LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Actually it becomes easier...

Actually it becomes easier...

Posted Nov 9, 2011 16:55 UTC (Wed) by mathstuf (subscriber, #69389)
In reply to: Actually it becomes easier... by khim
Parent article: Firefox 8 released

> Actually it's much easier to check for a single "version number" rather then try to parse large and complex "version string" thus it'll make life of web developers easier, not harder.

Wasn't there talk of not sending the version number in UA strings at all?

> And this is why I think UA check is the only way to go. It's one thing to support few different browsers with a sane set of features, it's another to use application platform which can have important parts just randomly removed.

If that's the case, then UA strings need something along the lines of "I'm actually FooBrowser, but you can treat me like Chrome" so that new/other browsers have a *chance* of being recognized in stats. Without this or feature detection, first-party support will be nigh impossible for new/alternate browsers because "no one uses it" when it really just has to masquerade as anything but itself to even work. This is basically vendor lockout and I don't see why it should be accepted here more than anywhere else.

> This may be not all that friendly to the DIY guys, but at least this way you'll know that you can safely use local storage, for example (all major browsers support it for many years!) and now worry about fallbacks.

Good for them. However, until there's support for blacklisting random sites from dropping whatever data they like onto my machine, it gets disabled completely. Sites already have to cope with the chance that cookies don't work and if they encounter that, they put up a page saying "This site needs cookies to do random stuff, unblock us so we can do A, B, and C.", why not do the same with other features?

(Log in to post comments)

Actually it becomes easier...

Posted Nov 9, 2011 17:16 UTC (Wed) by khim (subscriber, #9252) [Link]

Wasn't there talk of not sending the version number in UA strings at all?

Who talks about that and where? I've heard some noises from Opera (because it's often forgotten), but so far all browsers report version number.

Without this or feature detection, first-party support will be nigh impossible for new/alternate browsers because "no one uses it" when it really just has to masquerade as anything but itself to even work.

This mechanism is there: at least MS IE allows you to change to useragent string using registry so sites can not just do strncmp on useragent string.

Without this or feature detection, first-party support will be nigh impossible for new/alternate browsers because "no one uses it" when it really just has to masquerade as anything but itself to even work.

Sites do tolerate random additions. So this is not a problem. If someone will decide to follow in Google's footsteps (spend few billions of dollars and get new, supported, browser you can control) it'll not be a showstopper. But if you hope for "equal treatment of minors"... sorry, this phantasy was dispelled long ago. Of course to even be considered seriously you must implement all (or at least most) of the features for the "UA-string donor" browser, or else sites will just blacklist you.

Sites already have to cope with the chance that cookies don't work and if they encounter that, they put up a page saying "This site needs cookies to do random stuff, unblock us so we can do A, B, and C.", why not do the same with other features?

Because cookies were introduced in different era and some of "big four" still gave you a way to disable cookies?

Even so: not all sites bother. Lots of them just break in some way: go in endless redirection loop, or send you to the homepage, etc. I'm sure some sites will check features individually, but most sites will just do what they did for years. It's simple and it works "good enough" so why spend time on some pointless idealistic crusade?

Actually it becomes easier...

Posted Nov 11, 2011 20:56 UTC (Fri) by mathstuf (subscriber, #69389) [Link]

Seems I got the UA version disappearing mixed up with the About box hiding of the version number.

For my UA, it seems adding uzbl beside X11 for a Firefox UA still works. Still, I'd like if there were a standard way of doing it for statistical collection purposes.

The impetus behind the video and audio feature disabling is that I don't like websites playing media without consent (e.g., it'd damn near impossible to queue up youtube webpages because they all auto-play). Plus, I have tools to download them and watch them in MPlayer where I get keyboard shortcuts, good seeking, and replay-a-week-later-with-no-download. It also allows me to drop gstreamer dependencies. The database blocking is mostly to hamper tracking and geolocation because I don't need my browser to know.

So yes, I realize that the train has left the station on these features being out there, but it doesn't mean that I'm going to allow sites I visit to control my computer without consent. It's silly that websites can play media without asking "Are you already listening to music? On a call? Listening to an audiobook? Watching another video?" and do nothing if so. If/when uzbl exposes the flags for black/whitelisting these things, I'll enable them again in my builds.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds