Skip to main content

Notice

Please note that most of the software linked on this forum is likely to be safe to use. If you are unsure, feel free to ask in the relevant topics, or send a private message to an administrator or moderator. To help curb the problems of false positives, or in the event that you do find actual malware, you can contribute through the article linked here.
Topic: Internet Explorer 7 (Read 25338 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Internet Explorer 7

Reply #25
Quote
While it's certainly true that other browsers have security issues caused by bugs -- and from time to time they are exposed -- the difference with IE is that it's biggest problems with security come from it's design, not from individual bugs or holes.  The whole mess with ActiveX, tight OS integration, and stuff like that is the reason you see the level of problems that you do.

I don't think you can say that design matters more than holes. These things are tied - secure design = less holes, unsecure design = more holes. Even if we imagine that IE is designed to be top-secure (no ActiveX, loose OS integration, etc.) constantly having only 1 known bug to exploit (which is impossible in something as complex as modern browser working in modern OS), but is used by 99% of people, we get something that can be called "potential damage factor" of 0.99 (1*0.99). Now if we imagine that FF or any other browser constantly has 50 known bugs to exploit, but is used by 1% of people, that "potential damage factor" would be 0.5. There still would be two times more browser-based-attack victims who use IE than the ones who use FF, all the people still would be whining that IE is two times more insecure than FF.
I'm quite sure that if in the future other browsers will share the market more equally with IE (and they'll parallely share the zealotry & anti-zealotry market more equally  ), there suddenly will be a bunch of voices saying "oh, FF was so good some time ago, now it ain't any better than IE". And it will be not because IE got so much better or FF got so much worse, but because of what I said above - they'll become a more popular target for exploiting - one of the slogans, the "FF is safer" one, will be gone.
Quote
On the other hand, at least some other browsers attempt to be secure by design and try to move quickly to correct exposed design flaws.  I can't speak much for Opera, but at least Firefox has managed to stay on top of things relatively well compared to IE.

And for what it's worth, it should be pointed out that MS has a hell of a lot more resources to throw at fixing bugs and they have a lot more theoretical brainpower to prevent design level stupidity.  But they still manage to have problems on both counts.  Worst of all is that they don't even bother to fix half the problems they know about.  Kind of baffling really.
[a href="index.php?act=findpost&pid=317783"][{POST_SNAPBACK}][/a]

I guess it's all true. Partially it's probably because of their politics of killing aging products - "if we won't fix & add this to IE6, more glory will fall on IE7, and IE7 will work on XP+ only, so by the way we'll faster get rid of older OSes too". As for the resources, having so many doesn't neccessarily speed things up, actually it can slow things down, I guess the way which every patch has to pass is quite long there (gather all the brains, analyse, fix, analyse the fix, make translations, make documentation, etc. etc... seal the "approved" stamp, release).

Internet Explorer 7

Reply #26
Quote
Quote
While it's certainly true that other browsers have security issues caused by bugs -- and from time to time they are exposed -- the difference with IE is that it's biggest problems with security come from it's design, not from individual bugs or holes.  The whole mess with ActiveX, tight OS integration, and stuff like that is the reason you see the level of problems that you do.

I don't think you can say that design matters more than holes. These things are tied - secure design = less holes, unsecure design = more holes.


This is exactly the point I was trying to make.  IE's biggest problem with security holes comes from it's poor design.  Individual security holes will pop up more often in a poorly designed program.  Of course the two are linked.

Quote
I'm quite sure that if in the future other browsers will share the market more equally with IE (and they'll parallely share the zealotry & anti-zealotry market more equally  ), there suddenly will be a bunch of voices saying "oh, FF was so good some time ago, now it ain't any better than IE". And it will be not because IE got so much better or FF got so much worse, but because of what I said above - they'll become a more popular target for exploiting - one of the slogans, the "FF is safer" one, will be gone.


And this is where we disagree.  The only way in which what you describe would happen is if it isn't actually possible to design one program to be more secure than another, and instead "secure-ness" is only a function of popularity.

I don't believe that.

Of course, popularity will have some effect on how secure a program appears because bugs will become well known more easily, but I do not think it factors into the equation as significantly as you seem to.  There are plenty of design methodologies that can be applied to programs that naturally lend to greater security.  IE just happens to not make good (or any) use of them.

