M$ Hacks The Web, Again

Not content to mess with IT all over the world wide web, M$ has changed its user-agent string from its browser to mess up every web-site that sends different stuff to M$’s web browser…
“Microsoft have replaced the "MSIE" string, which identifies the browser to the website as Internet Explorer, with just "IE," meaning host websites won’t be able to use their current CSS hacks on IE11. To further ensure IE11 users don’t receive an odd version of the site, Microsoft also included the command "Like Gecko" which instructs the website to send back the same version of the website as they would to Firefox.”
see IE11 to appear as Firefox to avoid legacy IE CSS – Neowin

I think this is tantamount to false advertising or besmirching the brands of the competition. It’s just another dirty trick of M$, the purveyor of the worst malware on Earth.

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.
This entry was posted in technology and tagged , . Bookmark the permalink.

8 Responses to M$ Hacks The Web, Again

  1. Ted says:

    “The problem is how do you tell that that user is a new unique user. ”

    Accessing different sites or the same site more than once _at exactly the same time_, perhaps?? You think the people who run these counters have not thought of and worked around all the problems you bring up?

    The problem here is that you are desperate to discredit web-counters, as they show desktop Linux at ~1%. The only time they’re right is when they show what you want to see. See all the cases on this very site when NetApplications are wrong, and even condemned as bought-and-paid-for *corrupt* when they state Linux is hovering at the 1% mark, but they’re gospel when blips and freak results show Linux on the rise.

    “Browsers allow you to change user agent string.”

    And how many users actually do so?

    “This allows you to access particular sites.”

    Such as prank sites (crashie.com) that inject scripts with infinite loops into the page if it detects that IE is visiting? A pity the real vulnerabilty it says affects IE and causes the crash was patched, so they had to be dishonest about it. Set Firefox’s UA to IE and it crashes that, too.

    “Like the latest version of IE lies that its Firefox.”

    The as-yet-unreleased IE11, you mean? And no, it does not “lie that it is Firefox”. It sends a flag “like Gecko” in the UA to tell a site to send it the same markup as it would send Firefox; it wants no IE-specific hacks or workarounds, as it no longer needs them. The UA of IE11 is still Windows and IE11.

    “Mozilla/5.0 (IE 11.0; Windows NT 6.3; Trident/7.0; .NET4.0E; .NET4.0C; rv:11.0) like Gecko”

    http://www.sitepoint.com/ie11-smells-like-firefox/

    “Ted on the reference they have said so on the mailing lists many times”

    Mailing lists? BFD. It means something when it appears on Amaya’s website or in a press release.

  2. oiaohm says:

    Ted the user agent string is not effected and it does not have to be.

    The problem is how do you tell that that user is a new unique user.

    There is a catch most non china NAT systems don’t rotate users between IP addresses in under a 24 hour time frame.

    The china firewall might happen every 30 mins that a user gets assigned a new IP address. This is a very effective way of breaking someone attempting to form lots of different forms VPN links. Part of the firewall function of china makes it many times simpler to over count them.

    Next is filtering on the great china firewall can remove particular information making it back to particular sites like identifying cookies. So you can be seeing many unique users but they are one just because the firewall is filtering the information you want back.

    Basically surveying China from sites outside China is problematic.

    User Agent string there is a nice recent example where Linux users to download from Amazon a album as one file changed there User Agent String on Firefox to read IE 11 windows 8. Now problem is they may browse on to other sites with it still set wrong.

    Browsers allow you to change user agent string. This allows you to access particular sites. Like the latest version of IE lies that its Firefox.

    http://www.howtogeek.com/howto/18450/change-the-user-agent-string-in-internet-explorer-8/

    So yes working by user agent string you may be counting Firefox as IE or IE as Firefox….. So really you don’t have clue. Its like having a blind person go down the street asking people what race they are to survey what races are in an area. Would you trust that survey like that?? Answer is no. You want someone with vision to spot that someone is lieing threw their teeth.

    Ted the only way really to tell browsers is a functionality test. This is like a vision person checking. Particular browsers don’t support particular functionality. Ted you have complained about this issue as a web developer issue.

    This is the problem Ted think about how to collect correct information and you will come back limited methods. Just to be bad no web survey numbers are using those methods.

    1) use site with Logins. This sees through the mess the great china firewall generates.
    2) use functionality testing to ID browsers.
    3) get enough visitors.
    4) perform no voodoo maths to attempt to make global numbers be happy providing just regional overviews.
    5) Attempt have a sites inside china for the china numbers so results are not stuffed up by the firewall.

    That is all you have to-do to get web numbers great numbers.

    Ted I am not really asking for web survey sites to-do anything complex. This is simply looking at the problem seeing your error sources and choosing methods that will not be effected.

