惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

WordPress大学
WordPress大学
Security Latest
Security Latest
C
Cisco Blogs
P
Palo Alto Networks Blog
Know Your Adversary
Know Your Adversary
Project Zero
Project Zero
C
Cyber Attacks, Cyber Crime and Cyber Security
NISL@THU
NISL@THU
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
S
Secure Thoughts
P
Privacy International News Feed
V
Vulnerabilities – Threatpost
D
Docker
Google Online Security Blog
Google Online Security Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Recent Announcements
Recent Announcements
T
The Exploit Database - CXSecurity.com
G
Google Developers Blog
Schneier on Security
Schneier on Security
小众软件
小众软件
爱范儿
爱范儿
GbyAI
GbyAI
J
Java Code Geeks
T
Tailwind CSS Blog
Cisco Talos Blog
Cisco Talos Blog
The Hacker News
The Hacker News
D
DataBreaches.Net
Blog — PlanetScale
Blog — PlanetScale
TaoSecurity Blog
TaoSecurity Blog
MyScale Blog
MyScale Blog
B
Blog RSS Feed
Cyberwarzone
Cyberwarzone
有赞技术团队
有赞技术团队
Martin Fowler
Martin Fowler
C
CXSECURITY Database RSS Feed - CXSecurity.com
S
Securelist
L
Lohrmann on Cybersecurity
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Y
Y Combinator Blog
S
Schneier on Security
Latest news
Latest news
Apple Machine Learning Research
Apple Machine Learning Research
博客园 - 叶小钗
F
Fortinet All Blogs
M
MIT News - Artificial intelligence
PCI Perspectives
PCI Perspectives
V
V2EX
V2EX - 技术
V2EX - 技术
O
OpenAI News
W
WeLiveSecurity

Henri Sivonen’s pages

Parin vuoden tutkimattomuus crates.io: Rust Package Registry Asiakirjatonta toimintaa It’s not wrong that "🤦🏼‍♂️".length == 7 Koulutartuntojen tilastointimenettely Perusteasiakirjoja hallussapitämättä ikärajoitettu Asiantuntijat ja nukkuva vallan vahtikoira Koronapassilausunto Suppealla tietopohjalla ohimeneväksi väitetty Text Encoding Menu in 2021 The Text Encoding Submenu Is Gone An HTML5 Conformance Checker Not Part of the Technology Stack Browser Technology Stack Bogo-XML Declaration Returns to Gecko A Look at Encoding Detection and Encoding Menu Telemetry from Firefox 86 Why Supporting Unlabeled UTF-8 in HTML on the Web Would Be Problematic Rust Target Names Aren’t Passed to LLVM Toimintamalli Activating Browser Modes with Doctype Johtopäätöksiä mallin rakenteesta Tehtävänmäärittelyä kirjoittamatta ja kuolemia laskematta laumasuojamallinnettu Character Encoding Menu in 2014 Erillissuosituksen tarpeettomuudesta yleissuosituksen poikkeukseksi? STM:n maskiaikajana Rust 2021 Oma-aloitteisesti mallinnettu Kokopinovaatimuksin kilpailutettu chardetng: A More Compact Character Encoding Detector for the Legacy Web Varauksia paisutellen tiedotettu Perusteasiakirjoitta tiedotettu Always Use UTF-8 & Always Label Your HTML Saying So IME Smoke Testing The Validator.nu HTML Parser About the Hiragino Fonts with CSS It’s Time to Stop Adding New Features for Non-Unicode Execution Encodings in C++ Rust 2020 The Last of the Parsing Quirks About about:blank Rust 2019 a Web-Compatible Character Encoding Library in Rust How I Wrote a Modern C++ Library in Rust Using cargo-fuzz to Transfer Code Review of Simple Safe Code to Complex Code that Uses unsafe A Rust Crate that Also Quacks Like a Modern C++ Library #Rust2018 No Namespaces in JSON, Please A Lecture about HTML5 Julkisesti luotettu varmenne ikidomainille TLS:ää (SSL:ää) varten -webkit-HTML5 Lists in Attribute Values The Sad Story of PNG Gamma “Correction” If You Want Software Freedom on Phones, You Should Work on Firefox OS, Custom Hardware and Web App Self-Hostablility HTML5 Parser Improvements ARIA in HTML5 Integration: Document Conformance (Draft, Take Two) Schema.org and Pre-Existing Communities Lowering memory requirements by replacing Schematron HTML5 Parsing in Gecko: A Build Introducing SAX Tree NVDL Support in Validator.nu HOWTO Avoid Being Called a Bozo When Producing XML An Unofficial Q&A about the Discontinuation of the XHTML2 WG Thoughts on HTML5 Becoming a W3C Recommendation Four Finnish Banks Training Users to Give Banking Credentials to Another Site Unimpressed by Leopard Sergeant Semantics The Content Sink Inheritance Diagram – 2006-06-30 What is EME? About Points and Pixels as Units The Performance Cost of the HTML Tree Builder Social Media Impression Management The spacer Element Is Gone Openmind 2006 Performance Mistake XHTML and Mobile Devices WebM-Enabled Browser Usage Share Exceeds H.264-Enabled Browser Usage Share on Desktop (in StatCounter Numbers) HTML5 Parser-Based View Source Syntax Highlighting Vendor Prefixes Are Hurting the Web Accept-Charset Is No More Dualroids Writing Structural Stylable Document in Mozilla Editor ISO-8859-15 on haitallinen Hourglass The Scientific Method According to Hixie Maemo Source Code Karpelan lukkovertaus ontuu Digitaalisesta arkistoinnista ARIA in HTML5 Integration: Document Conformance (Draft) XHTML—What’s the Point? (Draft, incomplete) Mac OS X Browser Comparison HOWTO Spot a Wannabe Web Standards Advocate An Idea About Intermediate Language Trees and Web UI Generation Thoughts on Using SSL/TLS Certificates as the Solution to Phishing Bureaucracy Meets the Web Europe Day HOWTO Establish a 100% Literacy Rate What to Do with All These Photos? Charmod Norm Checking Validator Web Service Interface Ideas DTDs Don’t Work on the Web EFFI’s Day in Court
What Could Microsoft Do about IE6?
Henri Sivonen · 2011-12-22 · via Henri Sivonen’s pages

