Mark Gilbert’s Blog

The Web Standards Project has released the latest version of it’s acid test for browser rendering, surprisingly called the ACID3 Test.

Acid3 goes beyond the CSS tests implemented by Acid2 and tests a browser’s DOM Scripting capability, as well as continuing to probe visual rendering of CSS, SVG and webfonts.

The test itself can be found here along with the reference rendering.

The ideal score is obviously for your browser to score 100/100 and have the test rendering look exactly like the reference rendering, suffice to say there are no mainstream browsers out there that pass completely yet. Internet Exploder fails this test in a rather grand fashion, but then that is now the norm for any Microsoft browser and a web standards test.

Cheers

The most popular alternative browser on the web has just hit half a billion downloads. Internet Exploder is still the most common browser by a fairly long margin, but Firefox is gaining all the time.

Cheers

I actually had a good day today at work. We had a good laugh, got lots of work done, and since I had LOADS of coffee that just made it great. I made up little songs for lots of things, and just generally went a bit mad. I tried to see how long I could keep someone’s attention by just holding a piece of plastic and saying nothing to them at all. As it turns out quite a while, sadly I forgot to time this experiment, but next time I will.

On other topics I think I’m just about done twiddling with my blog design. Hopefully it looks better, I tend to think it does and I’m rather chuffed with it all. My only complaint would have to be that I’m having a job getting it to validate as XHTML 1.1. XHTML 1.0 transitional is fine and works very well however XHTML 1.1 fails. It comes down to the democracy plugin which I use to do my voting on the right hand side. Simply put the whole thing needs to be enclosed in a div tag, but I really cant be bothered to alter the plugin. I know I’m just being lazy, but oh well, I’m not that bothered about XHTML 1.1 code.

Going back to what I was saying about Internet Explorer, I did finally get a setup that serves the MIME type as application/xhtml+xml for most browsers and text/html for IE. However that created a small problem. Currently when viewing a single post, such as this one the background of the page didn’t go all the way to the bottom of the page, smaller posts left huge white spaces that got smaller as the post got past one page of screen depth. After one page of screen depth a small white space was left at the bottom of the page after the background ends. But one smaller posts the white space was huge. It is a odd problem, and I know the issue lies with the code used for the royale theme which I didn’t write. Again it comes back to laziness, I can’t be bothered to look at the code beyond a cursory glance and so I’ll leave my MIME type as text/html, but my post about IE still stands, it is crap.

Some people may also notice that I’ve removed the calendar from the sidebar, I just feel with the new tag cloud it’s not so much needed any more, and so it had to go. I also just generally tidied up the sidebar, something which I had been meaning to do for ages now. Most of the other changes came with the theme which did involve some cleanup operations on the database.

Overall I’m pleased with it, hope you all enjoy.

Cheers

What the bloody hell is wrong with IE you may say, why would Mark, a seemingly nice guy, refer to IE in such a cruel way. Well my friends, this time it is down to IE’s poor handling of modern MIME types.

XHTML web pages should have their MIME types set to application/xhtml+xml instead of the far older text/html. Try using application/xhtml+xml with IE though and it simply does not know what to do. I asks the user if they want to download the file rather than render it like it’s supposed to.

the modern javascript MIME type is also not handled correctly. Instead of the old text/javascript type the newer application/javascript should be used, but instead of working like a modern browser IE simply doesn’t render any application/javascript elements, it just skips over them as though they were not there.

The thing is this is not the bleeding edge of MIME types. application/javascript was registered by an informational RFC in June 2005. application/xhtml+xml was registered by an RFC in January 2002. These are not new things, in January 2002 IE 6 SP1 had not even been released yet. Microsoft have had a lot of time to get things right with regards to standards.

I want to serve my MIME type correctly on my site. I want to use application/xhtml+xml, but I cant because IE doesn’t support it. So instead I’m having to sort some horrid backwards compatible script out to server text/html for all those Internet Exploder users out there. Please IE users, take this advice, switch browsers to something more standards compliant. Safari for Windows and Firefox are both excellent choices and work far better than IE for web standards compliance. Why should you care about standards? Because if nobody followed any standards on the net then simply put the Internet would cease to exist, fragmenting into incompatible sections where only people using one certain standard could view certain parts of the net. Imagine having to use one browser to read your e-mail, another to do online shopping and then another one to go to a different shopping website. Not nice, so please for the sake of the earth use something other than IE.

