Hotmail is sending bad HTML to Safari. If you enable the develop menu (in advanced preferences) and go to hotmail using Firefox's user agent then everything works fine.
Heh, that's funny. I like the part about the tricycle.
Unfortunately, your post is completely void of any actual content to respond to so let me just say this. Sometimes you don't want to be stuck with the space shuttle - its old 70s technology that is being retired.
Turns out you actually get more when you dump the old crufty architecture and start with a clean slate:
Mobile support Safari has a code base that is small and fast enough to be used in Apple's iPhone, Google's Android and Nokia's S60 series phones. Nokia funded Minmo for years and realized that they couldn't get the bloat out of Gecko and moved to WebKit. Google is a huge supporter of Firefox and I'm sure they had some strong technical reasons for doing so.
Don't get me wrong Firefox has some great stuff too. I think its great to have as many people pushing for an open web as we can get. If you want to actually have a conversation with like, content, and stuff I'd love to hear why you're such a Firefox fan.
Till then I'm going to be having fun on my tricycle. Be careful on that 'ol shuttle.
If you care about security, speed and ease of use shouldn't you be running Safari? I always thought that the advantage of Firefox was its extensions model (which seems to be part of the reason for FF's memory and stability issues). Especially now that the new 3.0.4 release of Safari on Windows seems to fix the issues in the first Windows Beta.
Security According to Secunia, the Safari team seems to be doing a much better job than Firefox. Safari didn't have any highly critical or moderately critical issues reported, Firefox had 8. Safari has a total of 3 less or not critical issues still to be resolved. Firefox has a total of 4 less or not critical issues still to be resolved.
The Firefox team wins on the number of security issues fixed but only becasuse they had more security issues in the first place.
Firefox - 6 Highly critical issues had been found (6 fixed) Safari - 0 Highly critical issues have been found
Firefox - 2 Moderately critical issues had been found (2 fixed) Safari - 0 Moderately critical issues have been found
Firefox - 6 Less critical issues had been found (3 fixed) Safari - 3 Less critical issues have been found (2 fixed)
Firefox - 3 Not critical issues had been found (1 fixed) Safari - 3 Not critical issues have been found (1 fixed)
Speed Apple claims that Safari's HTML rendering is 1.7x faster than FF and their JavaScript is 2.4x faster on Windows. On the Mac the difference is even greater - 3.1x and 2.7x.
There are many ways to measure performance and that the results will vary on each but I have yet to see anyone show a benchmark where Firefox is faster than Safari. I've seen unscientific tests where someone with a blog and a stopwatch makes claims down to the hundredth of a second based on a tiny sample set, the variability of the live Internet, and a handpicked site or two to make their point but that doesn't have the same credibility to me as a benchmark developed by an independent 3rd party.
Apple is the only company I've seen actually put up numbers, their testing configuration and the details about their benchmark. i-Bench was developed by Ziff Davis labs and was used regularly to compare IE and Netscape in PC Mag during the first browser wars. I had never heard lots of complaints about the benchmark until it was being used to show the Firefox was slow. The attacks would sound more genuine if the attackers would offer up a better alternative.
Ease of use This is what Apple products are all about. They might not have all of the advanced features of Firefox and IE but they excel at simple, easy-to-use interfaces.
-cj
iChat can do 10-way audio using a G3
on
AMD Subpoenas Skype
·
· Score: 5, Interesting
If Skype really needs extra horsepower for a 10-way audio conference it is impressively lame.
I understand the real time encoding and decoding required for multiperson video is processor intensive but audio streams should be pretty light weight. iChat AV can support 10-way audio conferencing using the now ancient G3 processor. http://www.apple.com/ichat/
I'm heading marketing and strategy at Nokia for Series 60's new mobile browser that will be built upon WebCore/KHTML and JavaScriptCore/KJS. I am writing you this email to thank you for having built the Konqueror and Safari browser with the two components WebCore/KHTML and JavaScriptCore/KJS. I would like to introduce myself and some members from our core development team, and explain why we at Nokia have selected your code base for our future Series 60 mobile browser. I also hope that this will start a mutual dialogue among us that will support all of our projects in the future.
