Safari Users might find themselfs missing even more of the web!

[TheAnimus]

Paypal could ban unsafe browsers - The INQUIRER

Inshort: Paypal are looking to ban Safari, because they deam it insecure.

Its quite intresting, because the complaint is a lack of an anti-phishing filter, but its got obvious wider implications. Here is why.

Most web developers are at that dangerous level of understanding, the same one i have when I try to make anything interface with a PIC under linux. They think they know enough to make an infromed judgement, when really they are missing the point.

Older is better, and less is more when it comes to security, these are two basic rules, the less code you have, the less chance of their been many exploits (if you assume that the exploitability is a even chance or line of code (which of course it isn't)). The older it is, the more tried and tested it is.

Now regretably people don't look objectivly at what browsers offer in terms of security very often, and i supose its understandable, otherwise Lynx would be everyones choice. However its not OK to pretend it dosen't exist.

I think this is what safari users are doing, one of the reasons i wind up mac fans for fun, is because their zelous view makes it easy, and yes their browser is really lacking from the views of a programmer (note, programmer, not web developer), as is the ferrits lousy garbage collection, and the Active-x in ie, that seams as thou it was from simpler times, when locks where made of paper, and everyone left their door open.

But this comment about safari is fairly appt, Apple where trying to push it as a developement platform, a move i couldn't fathom (why you would develope for a browser with a sod all market share, rather than all browsers, or the one browser with the hudge share). I think they might of lost site of whats important to the average home user.

Do you think Paypal are right to threaten this?

[peterb]

Its a tricky one, because a 'secure' (depending on how you define secure - EAL criteria are as good as nay)OS can be undermined by an insecure application, so you have to look atthe two as a system - and even then poor configuration can undo any security built in, which is why security accreditation can be difficult to quantify - a specific configuration can be held to be secure to given level if that configuration has been specifically tested. (A bit ofa simplification, but the general principle is true)

backto specifics... I suppose PayPal has a right to defend itself against attack, but is it right for them to shift the onus on an application developer? I presume by anti-phishing filter it is to prevent server side applications from downloading some client side applet to mine for data - which if possible is a major security flaw. However that is really a user problem, should Paypal be acting as nanny in that case? And what if they demm Opera or Firefox to be flawed, or only say that they will support IE?

Of course Mac users aren't really affected too much by this, both Opera and Firefox will run on the Apple pplatform so maybe Paypal are doing Apple owners a favour! It might also force Apple into tightening up the security on Safari.

Apple - Downloads - Internet Utilities - Opera Browser

Apple - Downloads - Internet Utilities - Mozilla Firefox

[TheAnimus]

True but lets put this another way.

Back in the olden days of the net, IE and others would allow a hyperlink that looked like

Code:

http: //username:password@www.somesite.com/dir/page.html

Now that can't be done, because nasty people would put

Code:

http://legitmatesite.com/dir/page?paramstringthatsreallylongwithlotsofcrap:s@dodgyscamsite.ru

So browsers had to change to protect the sites. In a way it would of been good of sites to block browsers that didn't make this change, nannying the users, because its them who suffers the loss, not the browser vendor. (thou people who used to use ultra lists of passwords for porn, found they had to spend more time with their hands on the keyboards, poor soels).

Personally i think its quite right as long as the fears are founded. However when they are simply political or trying to be 'cool' they need to be beaten.

[peterb]

<---snip---?

Personally i think its quite right as long as the fears are founded. However when they are simply political or trying to be 'cool' they need to be beaten.

Yes, I think that's pretty reasonable.

[Whiternoise]

I think it would be a good idea to keep kicking Apple up the backside, just so they don't get conceited.

In addition, i'd much rather they banned IE for not rendering CSS properly. STILL.

Safari, as a browser is almost as bad as IE in different ways.. Make mac users switch to Camino or Firefox!

[TheAnimus]

In addition, i'd much rather they banned IE for not rendering CSS properly. STILL.

Safari, as a browser is almost as bad as IE in different ways.. Make mac users switch to Camino or Firefox!

boo, hoo. Not rendering CSS properly, on a scale of 0 to having your bank account compramised, thats hardly a worry to the end user is it?

Most developers don't get that its not ideas that make it easy for them that are important, its all about the users. This seams to be even more forgotten for the diet coke developers that are "web presence consultants". A user will pick a browser with no real care about been easy to target for rendering websites, and there is nothing wrong with them doing so.

[Whiternoise]

My answer was meant to be slightly tongue in cheek

In any case, i think a browser that can't render pages like all the others shouldn't be trusted to safeguard your bank details.. and personally i don't think it's down to developers not getting ideas, it's a fundamental problem with browser designers not willing to conform to a unified design standard.

[TheAnimus]

Standards aren't all that thou.

Take a look at WebServices.

Simply what type of WebService is it? JSON? WS-*?

Or uPnP, something that has that sticker on it you can almsot garente won't play well with a different vendor's uPnP audio/visual system.

Like 802.11b was before WiFi.

But with a browser its slightly harder, ideally there would be a simple element that people put in which says render this properly for version n, thus allowing full backwards compatability, but as the vast majority of websites aren't well crafted, that would never work.

Things get even more complicated, i remeber having a discussion about a problem with .Net implementations (differences with Mono vrs MS) mostly will the way write concurancy is handled course problems?