Internet Explorer 7

Reply #27
exactly. how comes that Apache is much more secure than IIS if not? (Apache has more than 70% web pages)

Internet Explorer 7

Reply #28
Quote
exactly. how comes that Apache is much more secure than IIS if not? (Apache has more than 70% web pages)[{POST_SNAPBACK}][/a]


Is it really? IIS 4 was damn buggy, I agree, but I think that stereotype doesn't apply to 6.0 anymore:

[a href="http://secunia.com/product/73/]http://secunia.com/product/73/[/url]
http://secunia.com/product/1438/

Internet Explorer 7

Reply #29
Now if you go to Secunia and look for IE and FF, will see that IE has much more critical open bugs that FF, and for much more time. FF developers take security as an important issue, and any serious security bug that is found is fixed in as much as a few weeks. You can't say that for IE developers.

http://secunia.com/product/11/
http://secunia.com/product/4227/

About the topic, this IE7 is more an alpha than a beta. IE developers have said that final version will have many improvements in regards to standards support (probably not to the level of Firefox or Opera, though), which is a good thing.

Internet Explorer 7

Reply #30
can someone check the png support?

http://somestuff.org/png/png_test3.htm

(just compare with firefox)
PANIC: CPU 1: Cache Error (unrecoverable - dcache data) Eframe = 0x90000000208cf3b8
NOTICE - cpu 0 didn't dump TLB, may be hung

Internet Explorer 7

Reply #31
Quote
The only way in which what you describe would happen is if it isn't actually possible to design one program to be more secure than another, and instead "secure-ness" is only a function of popularity.[a href="index.php?act=findpost&pid=317948"][{POST_SNAPBACK}][/a]

One note - not "secure-ness", but rather "perceived secure-ness"
All I really mean is that IE isn't so incredibly insecure as brain-washing FF-campaign suggests.

Internet Explorer 7

Reply #32
Quote
Now if you go to Secunia and look for IE and FF, will see that IE has much more critical open bugs that FF, and for much more time.

[...]

http://secunia.com/product/11/
http://secunia.com/product/4227/
[{POST_SNAPBACK}][/a]


That's true. That's why I prefer these Secunia pages:
[a href="http://secunia.com/product/761/]http://secunia.com/product/761/[/url]
http://secunia.com/product/4932/


Internet Explorer 7

Reply #33
One thing that I am truly concerned about, is wether IE7 will conform to W3C standarts in terms of CSS and XHTML.
Everything else (Tabs, other UI improvements) is just bells and whistles, and really does a minimal effort to improve upon the end-users surfing experience.
IE has crippled the possibilities for web developers and webdesigners since it first got out, by utilizing faulty CSS and XHTML processors.
When will this insanity stop?
Pusk is the new Start.


Internet Explorer 7

Reply #35
rjamorim >>>
Blocking IE users is the exact opposite of what I want. I want my web sites to be w3c compatible, so any user can visit any of my pages using any browser he wants, through any device.
The only problem is that IE is _the_ major browser, on _the_ major platform for web surfing.

The IE7 announcement from Microsoft states that theyve fixed their broken CSS engine, so there might be a slight amount of hope for the likes of me.
Funny site, by the way
Pusk is the new Start.

Internet Explorer 7

Reply #36
Quote
The only problem is that IE is _the_ major browser, on _the_ major platform for web surfing.


Right. That's why the post I linked to just illustrates some webmasters' foolishness

Quote
The IE7 announcement from Microsoft states that theyve fixed their broken CSS engine, so there might be a slight amount of hope for the likes of me.
Funny site, by the way [a href="index.php?act=findpost&pid=318083"][{POST_SNAPBACK}][/a]


The only thing that kinda bothers me in IE's substandard CSS is the lack of floating menus. But I'm not afraid to use java script to solve that, anyway...

Internet Explorer 7

Reply #37
Quote
(...)Everything else (Tabs, other UI improvements) is just bells and whistles, and really does a minimal effort to improve upon the end-users surfing experience.
that your opinion. a main reason for me to change browsers actually was the lack of tabbed browsing in IE among other things (e.g. interface and setting options. and I don't want to miss some really useful plugins for FF (adblock, switchproxy, spellbound, sessionsaver, x, just to name a few)).
Nothing but a Heartache - Since I found my Baby ;)

Internet Explorer 7

Reply #38
ohh, I didn't notice this post! Shame on me.