Not all of you might be familiar with Series 60. Series 60 is a smart phone software platform developed by Nokia, which enables feature rich applications on mobile devices. Series 60 is based on the Symbian OS and is written in C++. More information can be found from http://www.forum.nokia.com/ and http://www.series60.com/.
I copied some of our core development team members on this email so you have their names and contact information. Antti Koivisto, whom you might know already, is one of the co-authors of KHTML and has been working for Nokia Research Center for the past few years and recently joined our mobile browser development team in Boston. David Carson and Deepika Chauhan are two of the original developers of the Nokia mobile browser. Zalan Bujtas, Prabhakar Marnadi, Yongjun Zhang and Sachin Padma have been working with mobile browsers for some years at Nokia in Helsinki and Boston. Keith Hollis has several years experience working with mobile browsers and has recently joined our team in Boston, earlier he was the principal person leading the port of the Opera web browser to the Symbian OS at Opera Software. Guido Grassel, Kimmo Kinnunen and Andrei Popescu are working at our Nokia Research Center in Helsinki (http://www.nokia.com/research/) where we have built the GTK port of Apple's WebCore that we released last year - http://gtk-webcore.sourceforge.net/.
The high performance, low memory consumption and small code footprint of KHTML and KJS make these components ideal for resource-constrained mobile devices. Clean architecture and good design create a good base for future development of mobile features. In addition, Web compliance was another important criteria for us. Congratulations to the KDE Konqueror developer team for building such a great browser.
Big thanks at this point also go to the Apple Safari team that has tremendously improved KHTML and KJS in many areas, in particular in Web compliance and performance. WebCore and JavaScriptCore also offer a cleaner separation to the underlying operating system. For these reasons we at Nokia chose WebCore and JavaScriptCore as the code base for our Series 60 mobile browser.
Our plan is that the new Series 60 mobile browser will be available as a standard Series 60 application during the first half of 2006.
We at Nokia are excited to use WebCore/KHTML and JavaScriptCore/KJS for our future Series 60 mobile browser. I hope that we can start a dialogue with your community and the Apple Safari team on how to "mobilize" WebCore/KHTML and JavaScriptCore/KJS to create the best Web browser based on open-source components for mobile devices.
Best regards,
Roland Geisler Head of Marketing & Strategy, Series 60 Browser Nok
"This is nothing but a childish spat between 2 diffrent groups of developers."
This may be a childish spat but I wouldn't say it was between KHTML and Apple. Apple hasn't said anything against KHTML, Open Source, or this individual developer. They chose to stay out of this issue and didn't comment on the article.
I also wouldn't drag KHTML into this. This is all about one individual KHTML developer.
If this is a spat between anyone its a spat between CNET looking to drive clicks to their site and make some ad revenue and slashdotters like myself who have too much time on their hands.:-)
Re:Its only the bad things we head about?
on
Safari vs. KHTML
·
· Score: 3, Informative
The article quotes from an email that an Apple engineer sent to the KHTML engineers.
"One thing you may want to consider eventually is back-porting (WebCore) to work on top of (KDE), and merging your changes into that," Apple engineer Maciej Stachowiak wrote in an e-mail dated May 5. "I think the Apple trees have seen a lot more change since the two trees diverged, although both have useful changes. We'd be open to making our tree multi-platform."
It sounds like Apple at least has been communicating with the KHTML guys to see how the situation can be improved. I think Apple deserves a lot of credit for being based on open source and working to see how they can increase cooperation. While they may not be as open as everyone likes they are supporting open source, which is much more than I can say for most big software companies.
I wonder how much of this article represents the view of one KHTML developer instead of the view of the larger KHTML team.
The short answer is that no browser currently passes the Acid2 test. I'm pretty sure the Firefox team is working on it. I know the Safari team is working on it as their progress is being talked about on David Hyatt's blog: http://weblogs.mozillazine.org/hyatt/
This seems like a much better short-term solution than other browsers have come up with. Apple managed to keep International Domain Name support for most of their customers (particularly in countries like Japan and China where they are starting to be widely used) and address the security issue.