Microsoft has started a campaign to drive down the market share of IE6. Getting rid of IE6 is a righteous goal. Newer browsers offer better features for user and are less costly for Web authors to develop content and apps for.

Microsoft’s proposed solution isn’t righteous, though. The proposed solution is upgrading to IE8. IE9 runs only on Vista and Windows 7. Those systems haven’t had IE6 available for them in the first place.

There are two main reasons to run IE6, and upgrading to IE8 is a bad remedy to both reasons. The first reason is conservatism and apathy: Just never upgrading anything until you are forced to. The second reason is that the user relies on an intranet app (or in the case of China, on a government or bank Web app) that doesn’t work in anything except IE6.

For those who just haven’t gotten around to upgrading but who aren’t dependent on an IE6-only intranet app, IE8 is a bad target for upgrade, because with the imminent release of IE9 (but not for the versions of Windows that came with IE6), IE8 is about to become yet another legacy version of IE9. Meanwhile, other major browsers—Firefox, Chrome, Opera and Safari—all still have their latest versions running on Windows XP, and at least Firefox, Chrome and Opera are still even getting hardware acceleration improvements on XP. Firefox and Opera even run on Windows 2000.

For a user who isn’t dependent on an IE6-specific intranet app, upgrading to Firefox, Chrome or Opera would be a much better choice than upgrading to IE8 or having to buy new hardware to upgrade to Windows 7 and IE9.

But just saying “Woo! Let’s tell people to upgrade to Firefox/Chrome/Opera!” doesn’t address the problem of having intranet apps that only work with IE6. By definition, such apps don’t work in non-IE browsers but also don’t even work in IE7.

Now, why don’t they work in IE7? Microsoft is famous for bending over backwards in order to preserve compatibility and IE8 and IE9 have numerous modes for emulating old versions of IE. The thing is that IE6 standards mode is not one of the modes available in IE8 and IE9! When Microsoft developed IE6, they kept the behaviors of IE 5.5 available as the quirks mode. However, when IE7 came around, IE 5.5 was kept as the quirks mode but the standards mode of IE6 was replaced by the standards mode of IE7. This meant that any intranet apps that triggered the standards mode in IE6 were in danger of breaking if they depended on behaviors that changed in IE7. That’s why some corporate environments in particular put a block on upgrading IE.

The conclusion Microsoft made from the outcome was that new IE releases should keep snapshots of the engine as seen in the past releases. Hence, IE8 keeps around the quirks mode (IE 5.5) and IE7’s standards mode while adding two modes of its own. IE9 then keeps all the modes that were in IE8 and adds some more.

Now, this might look almost like I was advocating the inclusion of IE6 standards mode in a newer IE. I am not. I think the proliferation of modes in a Web browser is bad for the Web, because if Web sites can choose any one of a large palette of modes, it becomes prohibitively expensive for competing browsers to reverse engineer and clone all the modes.

The original benefit in the competition against Netscape was that when the intranet of a corporation required IE, the users would use IE for all their browsing of the public Web, too. Putting an IE6 mode in IE10 on Windows 7 would, therefore, again expand the intranet-side lock-in to the public Web, which would be bad for the competitive dynamics of the Web browser market.

However, in some cases on the side of the dark matter of intranets, the Browser Wars 1.0–era lock-in to IE6 has become too much even for Microsoft. Those who are locked in won’t even upgrade to a new version of Windows because of it! If Microsoft gets IE6 users to upgrade to IE8 on XP, those users can later migrate more easily to Windows 7 and IE9 or later that contains the modes that IE8 contains.

Short of bankrolling various Windows customers to get their intranet apps freshened up, here’s what Microsoft could do: They could extract IE6 from Windows XP into a regular Win32 app, restrict it to accessing only hosts on an administrator-maintained list of hosts and make it available for free to anyone. This would enable the Win32 backward compatibility functionality on Windows 7 (or Wine which might be a reason they aren’t doing this!) take care of keeping the legacy code running. Links pointing to outside the administrator-maintained list of hosts would open in the user’s default browser, so the intranet lock-in wouldn’t propagate to Web browser choice. Having a short list of legacy intranet app hosts would also mean the legacy engine of IE6 wouldn’t be exposed to random attack pages on the wild Web. This way Intranet Explorer wouldn’t need to be patched against all the threats that browsers exposed to the Web need to be patched against.

Update 2011-06-24: There is an independent vendor that provides glue code that allows Windows 7 users run the engine of IE6 for intranet sites.