Quote
Quote
Just look at the SSL routine.[a href="index.php?act=findpost&pid=317753"][{POST_SNAPBACK}][/a]
Is this the only instance? I'd hardly consider borrowing SSL code to be very significant.[a href="index.php?act=findpost&pid=317826"][{POST_SNAPBACK}][/a]


I don't know, that's enough, for me, to invalidate your claim that "Mozilla/Gecko was a complete rewrite from Netscape 4.x."

If you can be arsed to, browse the source code trees to find more cases where they share code, or to try to validate your point.


My guess that it isn't a complete rewrite is that if they really rewrote everything, they would probably be using OpenSSL now, since it's a much more trusted library than Netscape's, and it has its own team of maintainers - that way, the Mozilla development team wouldn't need to waste their time in a redundant effort, that is, maintaining their own SSL lib.


Edit: they also seem to be using Netscape's JavaScript module

Internet Explorer 7

Reply #39
is OpenSSL Tri-Licensed? That could explain why they won't use it.

Internet Explorer 7

Reply #40
Quote
is OpenSSL Tri-Licensed? That could explain why they won't use it.[{POST_SNAPBACK}][/a]


OpenSSL is licensed under terms pretty much "as nice as can get"

[a href="http://www.openssl.org/source/license.html]http://www.openssl.org/source/license.html[/url]

It can be used by closed source (Opera) and Open Source (wget) projects alike.

Internet Explorer 7

Reply #41
Quote
Quote
The only way in which what you describe would happen is if it isn't actually possible to design one program to be more secure than another, and instead "secure-ness" is only a function of popularity.[a href="index.php?act=findpost&pid=317948"][{POST_SNAPBACK}][/a]

One note - not "secure-ness", but rather "perceived secure-ness"
All I really mean is that IE isn't so incredibly insecure as brain-washing FF-campaign suggests.
[a href="index.php?act=findpost&pid=318033"][{POST_SNAPBACK}][/a]


But it wouldn't hurt if you'd use real stats. (here FF is at 10%, Opera at 6, Mozilla at 2...can't be much worse at your place?)

Internet Explorer 7

Reply #42
Quote
Yet another reason why tight standards are a good thing.  If things had been implemented properly from the get go, or at least as early as possible, it would have made the transition path so much clearer.  It's a hell of a lot easier to upgrade a system while simultaneously providing backward compatibility when the previous system is well defined and self contained.

This continuing mess with backwards compatibility on wintel PC's is really kind of shame, from the win32 core and apis, to the x86 ISA, to IE and web standards, etc.  It all just keeps getting crustier and crustier...
[a href="index.php?act=findpost&pid=317800"][{POST_SNAPBACK}][/a]

I love it when people who are still in college try to explain the importance of standards to those of us who have worked with them in the private sector for 20 years.   

Don't get me wrong, formal standards are important to teach programming concepts to students, and also important to scientific fields which require strict and detailed operational frameworks.

But to understand why Microsoft has never made adherance to what they consider "external standards" important for projects like Internet Explorer, you have to understand two things...the history of the company and market incentive.

In terms of both standards and backward compatibility think market demand, corporate acquisitions, technology integrations and development frameworks.  These are the primary drivers in what becomes the most important type of technology standard to the majority of corporations: the "de facto standard".

To business, de facto standards are all that matter.  When they coincide with "formal standards" then so be it.  When they don't, then the "formal standards" left behind will remain in the realm of college classrooms, scientific niches and defense contractors that require them.

The example of the kid who wanted to "block all IE users" was fallacy, I know, but I hear the idea being tossed about from time to time.  And it's a sure way to get locked out of any paying gig.  If you tell a company that you want to block out over 90% of their target demographic they'll laugh you out of the lobby.  And claiming adherance to "formal standards" will mean exactly zilch to them.  Unless "formal standards" come from a specific market requirement, their "formality" is worthless to almost any corporation, including Microsoft.

Formal standards make science work.  De facto standards make business work.  (And again, sometimes these are the same thing, but not by rule.)  So in the world of business (of which the internet is a great part), don't let it bother you when the grass isn't all nice and green and evenly cut, but rather pieced together the best we know how with the vast pace of technology development and limited qualified resources to keep it all running.