    Like maybe we see so much IE 6 from china not because if piracy because key sites in china don’t accept anything else and users are using user agent switching to access those sites are are forgetting to turn it off again. Functionality test will not fail for this.

    Quality results require quality collection methods.

    Ted on the reference they have said so on the mailing lists many times when it comes down to hey should this render like X or Y. No it should render like Z Amaya.

    Problem is does not help us with HTML 5. HTML 4 nice showcase(reference) so it solid just little feature poor. w3c has not released a HTML5 showcase yet. Yes w3c call its references showcases is a pain in ass.

  3. Ted says:

    “–It’s primary function is an HTML/CSS WYSIWYG editor.–
    Yes but its still the reference browser.”

    Then W3C should bloody well say so. There is no mention of Amaya being the “reference” implementation, only that is is a showcase. The “reference” implementation is “Do it like Amaya does in it’s browsing mode, or you’re Doing It Wrong.”

    “The great china firewall is a huge nat system with rotating assigned IP addresses.”

    The “Great Firewall of China” is a name given to the censoring and blocking mechanisms put in place by the Chinese government. Chinese networks run behind NAT just like nearly everyone else on the planet, there’s nothing really that different.

    Also, and this applies to other arguments where NAT and OS/browser is questioned – how would this affect the User Agent string? It matters not a jot that it’s behind NAT, the collection method is logging *lots* of hits identifying themselves as IE6, coming from IPs that are assigned to China.

  4. oiaohm says:

    Ted the reference does not have to just one thing.

    Problem is 100 percent standards compliant does not mean you have to do html5 yet at all. When HTML 5 becomes a full standard then Amaya.

    –It’s primary function is an HTML/CSS WYSIWYG editor.–
    Yes but its still the reference browser. Reference is not to there as competition. Yes producing 100 percent valid code to test browsers with explains it primary reason for being a editor.

    That the reference does not implement html5 yet this does bring some worry when using it about it not being stable.

    –That’s a security issue, not a CSS/HTML rendering issue. Web developers do not usually code around security issues, they care only that their site looks and works correctly.–
    Security issues are the simplest to display on going bugs showing up. But there are still new CSS/HTML bugs as well showing up in IE6 as people use sections of CSS/HTML that have not been used before.

    Yes there is a lot of things in the standards you find no site using yet browsers had implemented.

    Ted
    –IMHO, we’ll just end up with a mess – different vendors supporting different features, with developers stuck coding different style-sheets and/or sites for each major browser that uses them. What kind of “standard” is that??–
    Now here is the thing. Sticking to HTML 4 stuff most new browsers now render that perfect. Notice this is what is fully standard. Problem is items like ie6 don’t never did.

    Web developers also need to choose. Yes browser only extensions exist these should be restricted to experimental usage not production ie moz- and webkit- Experimental stuff is used by some web developers in production. Then some of them complain about issues. moz-/webkit- like extensions browsers are technically free to delete in future.

    There is a difference between when the browsers should start implementing standard and when web developers should start using it.

    Problem with the world wide web no one has enough tolerance to wait for a standard to ratify before using it? No some do and they get absolutely pissed off with the items that were not standard conforming from the get go.

    Ted exactly how does that IE countdown get is numbers. Please don’t be some of those I have documented as broken. The great china firewall is a huge nat system with rotating assigned IP addresses.

    So 0.1 percent with wrong collection method will appear many times worse from china.

    Ted this is my problem Microsoft don’t tell us.

    Stats without collection method is worthless since you don’t know how sus.

  5. Ted says:

    “There are still new issues appearing in those old versions of IE when you do complex code.”

    That’s a security issue, not a CSS/HTML rendering issue. Web developers do not usually code around security issues, they care only that their site looks and works correctly.

    “Ted vendor prefixes are support and recommended by w3c.”

    Whether they should be supported and recommended is highly debatable. IMHO, we’ll just end up with a mess – different vendors supporting different features, with developers stuck coding different style-sheets and/or sites for each major browser that uses them. What kind of “standard” is that??

    “–no browser is 100% standards-compliant–
    There is one http://www.w3.org/Amaya/ It does not do HTML 5.x yet.”

    You contradict yourself. You claim Amaya is standard-compliant in an effort to contradict me, then in the very next sentence say it does not “do” HTML5. If that is the case, then it is not standards-compliant. And here’s something – Amaya is not primarily a browser. It’s primary function is an HTML/CSS WYSIWYG editor. W3C’s very own page says so: http://www.w3.org/Amaya/

    “Ted ie6-8 need to be taken out and put down at least.”

    And here, I actually agree with you. IE6 should have died a death a long, long, time ago. Even Microsoft want it gone: http://www.ie6countdown.com/ It’s only kept online by those with illegal copies of Windows or the terminally lazy in corporations.