I'm not sure what the right long-term solution is. Its not ideal to have to turn off support for Cherokee, Cyrillic and Greek. It seems like the domain registrars need to take some of the responsibility.
There is an IETF standard, XMPP. And as it is rather extensible, I'm sure it can do whatever AOL thinks they want to make their protocol do.
The problem is, other than Jabber, nobody (AFAIK) has implemented it.
The next version of iChat AV, Apple's IM/Video Conferencing Application will feature XMPP/Jabber Interoperability. They have been using it for iChat to iChat communications for a while and now have fully implemented the standard and are opening up to 3rd party implementations.
You're right. I did misunderstand the specific topic that the weblog entry was talking about. Having just read about the Safari fix I had assumed they were the same thing.
I still find it distateful that a security expert would accept a potentially dangerous situation by trying to educate users (and expect users to know) that the status bar isn't to be trusted. Something you seem to agree with.
It's possible that the average user has even more clueless than I estimate but that would only strengthen my arguement that browser manufacturers should go out of their way to protect the user.
If something that was originally intendend to be a feature ends up a security risk and does not actually provide user benefit then that "feature" should be gotten rid of.
I'm not arguing that we get rid of Linux or other things of value. I'm not claiming that we should all unplug from the net and hide in a closet.
I can't seem to access the vulnerability report, but it doesn't sound like the same thing to me at all. Virtually every browser allows you to set the status bar text with Javascript. If you don't like that, you can switch client-side scripting off, or that particular feature in some browsers. The Safari hole sounds like websites can do this without any client-side scripting at all.
Not true. Check out the Secunia test case below with IE, FireFox, and Safari. Only IE is vulnerable. FireFox and Safari do not allow the website to spoof the URL in the status field.
To the average user, there is a world of diference between what is displayed as part of the browser UI and the contents of a web page.
When I go to nytimes.com it is clear to me and the average user that the browser vendor is not responsible for the content of the page.
However, the average user does not expect that the web page has direct control over the browsers UI. When the browser puts up a lock icon indicating that the page is secure, we hold the browser responsible for making sure the page is acutally secure. We expect the URL field to show us where we actually are (and not what the web site wants to display). The same is true for the URLs being displayed in the status bar.
You are wrong to say that this is a feature of every major browser. Mozilla protects against this. FireFox protects against this. Safari protects against this. I'm not sure about other browsers.
This may not be the most dire or malicous security hole ever but it is a security hole. Users could think that they were going to a site that they trust but get taken to a site filled with spyware, pop-up windows, porn, whatever. Or they could think that they are going to their financial institution only to be taken to a site that is made to look like their financial institution. If the user doesn't check the URL field w every new page they go to they might input their user name and password into a malicous site.
Security is a important topic and security experts should be biased to protect users security not to protect "functionality" with dubious benefits. (I bet you can't find a single major site that uses this "functionality" and I don't know why the site can't display whatever message it needs to display within the browser window).
In case you are interested, here is the test for the vulnerability from secunia: http://secunia.com/internet_explorer_add ress_bar_s poofing_test/
Apple fixed a URL spoofing vulnerability in Safari with this release. (The URL shown in the status bar when you click on a link was not necessarily where you were going to be taken)
Just today, a MSFT IE secutity tester posted an entry on the IE Blog that dismisses the vulnerabilty. He feels that allowing web sites to display arbitrary text on the status bar is a feature and that users need to learn that they can only trust the address bar URL field, and the lock icon in the status bar. IE users need to know that "the status bar text is not helpful in making trust decisions."
I'm amazed that is the mindset of an security tester and even more amazed that he feels comfortable posting that viewpoint publicly on the IE blog. No wonder they have so many security problems!
Here is the link to the blog: http://blogs.msdn.com/ie/archive/2004/12/03 /274330.aspx
If Tiger goes on sale this year, it would mark the company's fifth version of Mac OS X in five years. In the same period, Microsoft has released one major version of Windows--XP--along with various updates. Longhorn, the next major release of Windows, is not expected until the middle of 2006, at the earliest.
Sounds like its time to short SCOX. I figure CNET and other major publications will probably have stories about this tomorrow, this is sure to have a negative impact on the companies stock price.