And never assume that Microsoft has this vast, endless pool of resources to throw at issues like formal standards compliance.  That company has fifty times the employee base mine does.  It also has 50 times the project initiatives mine does.  I promise they spread their resources just as thin as we do.  Maximum revenue for minimum expenditure.  If you can fix it with duct tape, don't bother with the calipers and torque wrench.

In my company I manage the department in charge of standards development and compliance.  And we are every day faced with new challenges to integrate two or more systems built with multiple, disparate standards, whether they are "formal standards" or some semi-compliant framework inherited from some other company that we just bought and have to integrate in three months.  So where I can't find a standard that someone else has created, I create one myself.  If it's never used outside my company (actually it's a group of companies), it's still a standard because I'm implementing it to integrate multiple technical initiatives, some new and some legacy.  Consider them "localized standards".  Collectively a means of making all the processes, orchestrations and protocols able to work together towards our business goals.

My company is not Microsoft, but they follow the same core incentives we do.  And it is these incentives that drive their decisions on the prioritization of defect resolution, system compatibility and standards compliance.

But essentially, this is all a matter of education vs. education + experience.  Learn the essentials.  They're very important.  But don't let the real world knock you over when you get waist-deep in it.  Go with the flow, and improve things where you can.  Here in the trenches it's all any of us can do.
Sometimes you have to jump off the cliff and build your wings on the way down.

Internet Explorer 7

Reply #43
Quote
Quote
Yet another reason why tight standards are a good thing.  If things had been implemented properly from the get go, or at least as early as possible, it would have made the transition path so much clearer.  It's a hell of a lot easier to upgrade a system while simultaneously providing backward compatibility when the previous system is well defined and self contained.

This continuing mess with backwards compatibility on wintel PC's is really kind of shame, from the win32 core and apis, to the x86 ISA, to IE and web standards, etc.  It all just keeps getting crustier and crustier...
[a href="index.php?act=findpost&pid=317800"][{POST_SNAPBACK}][/a]

I love it when people who are still in college try to explain the importance of standards to those of us who have worked with them in the private sector for 20 years.   

[...]

But essentially, this is all a matter of education vs. education + experience.  Learn the essentials.  They're very important.  But don't let the real world knock you over when you get waist-deep in it.  Go with the flow, and improve things where you can.  Here in the trenches it's all any of us can do.
[a href="index.php?act=findpost&pid=322216"][{POST_SNAPBACK}][/a]


Spoken like a true business type

FWIW, (if it wasn't already apparent), I'm not.

I'm more interested in elegant solutions to problems, and care little about quick hacks that are "good enough for government work" and devised solely to keep the bottom line in check.  I care little about what it's like "in the trenches" really.

But, I do think that it's not as difficult or impractical to follow standards as you make it seem.  It just happens to be the case that most people (or companies) are too lazy to find the proper solution that will allow them to use nice, formal standards AND keep the bottom line in check.

People are a little too eager to go out and do it on their own than to do a little solid research and look at what's available.  And that's fine I suppose, as long as most of that is kept internal to a particular department.  Development houses always have their own libraries and toolsets, and all kinds of non-standard processes and methodologies by which they do whatever it is that they do.  But this sort of thing should not influence the interoperability of computer systems outside of the scope of their own little world.  Especially when it is a communication standard that is at stake.

So your discussion of creating your own little internal standards is perfectly reasonable.  Microsoft's non-adherence to standard -- and not particularly difficult to implement (in the grand scheme of things) -- web standards, is not the same thing at all, and therefore is not justified by the points you made.

At the end of the day, it basically boils down to what you said here:

Quote
Formal standards make science work. De facto standards make business work.


And you're right.  Business people (like you I assume) will never care much about formal standards, and science/academic types (like me) will never care much about de facto standards.  From the corporate standpoint, it absolutely makes more sense to push a de facto standard if it reduces interoperability and forces people to use your product (= more $$$), but for the purpose of designing an elegant and robust system (the scientific/academic side of things), a formal standard is much better.  Personally, I think that for end users, the latter approach will result in a better overall user experience, and that computing would be a lot better off if it weren't for companies like MS and the corporate apathy for formal standards.

Internet Explorer 7

Reply #44
Quote
This continuing mess with backwards compatibility on wintel PC's is really kind of shame, from the win32 core and apis, to the x86 ISA, to IE and web standards, etc.  It all just keeps getting crustier and crustier...

