Safe browsers don’t exist. True.

According to David Sheets they don’t. He has written a column about the safety of browsers. And I think he’s right. Partialy…

Safe browsers do NOT exist. Agreed. Just as bug-free software doesn’t exist. How hard you try, there is always a funny/strange/malicious kind of input possible, putting your normal day of business off. Due to a novel way of using your software. Be it ‘code’ injection, buffer overflow, social engineering, … As a developer of any kind, you’ll never, EVER, quite anticipate your user’s actions. And that’s just your users. (You don’t design a hammer to kill people do you?) I’m not even talking about the evil hacker dude. You can test your baby till death, but you can never be fail-safe enough.

Or can you? There are many methods of testing your software (web or desktop). I personally like the ‘Berzerk’ testing. 🙂 But basically, let your software be tested by end-users. Or if they aren’t available by some third party. NEVER your client. Do not try to attempt to test your baby yourself. Well, maybe only during initial development. Because? You know your click-paths, your feedback, ‘oh well, that will be fixed during launch’, ‘who on earth will do THAT!’. Subconsiencely we all have a tendency to avoid pittfalls and short-term memory. As does your client. They only want to see what happens what they initially invented (read paid for).

What I’m trying to say. You’ll never know what some person at some time is going to do with your product. Surely enough any good designer will try to anticipate abuse. But that can never be fail-safe. As for software, wouldn’t it be nice that the platform it runs on could jump in where the software failed? Something like SoftX has a buffer overflow, trying to take control over the OS and install this spyware thingy, and the OS would just reject the overflow of the application? Along the lines “Your lack of security, doesn’t mean I will let you!”

Now to the real world: Firefox has a problem on may 9. May 11 there’s a fix. That’s just 2 days. 3 for the general public, OK. But that’s just quick isn’t it? IE patches generaly are released weeks after. So it’s quite a record. Oh no, I’m sorry, that record is held by Netscape 8.

Lesson learned:
try {
fnTest(myBaby) {
bResult = fnRunTestRound(myBaby, aUsers, nTestRounds);
if (bResult == 'OK') {
return bReadyForRelease = True;
} else {
fnReleasePatchASAP(myBaby);
return bReadyForRelease = False;
}
} catch {
fnReworkApp();
}

Favorite browser?

Yesterday I furled a CNET article which declared Mozilla Firefox victorious. Ok, ok, firefox won from contenders like IE, Opera & Netscape (8). All of which I didn’t suit me.

Here’s the real story. I’ve been using IE ever since IE3. Why? Well, I’ve won a cd-rom with IE3 along with a videotape of ‘The Net‘. Really! Well IE4 beat NS4 hands down… Ancient history.
Nowadays I’m a webdesigner and somewhat of a webdeveloper and I could use some no-name, obscure, backwards browser. But then I would be cutting myself in my fingers wouldn’t I? Who needs CSS anyway…

As a webdesigner you have to follow the flock. And if the herd is using IE as their preferred browser, you have to design accordingly. I would be happy to design for Konqueror if 90% of the population had installed it. But it’s IE. So? No problem. That’s what they are using, that’s what i’ll design/develop for.

Well a few months ago I did something bold. I had phoenix/firebird or what it was called back then. Nevermind, I had this option in the ‘Tools’ > ‘Options…’ > ‘General’ section with a checkbox to make Firefox my default browser. So I clicked it. Just to see if my Outlook would open links in Firefox instead of IE. It did. Having grown to IE I turned back to it to make IE my default browser again, who wants a beta version of a browser as their default? But… someone please, NOT, show me where the option is hidden… I couldn’t find the damn checkbox to make IE default again. 🙁

Having being stuck with Firefox wasn’t that bad. 🙂 I found that when there’s a javascript error, Firefox could show me the EXACT line of code that was bad. In IE times it was just guess and trackback. How sweet the alert(“over here”); was. 😉 It showed me what kind of HTML I was missing, or at least put in the wrong place (HTMLTidy). Where that &*(#&*$-div went, or didn’t went. What Google & Co could make of my pages. Well as a developer, I’m happy.

I’ll think I make a series of the goodness that came with firefox. But later…