Cheers

Why is it so hard to get a video to embed properly in my site, and fit with the alignment of my site and display in all browsers without lots of testing? You would think it’s simple, but no. I still don’t test for IE anymore, I gave up on that thing a long time ago. I got sick of bloody code hacks to make the thing work.

Anyway, the Video now tests ok in Safari, Opera, Firefox and Camino, so all seems to be well.

Cheers

While having a little browse around the internet looking for information on the Firefox 2.0 Alpha release I stumbled accross a particular website. It is called Firefox Myths. What the site is basically about is apparently dispelling myths about the Firefox web browser. I did have a good laugh reading the Firefox Myths website, but was a little concerned by some of what the author was saying, which is why I’ve written this post. I would also like to mention Ben Houghton who spent a while helping with research, fact checking and proof reading for this.
If I discover anything I’ve left out I will add and amend this entry as required, so if you have anything to say, get those comments posted.

To start with I’m not going to hide anything here, I have used Firefox for a long time, I began with version 0.5 way back in December 2002, now I use a Mac I use the Safari browser, but I do like Firefox. I still keep it around for odd tasks such as testing my website compatibility.

I’m not sure where a lot of these myths have come from, they seem to be made up, but if the author could provide links as to where these myths came from then that would be good.

Lets start off with his myths;

Myth - “Firefox has lower System Requirements than Internet Explorer”

The site states that IE 6 will run on a 486 and Firefox requires a minimum of a 233 MHz processor to work. According to Microsoft this is true, IE 6 will run on a 486 since Windows 98 will run on 486, but how slowly would this run? I never ran Windows 95 on anything less than a 233MHz PC and it was pig slow then. I would break down in tears if I had to run Windows 98 on a 486. Since IE 6 will not run on Windows 3.1 I seriously doubt any useful work could be done with IE 6 on a 486. I so wish I had a 486 knocking around so I could try this out for myself. it would be a fun experiment for me.

Myth - “Firefox is the Fastest Web Browser”

I don’t think Mozilla¹ or anyone else has made this claim, Opera used to say they were the fastest web browser but they now don’t. What the Mozilla group say is;

Faster Browsing
“Enjoy quick page loading as you navigate back and forward in a browsing session. Improvements to the engine that powers Firefox deliver more accurate display of complex Web sites, support for new Web standards, and better overall performance”

They never say they are the fastest¹, just that they are fast, which has probably been left ambiguous deliberately.
However I have seen various speed tests done on browsers showing Opera to be the fastest browser out there.
In fact on the note of browser speeds, the Avant browser suggested by the author actually does claim to be the “fastest web browser on earth” on their homepage, when clearly it is beaten in every area by another browser, namely Opera.

Myth - “Firefox is Faster than Internet Explorer”

Again see above, I don’t think the Mozilla Foundation¹ has ever claimed this and looking at the browser speed tests does show that IE 6 is quite a bit quicker than Firefox in a lot of areas, but there are some areas where Firefox is faster than IE 6, in particular script rendering. But even though IE is faster than Firefox at say CSS rendering, at least Firefox renders CSS correctly. In an old version of my Website I had a pure CSS based menu system, the whole site and it’s CSS was W3C validated but IE refused to display the menu correctly, it made a horrible mess of thing while Firefox dsiplayed the site correctly. Now if I’ve coded to the XHTML 1.0 standard surely Firefox should display it incorrectly since it apparently does not fully support the W3C standards, but it displays it correctly, which would seem to suggest that Firefox has better W3C support than IE. More of W3C compliance later.

Myth - “Firefox is Faster than Mozilla”

Again see above, the Mozilla Foundation¹ have never made this claim but I know other people have.