Out of curiosity - to see if i understand you right - are you of the opinion that too many "platforms" get stacked on top of each other - therefore creating chaotic complexity?

Quote
Business people (like you I assume) will never care much about formal standards

I wouldn't be so sure about that. They will (and do) care about it when the bills for supporting and fixing the inconsistencies arrive - but will of course blame it on someone else...... and if that doesn't work, then another quick-fix will do it.... for a while.
I am arrogant and I can afford it because I deliver.

Internet Explorer 7

Reply #45
Quote
I'm more interested in elegant solutions to problems, and care little about quick hacks that are "good enough for government work" and devised solely to keep the bottom line in check.  I care little about what it's like "in the trenches" really.
[a href="index.php?act=findpost&pid=322225"][{POST_SNAPBACK}][/a]

Understood. 

Quote
But, I do think that it's not as difficult or impractical to follow standards as you make it seem.
[a href="index.php?act=findpost&pid=322225"][{POST_SNAPBACK}][/a]

I promise you it is.  In my career I've worked with Microsoft, IBM, HP, Cisco, Novell, Sun Microsystems, AT&T, MCI and a myriad of smaller technology-focused companies.  Don't think for a moment they'll let 100 people work soley on "formal standards compliance" when 10 will be "good enough" to provide a robust and reliable integration platform of heterogeneous systems in terms of financial value and market domination.  Microsoft, among others, has proven this.  We are here complaining that this particular company has fallen down so severely on complying with W3C, CSS and other coding and architecture protocols.  And I complain too.  Every day.  My job would be MUCH easier if all these companies out there that provide the systems my company relies on would fall nicely into a common formalized framework of universally-accepted standards.

My point is that there's simply no one to provide this.  W3C, for instance, has a mission to create the standards and specifications for the development of the world wide web.  But they don't have volunteers working in all the major companies out there who are creating and maintaining the systems for which the "universal standards" are being developed to make sure said standards are being utilized properly and consistently.  And not many companies out there have a primary mission to follow formal industry standards.  Most of them have the same primary mission my company does:  maximize revenue.

Please don't think I'm defending that what corporations do is philosophically right or practically ideal.  The majority of our actions are not either.  I'm saying that because of the natural incentive of a free-market economy, there isn't sufficient resources in almost any company, large or small, to insure that formal industry-wide standards are adhered to all (or even most of) the time.  As hard as this is to believe, it includes Microsoft as well.  In some cases the larger the company, the more fragmented their organizational structure.  They often have myriads of very small, isolated groups with project- and task-lists that are entirely too long for their resource base.  And also there are frequent cases of overlapping efforts...different groups in a company aspiring to reach the same goal with their own, different methods...some standardized, some not...yet all deployed into production.

It's people stepping all over each other's work, essentially.  And it happens a lot.  And the bigger the name (Microsoft, IBM, Sun, etc.), the more commonly it happens.  My company group is mid-sized compared to most in the US, and we enjoy the ability to avoid much of what we call the "silo-effect" of huge organizational structures trying to achieve common standards compliance.  Many large companies even give up and diverge business units in order to keep things manageable.

If I were to point to anything close to a concise point of blame for "the way things are", I'd blame the market.  Not the consumers, specifically, but more the nature of our economy.  If my company were to abandon our current direction by inserting "formal technology standards compliance" into our top business goals, redirected resources from other efforts to this one, then we'd be isolated in the market and left behind by our competition.  I can think of at least ten major pieces of our company that would fall if we put so much as 2% more resources into industry standardization.  That sounds extreme, but it would take many more pages than I'm going to type here to explain all the details.

I've been inside enough large companies, including MS, to know they would suffer a similar fate.  Allocation of resources (people, money, infrastructure, etc.) is a very delicate balance in a company.  Before I became a director I had no idea how delicate this balance was.

Quote
It just happens to be the case that most people (or companies) are too lazy to find the proper solution that will allow them to use nice, formal standards AND keep the bottom line in check.
[a href="index.php?act=findpost&pid=322225"][{POST_SNAPBACK}][/a]

Yes, there are people in companies who are indeed too lazy.  But they are in the vast minority.  Because the individuals lose their jobs, or in the case of wider-spread problems their companies go out of business (sooner or later).  As for my own position, to survive with the balance of resources I'm given, my team may have ten collective minutes in a day to even think about universal standardization (of system architecture, design and coding, methodology, and so forth).  Because on such a day I may also have three production releases to manage, eight code drops to deploy, 300 test cases to validate, and six hours of meetings.  And this isn't just what it's like in my company.  It's what it's like in almost all the others I've worked with, all across the development life cycle:  product management and business vision, project management, architecture and design, development, testing, training, deployment and support.

