On Wed, 2010-02-10 at 11:20 -0500, Bob McConnell wrote: > From: Ashley Sheridan > > On Wed, 2010-02-10 at 10:17 -0500, Bob McConnell wrote: > >> From: Robert Cummings > >>> Lester Caine wrote: > >>>> James McLean wrote: > >>>>> On Wed, Feb 10, 2010 at 2:26 PM, <clancy_1@xxxxxxxxxxxx> wrote: > >>>>>> On Thu, 04 Feb 2010 02:39:03 +0100, jochem@xxxxxxxxxxxxx (Jochem > >> Maas) wrote: > >>>>>>> as for using IE6 ... WTF ... you do realise this is essentially > a > >> web > >>> developers mailing list right? > >>>>>> The interesting things in my websites go on behind-the-scenes, in > >> the PHP, and produce > >>>>>> relatively straightforward HTML. I have avoided the well-known > bugs > >> in IE6, and think my > >>>>>> webpages display correctly on any of the modern browsers, but as > >> Microsoft delights in > >>>>>> rearranging everything in every update, and making the features > you > >> need ever harder to > >>>>>> find, I stick to IE6 for my everyday work. > >>>>> Wow. Ignoring the issue that IE6 will soon be EOL (finally), and > >>>>> ignoring how bad it is at handling anything even remotely modern, > >> your > >>>>> workstation must be a haven for virii, spyware and malware... IE6 > >> has > >>>>> just about the worst security track record out there, at least on > >> the > >>>>> desktop anyway. > >>>>> > >>>>> If you must have IE6 for whatever reason, stick it on Windows > >>>>> installed on a VM and upgrade your main workstation browser to > >>>>> something more recent. At least a VM can be backed up at a > >> known-good > >>>>> point and if^H^Hwhen it gets compromised it can be deleted easily > >> and > >>>>> replaced with your backup. > >>>>> > >>>>> I'll make it easy for you: http://www.getfirefox.com :) > >>>> > >>>> Since a large section of our USER base is still tied to W2k and > does > >> not have > >>>> access to install other software, the call for IE6 to die is STILL > >> somewhat > >>>> premature! > >>>> What is needed is someone to kick M$ to sort the mess out by at > least > >> allowing > >>>> IE8 to install on W2k machines, rather than telling hundreds of > >> councils they > >>>> have to replace ALL their computers :( > >>>> > >>>> The alternative is to convince M$ controlled councils that Firefox > is > >> OK and > >>>> that using it will not invalidate their contracts - but then all > the > >> work > >>>> currently being done to convert legacy setups to work with *IE7* > >> would have to > >>>> be scrapped and reworked on Firefox. Many of my customers have only > >> just got > >>>> funds to start an *IE7* roll out! Redoing all that work for IE8 is > >> yet another > >>>> problem for which money is not available. > >>> > >>> Microsoft WANTS them to spend money upgrading... that's the point of > > >>> questionable feature enhancement and the breaking of file formats so > > >>> that older software can't read it properly. If the councils really > >> want > >>> to save money they'd move to Linux. As for "all the work being done > to > >>> > >>> convert legacy setups to work with IE7"... this is the WRONG > >>> philosophy... it should be "all the work being done to convert > legacy > >>> systems to work with Standards" with a little bit of "with IE7 > >>> compatibility layer on top". The target is standards, that way in > the > >>> future they aren't locked in still. > >> > >> Our SOP is to generate standards compliant pages, validate them with > >> Firefox and the HTML Validator add-on, then deal with the deviant > >> browsers. It's a lot less work than trying to do it the other way > >> around. There are a few minor issues, such as W3C still refusing to > >> allow the autocomplete attribute for forms, while PCI requires it. > But > >> those are few and far between. > > > > The W3C validator rejects that autocomplete attribute because it still > > isn't in any valid standard. Some browsers have introduced it, and PCI > > requires it to be there for browsers that recognise it, but it's not a > > good security feature, as browsers don't have to honor it and they can > > still claim standards compliance. It's a good attribute though, and > > makes sense in many situations, so it probably should be included in > > the standards I think. > > I understand why the validator acts the way it does, I just don't > understand why W3C acts the way it does. They started out documenting > what browsers do, and calling that the standard. Now they seem to think > they are above that and can dictate to the browser developers what they > should do. That's bass ackwards, and completely unreasonable. They > should still be documenting the best practices as they evolve in the > browsers and incorporate them into the standards. In the case of > autocomplete, they need to document what it should be doing in order to > be a real security feature and require browsers actually do that for > compliance. The current state where it simply provides security theatre > is untenable. > > Yes, I have already lost that argument here. The PCI auditors have a lot > more leverage than I do. > > Bob McConnell > If they continued documenting what the browsers did, we'd still be living in a world where IE dominated, as they would have decided the 'standards' used, and all the other browsers would have been playing catch-up. Part of what people like about browsers that aren't IE is the standards compliance. Thanks, Ash http://www.ashleysheridan.co.uk