I'm really excited about Panther. The finder screen shots make it look like they have really gotten file navigation right. Previous iterations were too geeky, exposing the average user to/Library,/System, and/Users when most people just want to get to their documents and applications.
Expose is a great example of the combination of Apple's design sense and what you can do with the Quartz compositing engine. Windows scale down so you can see all of your open windows, or all of the documents in an application. I don't think its even technically possible to do that on windows because they lack an alpha channel.
I've used iChat AV and it is soooo much better than windows messenger. Unlike messenger, which forces me to a single postage-stamp sized video window, I can scale my video to any size and even go full screen. Audio conferencing seems to be pretty clear and will be great for when I'm on dial-up or talking to someone w/o a camera.
The browser wars are over? They are just starting to get interesting again. Safari for the Mac is one of the fastest and innovative browsers on the market. The Mozilla browsers continue to spawn lots of innovations and now seem focused on ease of use and performance. Things are just starting to get interesting again.
The big news in this article is that MSFT might be successfully pushing windows media player into the AOL empire. *shudder*
Also frightening, this deal gives AOL seven years to use IE royalty free - hopefully AOL continues to look towards a gecko based browser for their legions of users.
Slashdot Mirror
Hotmail is sending bad HTML to Safari. If you enable the develop menu (in advanced preferences) and go to hotmail using Firefox's user agent then everything works fine.
Check out
http://www.apple.com/safari/welcome
All done using HTML 5 and CSS 3
Heh, that's funny. I like the part about the tricycle.
Unfortunately, your post is completely void of any actual content to respond to so let me just say this. Sometimes you don't want to be stuck with the space shuttle - its old 70s technology that is being retired.
Turns out you actually get more when you dump the old crufty architecture and start with a clean slate:
Acid 2 support (back in April 2005)
http://en.wikipedia.org/wiki/Acid2
Mobile support
Safari has a code base that is small and fast enough to be used in Apple's iPhone, Google's Android and Nokia's S60 series phones.
Nokia funded Minmo for years and realized that they couldn't get the bloat out of Gecko and moved to WebKit. Google is a huge supporter of Firefox and I'm sure they had some strong technical reasons for doing so.
CSS3 support that Firefox should be jealous of:
http://ajaxian.com/archives/safari-3-and-css-3
HTML5 Client-side Database storage with SQL
http://webkit.org/blog/126/webkit-does-html5-client-side-database-storage/
HTML5 Media support
http://webkit.org/blog/140/html5-media-support/
CSS Animation
http://webkit.org/blog/138/css-animation/
CSS Transforms
http://webkit.org/blog/130/css-transforms/
There is lots more info over at http://webkit.org/ and http://webkit.org/blog/ the website for Safari's open source engine.
Don't get me wrong Firefox has some great stuff too. I think its great to have as many people pushing for an open web as we can get. If you want to actually have a conversation with like, content, and stuff I'd love to hear why you're such a Firefox fan.
Till then I'm going to be having fun on my tricycle. Be careful on that 'ol shuttle.
-cj
If you care about security, speed and ease of use shouldn't you be running Safari? I always thought that the advantage of Firefox was its extensions model (which seems to be part of the reason for FF's memory and stability issues). Especially now that the new 3.0.4 release of Safari on Windows seems to fix the issues in the first Windows Beta.
Security
According to Secunia, the Safari team seems to be doing a much better job than Firefox. Safari didn't have any highly critical or moderately critical issues reported, Firefox had 8. Safari has a total of 3 less or not critical issues still to be resolved. Firefox has a total of 4 less or not critical issues still to be resolved.
The Firefox team wins on the number of security issues fixed but only becasuse they had more security issues in the first place.
http://secunia.com/product/12434/?task=advisories
http://secunia.com/product/5289/?task=advisories
Firefox - 6 Highly critical issues had been found (6 fixed)
Safari - 0 Highly critical issues have been found
Firefox - 2 Moderately critical issues had been found (2 fixed)
Safari - 0 Moderately critical issues have been found
Firefox - 6 Less critical issues had been found (3 fixed)
Safari - 3 Less critical issues have been found (2 fixed)
Firefox - 3 Not critical issues had been found (1 fixed)
Safari - 3 Not critical issues have been found (1 fixed)
Speed
Apple claims that Safari's HTML rendering is 1.7x faster than FF and their JavaScript is 2.4x faster on Windows. On the Mac the difference is even greater - 3.1x and 2.7x.