Myth - “Firefox Achieved 10% Market Share in 2005″

Well yes, WebSideStory did report that Firefox has only got a usage level of 8.9% but this will vary according to who you listen to. Technical sites will report some very high usage statistics for Firefox while non technical sites will report lower usage statistics. Research done by French Web metrics firm XiTi shows that in some countries such as Finland, Firefox has achieved 38% market share, again this varies by where you look at the statistics from and what sort of site you take them from. Most other webanalysis firms are reporting higher Firefox usage figures than WebSideStory. People such as the W3 Schools have reported well over 10% market share for Firefox since it’s version 1.0 release and currently shows 25% market share. Janco Associates show 12.61% market share for Firefox, OneStat show ,a href=”http://arstechnica.com/news.ars/post/20051103-5525.html”>11.5% market share from March 2005 so it really depends what figures you look at.
My site stats for a given period are show 35.99% Firefox usage as shown below

I think the important thing is that this is the first time since Netscape in 2002 that a non Microsoft browser has had close to 9% market share. That is a large achievement however you look at it.

Myth - “Firefox is Secure”
Myth - “Firefox is the Most Secure Web Browser”
Myth - “Firefox is More Secure by not using ActiveX”

I think I can cover three myths here. Firstly Firefox is more secure. According to security research firm Secunia Firefox has had many less problems than Internet Explorer. The advisories for the different products are here for Internet Explorer and here for Firefox.
Firefox has had 26 advisories posted, 3 are still unpatched and the most severe one is marked as “less Critical”
Internet Explorer has had 91 advisories and has 21 still unpatched, at least one of these is marked “highly critical”
I think this speaks for itself really. 20% of the Firefox problems are system access problems and 36% or the Internet Explorer problems are system access issues. I’m not sure what else to say with regards to this, the problems are there in black and white.
Due to the way IE is tied into the Windows OS exploits in the IE browser also can affect the whole OS, this also makes IE less secure. ActiveX was and still is a major source of security exploits for IE, by not supporting ActiveX controls Firefox IS more secure.
At this point the author tries to argue that by supporting ActiveX controls this somehow makes IE more secure³. Well I nearly laughed so hard I fell of my chair at this point.
The author quotes directly from the eWeek article he cites as a source but doesn’t give any hint that this is a verbatim quote². It would be nice if he would differentiate this.
Anyway, a quick look through Secunia show that IE has 4 exploits for ActiveX and 3 of these are still unpatched and Firefox currently shows zero exploits for it’s XPCOM object model or it’s xpi extension system. I’m not saying that exploits for XPCOM and xpi extensions don’t exist, it’s just that there are no known ones.

Art Manion, who represents the United States Computer Emergency Readiness Team (US -CERT) suggested in a vulnerability report that the whole design of IE6 SP1 makes it hard to secure.

“There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model, local file system (Local Machine Zone) trust, the Dynamic HTML (DHTML) document object model (in particular, proprietary DHTML features), the HTML Help system, MIME type determination, the graphical user interface (GUI), and ActiveX. � IE is integrated into Windows to such an extent that vulnerabilities in IE frequently provide an attacker significant access to the operating system.”

Myth - “Firefox Extensions are Safe”

Yes Firefox extensions can be insecure but this is true of any browser plugin. This is simply down to the author of the plugin, not the browser itself. Although the browser can allow some of the exploits more freedom over the system it’s running on. See above for why this is an issue when IE is tied into the OS so closely

Myth - “Firefox is a Solution to Spyware”

This is true because a lot of spyware installs through ActiveX controls. I see computers everyday infected with spyware. All of them use IE as the browser of choice and all have SP2 installed. SP2 does have better spyware protection than XP with no service packs but IE is still a large backdoor for spyware. Yes SP2 makes the whole affair better, but still far from perfect, idiot users still become infected because they click things they shouldn’t. You can lock down IE very well, and make it almost fool-proof, but when you make something fool-proof nature just creates a better fool. To lock IE down properly the security settings must be turned up and these settings themselves must be locked down with the help of GPO’s (Group Policy Objects). I have created such secure setups but users become easily confused when websites are telling them they need to turn their security setting down and they can’t because the Sys Admin has locked them down.
With Firefox it is much harder to become infected automatically, possibly down to the fact that IE still has the largest market share and so most spyware is written to take advantage of IE. Only time will tell on this front.
The only completely secure version of IE that exists is the one which comes with Microsoft Windows Server 2003, since it comes totally locked down and sites have to be manually allowed before they can be viewed or used.