Quote
People are a little too eager to go out and do it on their own than to do a little solid research and look at what's available.  And that's fine I suppose, as long as most of that is kept internal to a particular department.  Development houses always have their own libraries and toolsets, and all kinds of non-standard processes and methodologies by which they do whatever it is that they do.  But this sort of thing should not influence the interoperability of computer systems outside of the scope of their own little world.  Especially when it is a communication standard that is at stake.
[a href="index.php?act=findpost&pid=322225"][{POST_SNAPBACK}][/a]

I always look to industry standards first...W3C, CSS, RUP, ITIL, CobIT (and anything else provided by ISACA), CMM, ISO and others.  Trust me, I dedicate more time to looking there than the VP I report to would like.    In the time window given for each particular task which, along with thousands of others, collude to form a complete project initiative, I only have so much time to "shop" for a universally-accepted solution before I have to get out my own "box of tricks" to meet one of my many deadlines.  And if I can't comply with an industry standard in a particular situation, I put it on my list to come back later to make the issue complaint.  My list grows faster than me or anyone else on my team will ever be able to catch up with.  But I put them all there anyway.  Every day.  My yet-to-be-executed good intentions are worth nothing to the rest of the world, but they help me sleep at least a little better.  Just as they did with all the companies I worked with before this one.

Quote
So your discussion of creating your own little internal standards is perfectly reasonable.  Microsoft's non-adherence to standard -- and not particularly difficult to implement (in the grand scheme of things) -- web standards, is not the same thing at all, and therefore is not justified by the points you made.
[a href="index.php?act=findpost&pid=322225"][{POST_SNAPBACK}][/a]

Addressed above (large organizations..."silo-effect"...conflicting priorities...etc...)

Quote
At the end of the day, it basically boils down to what you said here:

Quote
Formal standards make science work. De facto standards make business work.


And you're right.  Business people (like you I assume) will never care much about formal standards, and science/academic types (like me) will never care much about de facto standards.  From the corporate standpoint, it absolutely makes more sense to push a de facto standard if it reduces interoperability and forces people to use your product (= more $$$), but for the purpose of designing an elegant and robust system (the scientific/academic side of things), a formal standard is much better.  Personally, I think that for end users, the latter approach will result in a better overall user experience, and that computing would be a lot better off if it weren't for companies like MS and the corporate apathy for formal standards.
[a href="index.php?act=findpost&pid=322225"][{POST_SNAPBACK}][/a]

As stated above, I care very much about formally defined and published standards.  And wish very much that I (or anyone around me) had the resources to comply with them all the time.  And although you may never care very much about de facto standards, you (and many other people) will certainly feel their effects, just as we're all discussing in this thread.  It's crappy, I know.  And I promise that I and most others leading the IT industry that I've known are clearly aware of the importance of industry-wide standards, and work as hard and as efficiently as possible to achieve them.  Yes, there are instances of laziness, inefficiency and even corruption.  But these are all in the minority of cases, as hard as that may seem "on the receiving end".

There are a lot of gears in these machines we call "corporations", more than even most people imagine.  Even quite efficient ones are pressed against the wall every day to make money and grow and overtake our competition.  It's a very unnoble cause run vastly by very noble people with good intentions beyond just "maximing revenue".  But it takes funding to make any intentions reality.  And our funding comes from elsewhere in these machines...places where, at the bottom line, making numbers in bank accounts grow is of the highest interest.

In a capitalist economy, universal standards compliance not driven by direct market force will never have a high position in corporate priorities.  Companies will do what they have to, and those of us with enough influence will do a little more...anything we possibly can to make our machine work with the others in a common, standardized way.  But unfortunately the positive effects we incur in this area will be sporadic at best.  You'll see improvements here and there over time, like with the upcoming IE 7, but they'll never come as quickly or as often as you (or I, or anyone else) would like.  Unless the market begins demanding it.
Sometimes you have to jump off the cliff and build your wings on the way down.