There are many ways to measure performance and that the results will vary on each but I have yet to see anyone show a benchmark where Firefox is faster than Safari. I've seen unscientific tests where someone with a blog and a stopwatch makes claims down to the hundredth of a second based on a tiny sample set, the variability of the live Internet, and a handpicked site or two to make their point but that doesn't have the same credibility to me as a benchmark developed by an independent 3rd party.
Apple is the only company I've seen actually put up numbers, their testing configuration and the details about their benchmark. i-Bench was developed by Ziff Davis labs and was used regularly to compare IE and Netscape in PC Mag during the first browser wars. I had never heard lots of complaints about the benchmark until it was being used to show the Firefox was slow. The attacks would sound more genuine if the attackers would offer up a better alternative.
http://www.apple.com/safari/
http://www.apple.com/macosx/features/safari.html
Ease of use
This is what Apple products are all about. They might not have all of the advanced features of Firefox and IE but they excel at simple, easy-to-use interfaces.
-cj
If Skype really needs extra horsepower for a 10-way audio conference it is impressively lame.
I understand the real time encoding and decoding required for multiperson video is processor intensive but audio streams should be pretty light weight. iChat AV can support 10-way audio conferencing using the now ancient G3 processor. http://www.apple.com/ichat/
Here is an email from Roland Geisler at Nokia that was posted on the Safari Web Kit mailing list (more info at http://webkit.opendarwin.org/contact.html)
From: roland geisler
Subject: [webkit-dev] Greetings from the Series 60 mobile browser team at Nokia
Date: June 13, 2005 2:52:33 PM PDT
RE: Recent press release: http://press.nokia.com/PR/200506/998214_5.html
Hi,
I'm heading marketing and strategy at Nokia for Series 60's new mobile browser that will be built upon WebCore/KHTML and JavaScriptCore/KJS. I am writing you this email to thank you for having built the Konqueror and Safari browser with the two components WebCore/KHTML and JavaScriptCore/KJS. I would like to introduce myself and some members from our core development team, and explain why we at Nokia have selected your code base for our future Series 60 mobile browser. I also hope that this will start a mutual dialogue among us that will support all of our projects in the future.
Not all of you might be familiar with Series 60. Series 60 is a smart phone software platform developed by Nokia, which enables feature rich applications on mobile devices. Series 60 is based on the Symbian OS and is written in C++. More information can be found from http://www.forum.nokia.com/
and http://www.series60.com/.
I copied some of our core development team members on this email so you have their names and contact information. Antti Koivisto, whom you might know already, is one of the co-authors of KHTML and has been working for Nokia Research Center for the past few years and recently joined our mobile browser development team in Boston. David Carson and Deepika Chauhan are two of the original developers of the Nokia mobile browser. Zalan Bujtas, Prabhakar Marnadi, Yongjun Zhang and Sachin Padma have been working with mobile browsers for some years at Nokia in Helsinki and Boston. Keith Hollis has several years experience working with mobile browsers and has recently joined our team in Boston, earlier he was the principal person leading the port of the Opera web browser to the Symbian OS at Opera Software. Guido Grassel, Kimmo Kinnunen and Andrei Popescu are working at our Nokia Research Center in Helsinki (http://www.nokia.com/research/) where we have built the GTK port of Apple's WebCore that we released last year - http://gtk-webcore.sourceforge.net/.
The high performance, low memory consumption and small code footprint of KHTML and KJS make these components ideal for resource-constrained mobile devices. Clean architecture and good design create a good base for future development of mobile features. In addition, Web compliance was another important criteria for us. Congratulations to the KDE Konqueror developer team for building such a great browser.
Big thanks at this point also go to the Apple Safari team that has tremendously improved KHTML and KJS in many areas, in particular in Web compliance and performance. WebCore and JavaScriptCore also offer a cleaner separation to the underlying operating system. For these reasons we at Nokia chose WebCore and JavaScriptCore as the code base for our Series 60 mobile browser.