Myth - “Firefox is Bug Free”

Who has ever said that Firefox is bug free? Mozilla certainly haven’t¹. No sane person would ever claim their application was bug free, anything more complex than “Hello World” can not be claimed to be bug free. If Firefox was bug free and the perfect browser why would they still be working on new versions? Firefox isn’t perfect, that’s not what I’m arguing, I’m simply saying it’s better than IE.

Myth - “Firefox Blocks all Popups”

Proof shown below, IE with popup blocker did not block any popups on the dodgy sites I visited as a test, firefox didn’t allow any of them. I’m not saying Firefox will block all popups, but it will block a hell of a lot more then IE.

IE With popup (WARNING - Not Work Safe)	���	Firefox Without Popup
	���

Myth - “Firefox was the first Web Browser to offer Tabbed Browsing”

Again the Mozilla foundation¹ never claimed they invented tabbed browsing, they just utilise the feature. opera wasn’t the first either, it was a browser called InterWorks which did it back in 1994.

Myth - “Firefox fully supports W3C Standards”
Myth - “Firefox fully supports the most important W3C Standards”

Again I can cover two myths here. This is in part about the ACID2 Test which is often used to test standrds compliance in a browser.

ACID2 Reference Rendering	IE Rendering	Firefox Rendering

The author suggests that HTML 4.01 is the most important web standard, however the author has written his page in XHTML 1.0 Transitional. The HTML 4.01 standard has really been surpassed by XHTML and people should by now moving away from using HTML 4.01, for this reason I would argue that XHTML is now the most important web standard.
Besides IE 6 still has some serious problems with HTML 4.01. There is a whole list of problems with IE in a Wikipedia article.
There is no support for the element which is a part of the HTML 4.01 standard, there is also IE’s CSS box model bug. This is where a width is explicitly specified for any block-level element it should determine only the width of the content within the box, with the padding, borders and margins added afterwards. IE incorrectly includes the padding and borders within the specified width, resulting in a narrower box when displayed, this contradicts the W3C’s CSS specification

Apparently 15% of websites dont render correctly in Firefox, but I can wager that these websites also dont comply to the W3C standards. The problem lies with the fact that some websites are specifically coded to work around all of IE’s rendering bugs and so these hacks and work arounds cause problems in browsers which don’t require them. IE is famous for having terrible support for W3C standards, Firefox may still not fully support them, but it has much better support than IE. When the Microsoft team was working on IE they chose to use proprietary standards instead of supporting the established standards for CSS rendering and as a result sites have to be specifically coded for IE, whereas if you code to the W3C standards then it will display correctly in all compliant browsers. Microsoft have gone their own way with IE for so long it’s almost impossible to turn back now without breaking a raft of sites designed by lazy developers who couldn’t be bothered to code to the W3C standards. This is commented on by Paul Thurrott who runs his Supersite For Windows. I always find Paul Thurrott to be a good source of inforamation on Windows related material.

If the author of the article could show me a site that complies with W3C standards and doesn’t render properly in Firefox, but renders better in IE then I would be very surprised and impressed.

In a lot of these “myths” the writer is just trying to slander Firefox. He claims Firefox does not do a lot of things when in fact IE is even worse at doing them, of course this is not mentioned at any point in the page. It seems more of an attempt to drag Firefox through the mud, not to make a sensible comparison of it’s benefits and features. The whole article stinks of a tabloid newspaper article, poor research, unbalanced and written purely to damage the target. I freely admit Firefox is far from perfect, but it is leaps and bounds better than IE.

The author also suggests that a particular web page titled “IE Is Dangerous” is a propaganda website, but hold on, isn’t that exactly the type of site the author has written?

I hope I can get some good feedback and comments on here, do people agree or disagree with what I’ve said? Also if the author of the Firefox Myths website stumbles accross this posting then I hope to hear from him too.

Cheers

OK, corrections, omissions and clarification time

1. After recieving an e-mail from the author of the article, he does satte at the top of the page that

“This page does not claim the Mozilla Foundation is the originator of any of these Myths.”

