LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Thunderbird too

Thunderbird too

Posted Nov 9, 2011 15:29 UTC (Wed) by mathstuf (subscriber, #69389)
In reply to: Thunderbird too by clugstj
Parent article: Firefox 8 released

I disagree. Now that there aren't version numbers, web developers will have to start testing for feature compatability. This is a strictly better solution than blacklisting browsers other than the big 4 just because of a silly UA string.

This is mainly because I use uzbl and get blacklisted from sites despite using the same backend as Safari and Chrome and partially because I compile my own webkit for it, disabling things like audio, video, geolocation, database support, and mouse grabbing when that comes along.

(Log in to post comments)

Actually it becomes easier...

Posted Nov 9, 2011 16:32 UTC (Wed) by khim (subscriber, #9252) [Link]

Now that there aren't version numbers, web developers will have to start testing for feature compatability.

Actually it's much easier to check for a single "version number" rather then try to parse large and complex "version string" thus it'll make life of web developers easier, not harder.

because I compile my own webkit for it, disabling things like audio, video, geolocation, database support, and mouse grabbing when that comes along

And this is why I think UA check is the only way to go. It's one thing to support few different browsers with a sane set of features, it's another to use application platform which can have important parts just randomly removed. It's the same thing which plagues desktop linux for ages - no need to have another repeat of the same story. It's one thing to cope with deficiencies of some browsers, but to now cope with randomly crippled ones? No, no need to spend time on that.

Thankfully solution is simple:
1. Check the browser.
2. Check the version number (now when it's just a number it's easy).
3. Refuse to support anything beyond the "big four".
3a. If someone will manage to start your app on unsupported browser - it's his (or her) problem: you can safely close all bugs with "WONTFIX" resolution.

This may be not all that friendly to the DIY guys, but at least this way you'll know that you can safely use local storage, for example (all major browsers support it for many years!) and now worry about fallbacks.

Actually it becomes easier...

Posted Nov 9, 2011 16:55 UTC (Wed) by mathstuf (subscriber, #69389) [Link]

> Actually it's much easier to check for a single "version number" rather then try to parse large and complex "version string" thus it'll make life of web developers easier, not harder.

Wasn't there talk of not sending the version number in UA strings at all?

> And this is why I think UA check is the only way to go. It's one thing to support few different browsers with a sane set of features, it's another to use application platform which can have important parts just randomly removed.

If that's the case, then UA strings need something along the lines of "I'm actually FooBrowser, but you can treat me like Chrome" so that new/other browsers have a *chance* of being recognized in stats. Without this or feature detection, first-party support will be nigh impossible for new/alternate browsers because "no one uses it" when it really just has to masquerade as anything but itself to even work. This is basically vendor lockout and I don't see why it should be accepted here more than anywhere else.

> This may be not all that friendly to the DIY guys, but at least this way you'll know that you can safely use local storage, for example (all major browsers support it for many years!) and now worry about fallbacks.

Good for them. However, until there's support for blacklisting random sites from dropping whatever data they like onto my machine, it gets disabled completely. Sites already have to cope with the chance that cookies don't work and if they encounter that, they put up a page saying "This site needs cookies to do random stuff, unblock us so we can do A, B, and C.", why not do the same with other features?

Actually it becomes easier...

Posted Nov 9, 2011 17:16 UTC (Wed) by khim (subscriber, #9252) [Link]

Wasn't there talk of not sending the version number in UA strings at all?

Who talks about that and where? I've heard some noises from Opera (because it's often forgotten), but so far all browsers report version number.

Without this or feature detection, first-party support will be nigh impossible for new/alternate browsers because "no one uses it" when it really just has to masquerade as anything but itself to even work.

This mechanism is there: at least MS IE allows you to change to useragent string using registry so sites can not just do strncmp on useragent string.

Without this or feature detection, first-party support will be nigh impossible for new/alternate browsers because "no one uses it" when it really just has to masquerade as anything but itself to even work.

Sites do tolerate random additions. So this is not a problem. If someone will decide to follow in Google's footsteps (spend few billions of dollars and get new, supported, browser you can control) it'll not be a showstopper. But if you hope for "equal treatment of minors"... sorry, this phantasy was dispelled long ago. Of course to even be considered seriously you must implement all (or at least most) of the features for the "UA-string donor" browser, or else sites will just blacklist you.

Sites already have to cope with the chance that cookies don't work and if they encounter that, they put up a page saying "This site needs cookies to do random stuff, unblock us so we can do A, B, and C.", why not do the same with other features?

Because cookies were introduced in different era and some of "big four" still gave you a way to disable cookies?

Even so: not all sites bother. Lots of them just break in some way: go in endless redirection loop, or send you to the homepage, etc. I'm sure some sites will check features individually, but most sites will just do what they did for years. It's simple and it works "good enough" so why spend time on some pointless idealistic crusade?

Actually it becomes easier...

Posted Nov 11, 2011 20:56 UTC (Fri) by mathstuf (subscriber, #69389) [Link]

Seems I got the UA version disappearing mixed up with the About box hiding of the version number.

For my UA, it seems adding uzbl beside X11 for a Firefox UA still works. Still, I'd like if there were a standard way of doing it for statistical collection purposes.

The impetus behind the video and audio feature disabling is that I don't like websites playing media without consent (e.g., it'd damn near impossible to queue up youtube webpages because they all auto-play). Plus, I have tools to download them and watch them in MPlayer where I get keyboard shortcuts, good seeking, and replay-a-week-later-with-no-download. It also allows me to drop gstreamer dependencies. The database blocking is mostly to hamper tracking and geolocation because I don't need my browser to know.

So yes, I realize that the train has left the station on these features being out there, but it doesn't mean that I'm going to allow sites I visit to control my computer without consent. It's silly that websites can play media without asking "Are you already listening to music? On a call? Listening to an audiobook? Watching another video?" and do nothing if so. If/when uzbl exposes the flags for black/whitelisting these things, I'll enable them again in my builds.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds