Advertisers may not like it. Currently they use scripts from multiple domains and dozens of CDNs.
SSP will require them to cut down number of domains needed to whitelist (otherwise SSP whitelist would look like AdBlock's database;) and won't let them add new domains without getting publishers to change SSP.
It would be silly to rely on SSP as the only form of protecton. As an additional measure you can use it even if not 100% of browsers implement it - you're just lowering risk/attack surface.
News headlines like "IE does not implement important security protocol that Firefox does" will get chairs moving fast in Redmond.
Software solution. It's not fast enough for smooth full-screen video, but OK for desktop apps. OS X sees it as a proper second monitor (with arrangement, color profiles, etc. which you can't do with Matrox's hack)
This could work like PageRank, except incoming link => incoming e-mail. Incoming mails from accounts that aren't trusted wouldn't make you any more trusted. Anyway, it looks like a fantastic waste of bots' resources. Every mail that lands in bot's inbox is a mail that didn't land in user's inbox.
The "zealotry" is answer to unfair dissing of Opera. The company is working really hard on their browser and promotion of web standards, and yet from the general public all they get is "x%? I don't give a shit".
Hakon Lie, Opera CTO is co-author of CSS and initiator of Acid2 test,
Ian Hickson, editor of HTML5, was Opera employee when the work started, and is creator of Acid3 test,
Opera invented/popularized MDI (pre-tabbed) browsing, mouse gestures, zoom and shrink-to-fit, HTML+CSS+JS on mobiles (including non-smartphones!), views-based e-mail client (think GMail),
They actively fight Microsoft by filing complaints to EU, sued them for MSN, ridiculed IE with Acid tests and b0rk editions, fight IE-only websites with Open The Web campaign and they are getting excellent SVG, CSS and native video support to offer free and open alternatives to Silverlight and Flash.
In the US the browser alone might not be directly relevant, but Opera Software influenced the market quite a bit: IE8 was released soon after Opera filed complaint to EU and IE8's big news is passing Opera CTO's Acid2 test. Opera taken lead role in WHATWG and started implementing [X]HTML5. Before that W3C didn't consider any major revisions of HTML4 or XHTML1.
They used to be hardcore about standards, until they finally realized that web is full of crap and they have to support crap too (otherwise users complain that "pretty" scrollbars work in IE but not in Opera, so Opera is worse).
There is no cross-domain insecurity in <object> as defined by the HTML specification. There is a problem in IE8's broken implementation.
If object can't be displayed, browser should ignore it. Ignored <object> isn't any more dangerous than <div>. In such case there's only one document, with one DOM, all within same domain.
But apparently IE8 can't ignore undisplayable <object> properly, so they've hacked around the problem by spawning new IE8 instance that pretends to be a plug-in that handles the invalid <object> (an <iframe> effectively). And when you do stupid things like that, of course you've got a security problem!
No Acid2-passing browser has any problems with displaying same-origin fallback to cross-domain object.
The technical side of Activities and WebSlices does not suck! They've used a pretty straightforward and not-very-IE-specific XML file + JS call for adding Activities, and WebSlices are based on hAtom Microformat.
PHP sucks, but none of its problems are showstoppers. You do have to look up every strwtfbbq function to check needle/hastack order and if someone decided to throw in underscore for a good measure, but after you do that (and go through three dozen application-breaking retarded configuration options) it works, works well enough and scales nicely on loads of different systems and servers.
They encourage keeping pages broken (and broken in a way that's best for IE only) rather than getting sites and browser move to standards. IE5 is dead now, but its legacy quirksmode is thriving. With this switch IE7's bugs get chance for immortality too.
If they'll keep adding new bugmodes with each release (and this syntax makes it possible), they will create anti-competetive situation, where they can keep 100% compatibility just by freezing their engine, and forcing competition to reverse-engineer and implement each of their past mistakes.
There are plenty of alternative solutions, but none of them are so weasly and self-serving as this one.
Like other vendors, they could release betas early or even keep nightlies continously, to allow webmasters to prepare for future changes.
They could default to real-super-duper-standards mode and use magic tag only to regress on pages that ask for it. If there was preference/registry key that switches IE8 to IE7 engine, their beloved "corporate customers" could remain blissfully unaware of technological progress.
They could detect hacks and popular broken scripts and regress only then. It's not difficult (you can smell conditional comments and * html hack mile away). Opera successfuly does something like that with browser.js.
They could draw a line by changing User-Agent to "Internet Explorer/8.0 Windows/5.1", hiding likes of document.all, and reading pages like all decent browsers do. They would give up "privilege" of being allowed on worst of the IE-only sites, but that's good for open web and good for fair competition... thus absolutely unthinkable for Microsoft.
The problem is that currently you can't, and Microsoft only prolongs this situation. None of the existing pages will see the improvements. They've made it easier to keep pages broken than to fix them. Microsoft has decided that the current buggy engine should be the default, forever. You may end up maintaining hacks on pages written for IE7-bugmode long after IE7 fades into insignificance.
This part isn't ignored. In fact, it's pretty much the opposite: all current implementations of WYSIWYG editor insert and browser vendors refuse to change that, because websites rely on that behavior.
