Web Devout tidings


Archive for March, 2009

Secunia stupidly removed their RSS feed

Tuesday, March 31st, 2009

I just realized today that I hadn’t seen any Secunia vulnerability updates in a long time. I knew they had done some site redesign work, and I figured they just changed the URL of the RSS feed. So I sat down at my computer to find it, but there didn’t seem to be one anymore. A quick hop on Google led me to this forum post explaining that Secunia no longer provides a free RSS feed for vulnerabilities:

As you have noticed we no longer provide our vulnerability intelligence through the Secunia RSS Feed.

Explanation:

Today a large number of businesses and governments are subscribed to the commercial Vulnerability Feed from Secunia.

Over the past couple of years, Secunia has noticed that numerous businesses and governments have signed up for the Secunia RSS feed, as a result there has been a loss of revenue for Secunia which has limited us in our endeavors on providing sustainable and quality solutions.

It is naturally not fair toward our customers that larger IT departments are receiving intelligence free of charge – using our RSS feed – as others would have to invest in it.

The service that will replace the need for our RSS feed, will be the Secunia Vulnerability Intelligence Feed – VIF. This is naturally a commercial solution, please see attached PDF for further clarification.

In my opinion, this was a very dumb move by Secunia. Keep in mind that the RSS feed didn’t provide anything that wasn’t already public; it just provided it in a different format. In a few minutes, I could write something that generates a similar RSS feed from the HTML output of Secunia’s website (although their terms of service are also excessively heavy-handed about this). This is a common sense usability feature, not a product that should require a paid subscription. For Secunia to restrict its availability to paying customers is akin to if Google were to suddenly make message collapsing in Gmail conversations only available to people who fork over cash.

One of the things that made Secunia so appealing to me was how accessible their information was. Now, it’s like the site is living in the 1990s. It’s a real shame when a company is willing to cripple their service like this rather than find a legitimate business model. Secunia has some very valuable assets; if their business really depends on profit from a mere RSS feed of already-available data, they’re doing something wrong.

Because of the removal of the RSS feature, my Web browser security summary page is likely outdated. I’ll go through Secunia’s advisory archives and update my data sometime soon.

KABOOM! goes my laptop

Saturday, March 28th, 2009

Okay, it wasn’t quite that dramatic, but the graphics card on my Windows laptop putzed out today (just as Michael Scott was sneaking back into the building), and I won’t be able to get it fixed/replaced until at least next week. That means I’m not going to have any IE 8 standards support updates this weekend. I still have my Linux desktop computer, so I’ll use this time to work on the information for other browsers instead.

IE 8 CSS 2.1 support results

Monday, March 23rd, 2009

I need to start this post with a giant asterisk: I’ve barely done any regression testing yet. With the exception of one regression a commenter found, my initial results assume that IE 8 doesn’t have any standards support bugs that weren’t in IE 7. This is a big assumption, since IE’s CSS engine was largely (perhaps entirely) rewritten for IE 8. I expect IE 8 to have a number of new bugs which aren’t yet documented in my tables, and those bugs will be discovered and documented over time.

Alright, now that that’s out of the way, let’s get to the current results. IE 8 has fixed almost every single CSS 2.1 compliance bug from IE 7. I’m currently counting a total of 17 “Incomplete” values (7 of which are due to the single regression mentioned above), with everything else being a “Y”.

This is a huge deal. While I can’t yet comment on the CSS 3, HTML, or DOM support, IE 8’s CSS 2.1 support is now right up with the competition. We still have to see how it holds up after more regressions are found, but it is currently ranking as the #1 most CSS 2.1-compliant web browser I’ve tested. This is truly excellent work from the IE team.

In the next version of IE, I would like to see some focus on getting rid of a number of “temporary glitches” I’ve noticed. They appear to be similar to the reflow bugs that plagued Firefox 2, in that merely hovering your mouse over the element or interacting with stuff around the element will often correct the glitch. An example is the tabs in the Webpage test system. I don’t think there’s any neat little box in my tables where I can document these issues; they seem more related to IE just losing track of stuff during painting.

I’m going to do the CSS 3 testing next.

Standards support progress

Saturday, March 21st, 2009

I just wanted to give a little update about where I am on the standards support testing for IE 8. I just got the final version installed this morning, and I’m committed to getting the CSS results out by the end of the weekend.

I’m currently about a third of the way through the CSS section, and so far IE 8 is looking very good. It isn’t all “Y”s, but it’s been pretty close so far. I’m not making any final judgments until I’m done testing, but I suspect that IE 8 is now what I’d consider a “modern” browser in CSS support.

I also made a slight change to the Webpage test page to help with testing: When visiting it in IE 8, there is now a checkbox that says “IE 7 mode”. When you check it and hit the “Display” button, the output will be the IE 7 rendering. This is accomplished via the X-UA-Compatible HTTP header.

Stay tuned.