Our plan is that the new Series 60 mobile browser will be available as a standard Series 60 application during the first half of 2006.
We at Nokia are excited to use WebCore/KHTML and JavaScriptCore/KJS for our future Series 60 mobile browser. I hope that we can start a dialogue with your community and the Apple Safari team on how to "mobilize" WebCore/KHTML and JavaScriptCore/KJS to create the best Web browser based on open-source components for mobile devices.
Best regards,
Roland Geisler
Head of Marketing & Strategy, Series 60 Browser
Nok
"This is nothing but a childish spat between 2 diffrent groups of developers."
:-)
This may be a childish spat but I wouldn't say it was between KHTML and Apple. Apple hasn't said anything against KHTML, Open Source, or this individual developer. They chose to stay out of this issue and didn't comment on the article.
I also wouldn't drag KHTML into this. This is all about one individual KHTML developer.
If this is a spat between anyone its a spat between CNET looking to drive clicks to their site and make some ad revenue and slashdotters like myself who have too much time on their hands.
It sounds like Apple at least has been communicating with the KHTML guys to see how the situation can be improved. I think Apple deserves a lot of credit for being based on open source and working to see how they can increase cooperation. While they may not be as open as everyone likes they are supporting open source, which is much more than I can say for most big software companies.
I wonder how much of this article represents the view of one KHTML developer instead of the view of the larger KHTML team.
The short answer is that no browser currently passes the Acid2 test. I'm pretty sure the Firefox team is working on it. I know the Safari team is working on it as their progress is being talked about on David Hyatt's blog: http://weblogs.mozillazine.org/hyatt/
Compare IE and Firefox security with Safari:
http://secunia.com/product/1543/
- Open source engine
- Less vulnerabilities discovered
- ZERO Unpatched Vulnerabilities
Apple's solution is based on a user editable white list of allowed scripts so that's already there for you.
You can choose *a single* primary script (or two, or...), whatever you want. You can even turn off all IDN support.
This seems like a much better short-term solution than other browsers have come up with. Apple managed to keep International Domain Name support for most of their customers (particularly in countries like Japan and China where they are starting to be widely used) and address the security issue.
I'm not sure what the right long-term solution is. Its not ideal to have to turn off support for Cherokee, Cyrillic and Greek. It seems like the domain registrars need to take some of the responsibility.
The next version of iChat AV, Apple's IM/Video Conferencing Application will feature XMPP/Jabber Interoperability. They have been using it for iChat to iChat communications for a while and now have fully implemented the standard and are opening up to 3rd party implementations.
http://www.apple.com/macosx/tiger/ichat.html
The upcoming iChat AV server also supports 3rd party XMPP/Jabber clients:
http://www.apple.com/server/macosx/tiger/
You're right. I did misunderstand the specific topic that the weblog entry was talking about. Having just read about the Safari fix I had assumed they were the same thing.
I still find it distateful that a security expert would accept a potentially dangerous situation by trying to educate users (and expect users to know) that the status bar isn't to be trusted. Something you seem to agree with.
Thanks for the correction.
It's possible that the average user has even more clueless than I estimate but that would only strengthen my arguement that browser manufacturers should go out of their way to protect the user.
If something that was originally intendend to be a feature ends up a security risk and does not actually provide user benefit then that "feature" should be gotten rid of.
I'm not arguing that we get rid of Linux or other things of value. I'm not claiming that we should all unplug from the net and hide in a closet.
I can't seem to access the vulnerability report, but it doesn't sound like the same thing to me at all. Virtually every browser allows you to set the status bar text with Javascript. If you don't like that, you can switch client-side scripting off, or that particular feature in some browsers. The Safari hole sounds like websites can do this without any client-side scripting at all.
s poofing_test/
Not true. Check out the Secunia test case below with IE, FireFox, and Safari. Only IE is vulnerable. FireFox and Safari do not allow the website to spoof the URL in the status field.
http://secunia.com/internet_explorer_address_bar_
I disagree.
d ress_bar_s poofing_test/
To the average user, there is a world of diference between what is displayed as part of the browser UI and the contents of a web page.
