it after the Acid3 test was finished:

    the Acid3 test only tests stuff that was in finished specs in 2004 or earlier.

    Acid3 was designed to only test behaviour that browser vendors have had at least three years to implement, straight from the horse's mouth. It's not new stuff.

    --
    Bogtha Bogtha Bogtha
  46. Re:Bashing by freitasm · · Score: 1

    So this was moderated Flamebait? Why? Because you can't accept the original post is misinformed, late and is not reflecting reality?

  47. Re:Yes, that's true. by jack455 · · Score: 1

    I think I meant to type "pool and sniper rifles".

    Seriously, maybe this will teach me not to use cliched analogies in situations where they are clearly unnecessary anyway.