2. Verbatim quotes are actually in quotation marks, apologies to the author.

3. The author of this article sent me an e-mail a copy of which can be seen in the comments section of this post. I said that he tried to argue that IE was more secure using ActiveX controls. He states that,

“I’m not sure why you came to that conclusion, since the point was simply FF is NOT more secure by not using ActiveX.”

Since there are 4 known security exploits for ActiveX, logically Firefox IS more secure by not using ActiveX. For example, Windows (the glass type) are a security problem in houses, bad people can get in through them. A bank vault is more secure by not having windows in it. In this example windows are ActiveX controls.

4. The author states that there would be no Internet without HTML, while this is true, XHTML will soon replace HTML. Therefore it is always better to look forwards than backwards, since progress is made by moving forwards not hanging onto the past. XHTML would not exist without HTML, but since XHTML is a more current standard, then I would suggest that XHTML support is more important than HTML support.

Some of you may have noticed certain parts of the site have been down over the weekend. This was due to a problem with my permalinks. I have fiddled about with all my .htaccess files on friday and had inadvertadly buggered something up. I only knew there was a problem when I saw a massive increase in 404 errors in my stats. I have no fixed the problems and can only appologise for the inconvenience and downtime.

Cheers

Well, happy new year and merry xmas to all my readers. Hope you all enjoy reading my blog and learn something when you do.

I’ve just upgraded Wordpress to version 2. This new version is very nice, looks better and seems much quicker. It also comes with the anti-spam plugin called Akismet. This should hopefully help me keep the comment spam away. Currently I’ve been getting roughly 20 - 30 spam comments per day, some of which slip through the filters and I have to remove them myself. I’m going to remove my blacklist and moderation filters and see how I go on.

I am still taking suggestions for new blog names, so if anyone has any then there is and e-mail link in the sidebar, or leave a comment on this post. Get in touch and share those ideas.

Anyway, keep reading and thanks for a great year.

Cheers

I posted before I went to bed last night about Microsoft ending IE on the Mac once and for all. I forgot to format the entry properly though so I ended up with the screenshot of IE having other entries wrapped around it. Not good. I just corrected it now but I’ll have to be more careful. I rushed the post because I just wanted to get to bed.

After sleeping for 13 hours I still dont feel any better. I just hope this is gone in-time for xmas.

Cheers

I’m still trying to think of creative titles for my blog. I did have one thought, which is a rare occurrence. I thought I could call it “640k” and have it with the tagline “Becasue this much blog ought to be enough for anybody”. This referes to the famous quote made by one William Gates in 1981 who was quoted as saying that “640k ought to be enough for anybody”. He was refering to memory in a PC.

However after a little research it turns ou that he did not actually sy that and the whole thing was just hearsay.

But since i quite like the title I may stick with it anyway.

Cheers

Well I think I’ve got pretty much all the site working again, managed to get James and Steve’s blogs back up tonight too. Hopefully I’m all sorted with this transfer and hopefully the site will be a little quicker for people reaading it.

Cheers

I’ve changed my web hosting set up over the last few days, the DNS server changes just took a little while to sort out. Plus I cocked up at one point so some people we’re seeing a generic holding page. Sorry about that one.

I havn’t had time to get Steve and James’s Blogs back up yet, the database for mine took the best part of a day but as soon as I get some free time I will do it.

The problem with the case is being corrected as we speak, the new files are being uploaded now.

I’m sure lots of other things will come up over the next few weeks, but I’ll deal with them as they happen.

PLEASE PLEASE PLEASE, IF YOU SEE ANY PROBLEMS THEN E-MAIL ME, THE LINK IS ON THE RIGHT HAND SIDE

Cheers

I was just flicking through Google when I came accross this site, spreadinternetexplorer.com and I thought it deserved a mention here. It’s hillarious, some of the galleries are great and I found this page particularly funny.

I should probably mention at this point that the site is a joke, it’s meant to be a satirical take on spreadfirefox.com but some people took it a little too seriously, as you can see in the FAQ.

Seeing this also reminded me of a site I saw a few weeks back called Too Cool For IE. It is true, IE is just shit, if I’ve said it once I’ve said it a thousand times. It’s not standard compliant at all, look at my website and see that for yourself, and as for security, it’s got bigger holes in it than the Titanic. If people coded to the W3C standards though IE would probably either fade out of use faster than it already is or it would have to change to support the standards.