When I go to nytimes.com it is clear to me and the average user that the browser vendor is not responsible for the content of the page.
However, the average user does not expect that the web page has direct control over the browsers UI. When the browser puts up a lock icon indicating that the page is secure, we hold the browser responsible for making sure the page is acutally secure. We expect the URL field to show us where we actually are (and not what the web site wants to display). The same is true for the URLs being displayed in the status bar.
You are wrong to say that this is a feature of every major browser. Mozilla protects against this. FireFox protects against this. Safari protects against this. I'm not sure about other browsers.
This may not be the most dire or malicous security hole ever but it is a security hole. Users could think that they were going to a site that they trust but get taken to a site filled with spyware, pop-up windows, porn, whatever. Or they could think that they are going to their financial institution only to be taken to a site that is made to look like their financial institution. If the user doesn't check the URL field w every new page they go to they might input their user name and password into a malicous site.
Security is a important topic and security experts should be biased to protect users security not to protect "functionality" with dubious benefits. (I bet you can't find a single major site that uses this "functionality" and I don't know why the site can't display whatever message it needs to display within the browser window).
In case you are interested, here is the test for the vulnerability from secunia:
http://secunia.com/internet_explorer_ad
Apple fixed a URL spoofing vulnerability in Safari with this release. (The URL shown in the status bar when you click on a link was not necessarily where you were going to be taken)
3 /274330 .aspx
Just today, a MSFT IE secutity tester posted an entry on the IE Blog that dismisses the vulnerabilty. He feels that allowing web sites to display arbitrary text on the status bar is a feature and that users need to learn that they can only trust the address bar URL field, and the lock icon in the status bar. IE users need to know that "the status bar text is not helpful in making trust decisions."
I'm amazed that is the mindset of an security tester and even more amazed that he feels comfortable posting that viewpoint publicly on the IE blog. No wonder they have so many security problems!
Here is the link to the blog:
http://blogs.msdn.com/ie/archive/2004/12/0
Mac OS X runs comfortably on a 600Mhz G3 laptop. Unlike other OS releases, Mac OS X has actually been getting faster with each release.
Uh. 10.1 was a free upgrade for everyone with 10.0 and you paid for it?
Apple is on a roll! From Cnet:
g =n efd.top
http://news.com.com/2100-1045_3-5205185.html?ta
If Tiger goes on sale this year, it would mark the company's fifth version of Mac OS X in five years. In the same period, Microsoft has released one major version of Windows--XP--along with various updates. Longhorn, the next major release of Windows, is not expected until the middle of 2006, at the earliest.
What fools are moderating up the parent post?
iChat **IS** an official AOL AIM compatible instant messaging client. It **has been** for over a year now.
Sounds like its time to short SCOX. I figure CNET and other major publications will probably have stories about this tomorrow, this is sure to have a negative impact on the companies stock price.
I'm really excited about Panther. The finder screen shots make it look like they have really gotten file navigation right. Previous iterations were too geeky, exposing the average user to /Library, /System, and /Users when most people just want to get to their documents and applications.
Expose is a great example of the combination of Apple's design sense and what you can do with the Quartz compositing engine. Windows scale down so you can see all of your open windows, or all of the documents in an application. I don't think its even technically possible to do that on windows because they lack an alpha channel.
I've used iChat AV and it is soooo much better than windows messenger. Unlike messenger, which forces me to a single postage-stamp sized video window, I can scale my video to any size and even go full screen. Audio conferencing seems to be pretty clear and will be great for when I'm on dial-up or talking to someone w/o a camera.
I can't wait to see more.
The browser wars are over? They are just starting to get interesting again. Safari for the Mac is one of the fastest and innovative browsers on the market. The Mozilla browsers continue to spawn lots of innovations and now seem focused on ease of use and performance. Things are just starting to get interesting again.
The big news in this article is that MSFT might be successfully pushing windows media player into the AOL empire. *shudder*
Also frightening, this deal gives AOL seven years to use IE royalty free - hopefully AOL continues to look towards a gecko based browser for their legions of users.