  6. oiaohm says:

    Ted
    –The issues with older versions of IE are known, why is he still running into them?–
    There are still new issues appearing in those old versions of IE when you do complex code. http://secunia.com/advisories/52520/

    Ted the more complex site you do the more complex issues inside the browser you find.

    Non standard parts that don’t have a proper test suite yet have the higher number of flaws and issues.

    HTML5.0 is in Candidate Release. This is not draft spec. This is where browser makers should be implementing it. Test suite does exist. Now if there is some issue implementing the Candidate Release version there is some room to correct errors in spec.

    Once it goes final there is no chance to correct spec and we will be stuck with the errors. On HTML 5.0 2013 is Call for Review. What is basically implement.

    In fact by w3c you are really meant to start implementing as soon as it passes working draft but have it disabled by default. So user go into option turn it on to see how good your support of up coming standard is so they can raise issues without before production happens.

    One thing about w3c they are as slow as snail on new standards.

    Ted vendor prefixes are support and recommended by w3c. The biggest issues with IE historically is they did not do this and extended/altered functionality of particular things different to spec. If you alter a function that it does not conform to standard you are meant to prefix. These are clear warnings you are no longer using parts of code that are sure to be standard.

    Netscape is not a issue you don’t find anyone really still using this.

    Ted
    –no browser is 100% standards-compliant–
    There is one http://www.w3.org/Amaya/ It does not do HTML 5.x yet. It is the reference implementation. If you cannot render standard only a site like Amaya does for standards it supports your browser is wrong.

    With how sux Internet 6 is even using Amaya would be an improvement.

    Simple fact is 2001 Amaya was better than IE 6 at its release for standard conformance. Netscape and other browsers of the time would render sites are per Amaya.

    Ted ie6-8 need to be taken out and put down at least. None of them can match the reference implementation. Web developers on those really should block and display get another browser. They are not secure either. Some security holes in them have never been fixed.

  7. Ted says:

    “I suppose this is M$ way of paying people back from being fined by the EU, for lack of browser choice.”

    The lack of ballot screen that went pretty much unnoticed and unreported for *over 18 months*. The EU must just see MS as a piggy-bank these days…

    “I say, just block people from visiting your website using IE”

    For shopping websites, that could be a 40-50% drop in revenue; it’d be complete commercial suicide. Any on-line shop an IE user can’t access, they’ll just go and spend their money somewhere else. Don’t make it hard for people to give you money.

    From your link;

    “People spend more than 50% of their time checking, fixing and hacking issues caused by IE’s lack of compatibility with standards.”

    I wouldn’t mind seeing his evidence for this “50%”

    For all his foul-mouthed bluster, he doesn’t actually have the balls to go ahead and block IE from his own site. But then I suppose IE users wouldn’t be able to see him crow about how he can detect a browser with PHP, as if there aren’t countless browser-sniffing scripts (most far, far, better than his) out there.

    The issues with older versions of IE are known, why is he still running into them? And IE6 is now sub 7% (mostly in places where pirated Windows is rife, not corporations these days) and over a decade old, why does he even bother with it, unless he just wants a stick to beat MS with? Does he piss and moan over Netscape 6’s lack of CSS support? Or even if he compares to the six-year old IE7, what’s Firefox 2’s HTML5 compliance like?

    He also doesn’t mention the raft of vendor-prefixes for Gecko- and Webkit-based browsers. “moz-” and “webkit-” hacks are rife for HTML5 and CSS3.

    As far as the “standard” goes, there isn’t actually a final standard yet, and as usual Microsoft will be damned if they do, damned if they don’t. Follow the draft spec exactly, and they’ll be pilloried for not scoring highly on benchmarks (that rely on CSS3 and HTML5 hacks or things not actually in the working standard), but if they support these hacks and draft specs, they’ll be roasted for just playing for benchmark scores and not following the not-yet-a-standard to the letter.

    This change of UA is simply a sign that IE11 is standards-compliant _enough_ (no browser is 100% standards-compliant) to not need all the hacks and kludges of previous versions, and so can be sent standards-compliant markup, and will render it correctly.

    @Pogson

    “I think this is tantamount to false advertising or besmirching the brands of the competition.”

    A bit like BadVista or Windows7Sins, then? Sin, first stone, etc.

  8. dougman says:

    Friends don’t let friends use, Internet Exploder.

    I suppose this is M$ way of paying people back from being fined by the EU, for lack of browser choice.

    OUCH, sucks for website developers. I say, just block people from visiting your website using IE.

    http://callumpy.co.uk/2012/03/how-to-block-internet-explorer-from-your-site/

    Supporting IE 6 up to 10 is a huge waste of time and (consequently) money. People spend more than 50% of their time checking, fixing and hacking issues caused by IE’s lack of compatibility with standards. IT companies would save a lot of effort spent if we didn’t have to support IE’s problematic versions.

Leave a Reply