Web Devs could be encouraged to code to the standards by giving better rankings on search engines to standards compliant web sites. Those sites which are not W3C compliant would move down the rankinging making their maintainers code to the standards which would in turn mean that the majority of sites would not display properly in IE, causing, as I said above, either IE to fall into disuse or for IE to finally adopt the standards. It’s not hard to check your site for compatability, just run it through the W3C Validator and it will soon tell you what changes need to be made.

So there you have it, Google and Yahoo! could lead the charge being the biggest two search engines on the planet and this would finally sort IE out once and for all.

Enjoy!

Sony were warned by Finnish anti-virus company F-Secure on the 4th October that the copy protection software was actually a rootkit. This came almost a month before Mark Russinovich went public with the information on Sysinternals.com on 31st October.

“If [Sony] had woken up and smelled the coffee when we told them there was a problem, they could have avoided this trouble,” says Mikko H. Hypponen, F-Secure’s director of antivirus research.

On the 20th October a conference call was held between Sony, F-Secure and First4Internet, the company who developed the rootkit for Sony. F-Secure claims that at this point Sony decided to just keep the Rootkit quiet. So they knew about it and just tried to sweep it under the rug.

The New York Attorney General, Eliot Spitzer has not ruled out further legal action against Sony after CD”s containing the rootkit were still on sale in various New York shops including BestBuy, Circuit City, Sam Goody, WalMart and Virgin Megastore.

Spitzer said “It is unacceptable that more than three weeks after this serious vulnerability was revealed, these same CDs are still on shelves, during the busiest shopping days of the year.” He has instructed consumers to take CDs back to retailers for a full refund.

Poor Sony, sales of their CD’s are down too, suprise suprise, but they’ll be ok on that front because they can just claim that it’s the fault of the file sharers and not the viruses on their CD’s putting people off.

Cheers

I’ve been messing on with two seperate applications recently. One was the Multi Router Trafific Grapher which I’ve used to track my internet connection usage. You can see the results of that experiment here. I think the graphs look quite nice, Kay was impressed anyway.

The second thing I’ve been messing with is AWStats. This is a nice statistical analysis application which basically works by analysing my Apache server logs. I’m just having some trouble getting it to correctly identify the User Agent section of the logs though, it complains if I tell it not to analyse this aprt, but when I do have it look at it, nothing shows up in the stats for the User Agent data. Most bizare. However the results of this can be seen here. Again I’m impressed and I feel that these stats will be a nice addition to my StatCounter stats and my Google Analytics stats since they show images loaded and any error codes returned to users instead of the usual page impressions.

Ben told me the other day that he wants a Google Analytics account. However you can no longer sign up due to huge demand so he may just have to wait. I’m not sure why he wants one thought, he doesn’t have a website or blog to track, I suppose it was just his inner nerd wanting to have a play around.

Cheers

I have just changed some of the site structure around tonight. The original part of the site, the pictures and the such have moved from the root folder up to “/pictures/”. So the index of that can be found here. The blog, what you are currently reading moved from “/blog/” to the root of the website. Basically a swap for the two, I have set up 301 redirects for the original pages and I hope they are all working correctly, so if anyone spots anything out of place then please let me know. If you go to one of the original urls you should be moved instantly to the new location for the page. It is this that I’m looking for errors in.

Cheers

Since trying the new Google Analytics service I have had some problems. Namely the servers were not polling my stats at all and the site was deathly slow. They weren’t even registering any data at all and pages took up to a minute to load at times. I did wonder what was causing this problem, it’s not like Google’s beta services to anything less than stellar, such as Gmail, or Google Mail as it’s now known in the UK. I recently read on TechWhack.com that the service was just too popular.

This is a quote direct from the website “The service was such a massive hit that it took even Google by surprise. The results came late and the existing paying subscribers to the program were pretty upset by the delayed response from the service.

And they are advised to leave their details so that the company can inform them as and when they reopen the service to new subscribers.”

So there you go. I will continue to use the code on my site and see what happens. Again, it will get reported back here.

Cheers