Internet Explorer 7

Reply #46
Nero, you are missing one single important point: longterm profit & revenue. You mentioned multiple times, that "clean solutions" would not improve revenue. This is as wrong as it can get. It is true, that in many cases, it is most efficient(in terms of profit) in the *short-term*. However, i dont want to know how many trillions are spent worldwide in corporations for coping with the problems which those "quick and dirty hacks" create. The reason is not profit - almost every corporation suffers from the effects of "the quick'n dirty way". The reason is:

1. corporations only think about short-term goals. No one cares what will be in 8 years.

2. because of the competitive and egocentric atmosphere, there is a lacking interest for global improvement. Single corporations dont have the resources to fix the mess, and colaborative progress doesn't happen because of 1. and because of the egocentric decision-making. Thus, corporations prefer that "it will become worse for everyone" over "it will become better for everyone".

Or to make it short "everyone take whatever you can grab, and then leave the sinking ship".
I am arrogant and I can afford it because I deliver.

Internet Explorer 7

Reply #47
I am boggled at how few people follow "Best Practices."
It is kind of like "Common sense."
Nothing is so uncommon.

Pay me now, or pay me later.

A stitch in time, saves nine.

Cheap, Fast, Good, pick any two.

Internet Explorer 7

Reply #48
Quote
Nero, you are missing one single important point: longterm profit & revenue. You mentioned multiple times, that "clean solutions" would not improve revenue. This is as wrong as it can get. It is true, that in many cases, it is most efficient(in terms of profit) in the *short-term*. However, i dont want to know how many trillions are spent worldwide in corporations for coping with the problems which those "quick and dirty hacks" create. The reason is not profit - almost every corporation suffers from the effects of "the quick'n dirty way". The reason is:

1. corporations only think about short-term goals. No one cares what will be in 8 years.

2. because of the competitive and egocentric atmosphere, there is a lacking interest for global improvement. Single corporations dont have the resources to fix the mess, and colaborative progress doesn't happen because of 1. and because of the egocentric decision-making. Thus, corporations prefer that "it will become worse for everyone" over "it will become better for everyone".

Or to make it short "everyone take whatever you can grab, and then leave the sinking ship".
[a href="index.php?act=findpost&pid=322329"][{POST_SNAPBACK}][/a]

I'm right there with you on long term profit and revenue.  But corporations often spend 75% of their time and efforts to maximize revenue within a two year span (and the current year is always the largest focus).  They will spend the remaining time and effort looking farther out.

Intentions are not the issue.  Intentions are almost always well-set in a successful company.  What I'm saying is that there are simply not enough resources or hours in the day to make most of the intentions a reality.  It's an issue of priority and today's profits.  $1 million right now is more important than the potential of $5 million in three years, for instance.

"We can spend 50% more right now to make a steep improvement in our industry standardization, or we can wait to do that until next year and maximize our profits in this fiscal year."  You can guess which way most corporate execs would answer that.  Simply repeat that item each year and you'll begin to see my point.

This is not coming from a negative attitude or any kind of "doomsaying".  In fact I think most of what I've said has been positive regarding the intent of corporations regarding formal standards.  It's simply the tough corporate world that exists.  If I was down on it every day, I'd change careers.  Instead, I consider the full adoption of formal standards to be a goal to always strive for.

And it's the same inside Microsoft, and all the other companies I've ever worked with.  If Microsoft could make IE fully W3C and CSS compliant right now, they'd do it.  Market-driven priorities...limited resources...near-term profitability......These are the reasons it's not happening all at once.
Sometimes you have to jump off the cliff and build your wings on the way down.

Internet Explorer 7

Reply #49
Quote
If Microsoft could make IE fully W3C and CSS compliant right now, they'd do it.
[a href="index.php?act=findpost&pid=322378"][{POST_SNAPBACK}][/a]

Are you sure? If i recall correctly, then they ditched further IE-development because they were afraid of the internet (or more correctly, affraid of web-applications which could turn the client-os irrelevant). I am quite sure that microsoft does not want the internet anymore - they want the desktop. The current and previous IE-upgrades were only to slow down firefox market-penetration a bit. However, this can only work in the short-term, so i guess they do have a hidden agenda to solve the "internet-problem" in the long-term.
I am arrogant and I can afford it because I deliver.