If W3C demanded CSS, then it would get ignored or at best implemented as <span style="color:red">, which is just as bad as <font color="red">.
Slashdot Mirror
Advertisers may not like it. Currently they use scripts from multiple domains and dozens of CDNs.
;) and won't let them add new domains without getting publishers to change SSP.
SSP will require them to cut down number of domains needed to whitelist (otherwise SSP whitelist would look like AdBlock's database
It would be silly to rely on SSP as the only form of protecton. As an additional measure you can use it even if not 100% of browsers implement it - you're just lowering risk/attack surface.
News headlines like "IE does not implement important security protocol that Firefox does" will get chairs moving fast in Redmond.
Software solution. It's not fast enough for smooth full-screen video, but OK for desktop apps. OS X sees it as a proper second monitor (with arrangement, color profiles, etc. which you can't do with Matrox's hack)
If then can get down dual-screen fancy touchscreen laptop down to $75, why not get 1st gen XO down to $20 instead?
I think 3rd world governments would rather buy cheaper laptops than cooler ones.
echo htmlspecialchars($_GET['ekhm!']);
Apparently writing about PHP automatically allows using dumb code in examples:
;)
function is_authorized() {
if ($expression_that_returns_boolean) {
return true;
} else {
return false;
}
}
and
echo "Welcome, $_GET['cross_site_scripting_attack']!";
I guess PHP needs magic_entities
D also offers syntax and ease of writing comparable to C#/Java, but is faster, doesn't require VM and compiles to native code linkable with C.
This could work like PageRank, except incoming link => incoming e-mail.
Incoming mails from accounts that aren't trusted wouldn't make you any more trusted.
Anyway, it looks like a fantastic waste of bots' resources. Every mail that lands in bot's inbox is a mail that didn't land in user's inbox.
If they can't afford $10/year they probably can't afford internet connection to set up and maintain the site either.
Anyway, there's always myspace and such that will give you "web presence" without charging you for it.
The "zealotry" is answer to unfair dissing of Opera. The company is working really hard on their browser and promotion of web standards, and yet from the general public all they get is "x%? I don't give a shit".
In the US the browser alone might not be directly relevant, but Opera Software influenced the market quite a bit: IE8 was released soon after Opera filed complaint to EU and IE8's big news is passing Opera CTO's Acid2 test. Opera taken lead role in WHATWG and started implementing [X]HTML5. Before that W3C didn't consider any major revisions of HTML4 or XHTML1.
They really deserve some more respect.
They used to be hardcore about standards, until they finally realized that web is full of crap and they have to support crap too (otherwise users complain that "pretty" scrollbars work in IE but not in Opera, so Opera is worse).
That's what I had in mind - ignore the tag, but not its content.
No, it does not pass.
There is no cross-domain insecurity in <object> as defined by the HTML specification. There is a problem in IE8's broken implementation.
If object can't be displayed, browser should ignore it. Ignored <object> isn't any more dangerous than <div>. In such case there's only one document, with one DOM, all within same domain.
But apparently IE8 can't ignore undisplayable <object> properly, so they've hacked around the problem by spawning new IE8 instance that pretends to be a plug-in that handles the invalid <object> (an <iframe> effectively). And when you do stupid things like that, of course you've got a security problem!
No Acid2-passing browser has any problems with displaying same-origin fallback to cross-domain object.
MenuMeters includes disk activity indicator. Solves the 'problem' for me.
The technical side of Activities and WebSlices does not suck! They've used a pretty straightforward and not-very-IE-specific XML file + JS call for adding Activities, and WebSlices are based on hAtom Microformat.
If you set up a VPN you can browse via Privoxy (removes ads) and Ziproxy (compresses the rest).
PHP sucks, but none of its problems are showstoppers. You do have to look up every strwtfbbq function to check needle/hastack order and if someone decided to throw in underscore for a good measure, but after you do that (and go through three dozen application-breaking retarded configuration options) it works, works well enough and scales nicely on loads of different systems and servers.
They encourage keeping pages broken (and broken in a way that's best for IE only) rather than getting sites and browser move to standards. IE5 is dead now, but its legacy quirksmode is thriving. With this switch IE7's bugs get chance for immortality too.
If they'll keep adding new bugmodes with each release (and this syntax makes it possible), they will create anti-competetive situation, where they can keep 100% compatibility just by freezing their engine, and forcing competition to reverse-engineer and implement each of their past mistakes.
There are plenty of alternative solutions, but none of them are so weasly and self-serving as this one.
The problem is that currently you can't, and Microsoft only prolongs this situation. None of the existing pages will see the improvements. They've made it easier to keep pages broken than to fix them. Microsoft has decided that the current buggy engine should be the default, forever. You may end up maintaining hacks on pages written for IE7-bugmode long after IE7 fades into insignificance.
And when IE6 finally dies, you won't even need classes for every column.
If W3C demanded CSS, then it would get ignored or at best implemented as <span style="color:red">, which is just as bad as <font color="red">.
There has been - frames - and it didn't work out very well. It's because the web has deep-rooted assumption that every document has its own URL.
With OTR built-in I can even send it via Google's servers.
To beg the question does not mean "to raise the question."