X-UA-Compatible: let sleeping intranets lie?

The longer I think about X-UA-Compatible, the more I think it's not really about "not breaking the web". I think it's about "not breaking big bad web apps".

While it's possible that Microsoft wants to be friends with standardistas, or at least make us shut up, they really don't want to be enemies with a much larger group - large web application vendors and administrators.

Think of the children lemurs big vendors

The big application vendors could seriously kill innovation in IE. People like IBM, PeopleSoft/Oracle, BlackBoard and indeed Microsoft themselves... basically any company that sells web applications with lots of zeros in the figure. There are a lot of them out there and a lot of them dominate an entire industry.

Why can't MS afford to piss them off? Well their products drive a lot of really big sites and intranets that only work properly in IE6 or IE7, because they were built for a bad but stable platform. If IE8 comes out and renders like Firefox, Opera or Safari, those sites might break.

That's one reason IE7 is still blocked in many corporate environments - they have systems that only work in IE6. Remember it only takes one critical system to stop the new browser being rolled out. Admins have no choice but to lock down to old versions of the browser or switch their users to a competitor (if they have that option).

So Microsoft faces a scenario where their new products are not adopted; or they start losing thousands of users at a time as corporate clients switch to competitor products; or they have to keep releasing browsers that never update the rendering engine.

Otherwise they could have large vendors banging on the door with pitchforks, torches and lawyers, demanding to know why Microsoft has sabotaged their products after years of providing a stable platform.

stability?

IE6 sucked, but it didn't change for years. That's stability, to the corporate mind. So they just built for IE, or if you're really lucky they built for Netscape as well and eventually grudgingly added Firefox to the list. Safari? Opera? Konqueror? Not a chance. In fact "alternative" browsers may even be blocked entirely.

The big vendors don't want new browsers. New browsers are a pain because they require huge amounts of testing, bug fixing and patches. So they want their supported browser list to be as small as possible and they'd be quite happy if no new browser was ever released.

why are these apps so bad?

Based on my observations the bigger the company and the more expensive the product, the worse the product's frontend code will be. The bigger the application the harder it is to change any of it, too.

Why is that? My speculation is that the really big enterprise applications are mostly running on old code bases. They may have been through several releases, with an ever-expanding list of dependencies, patches and plugins. Some didn't even start life as a web app. Some began as desktop applications and at some point had a web interface tacked on.

I'd also guess that the web interfaces are often built by software engineers, who were never trained as web developers and really don't care about frontend code - much less standards compliance or accessibility.

So anyway, these applications are not agile. They are big, slow and heavy. They cannot change direction. They cannot seriously deviate from the way they work. They cannot be easily fixed if their environment changes.

...and that's the new version

Keep in mind that the systems in production out there might also be running and old version of the product. When it costs hundreds of thousands of dollars just to do a dot-point upgrade, staying current loses some of its gloss.

Clients might be holding on to an old install because they don't have the money, time or inclination to upgrade it. There are plenty of systems out there being kept alive well after their use-by date.

think of the large clients

At even greater risk than the vendors in all this is the people who bought the big applications. We're talking about big businesses, universities and government departments who've invested anything from hundreds of thousands to many millions of dollars implementing an off-the-shelf web application.

Why do I say they're at risk if they could afford the system? Well many of these clients cannot afford to do much more than maintain the application. They spent their money, they got a system and now they wait out the years on a support plan, until their next shot at a big capital expenditure.

what about roll-your-own?

Major operations tend not to roll their own web applications. I'll skip the rant about the wisdom of this approach; but the decision makers believe that big organisations have to buy big products. They believe that only a big vendor can provide proper support; they believe they need an ecosystem of consultants set up to help with your implementation; and they need to feel sure the vendor will still be releasing patches in five years time.

The applications are critical to ongoing operations. People need financial systems to get paid, students need to get enrolled, government departments need to publish information for the public. These are not systems that can be replaced by something hacked together over the weekend, no matter how much of a big, tough Rails Haxx0r you are.

even if they do roll their own...

In some cases, big organisations will actually get a system built specifically for them. But when they do that, they still tend to base it on some large vendor's technology. They also tend to hire really expensive companies to do the build; and those companies often convince them to set up "a controlled environment" since they have the same mentality as the big vendors anyway.

Which means they just build for IE, or if you're really lucky they build for Firefox as well.... and you know where that leads.

then there are the disinterested developers

It's true that even the big vendors probably aren't the only issue. Yes, there are a lot of developers out there who aren't packing a major web application, yet they have the same build habits as the vendors. IE's the most common browser, so that's what they build in. End of story.

No matter what standardistas think of them, we're outnumbered by the people who learned tables and font tags back in 1997 and haven't changed a thing since.

Yes, these people just might scream at Microsoft if IE8 suddenly "breaks" their sites. While I personally would be happy to see these hacks get a harsh lesson, I can understand why Microsoft might not want to stir up that trouble.

so where does this leave the IE team?

Let's assume that the IE team do want to build a standards-compliant browser, even if Microsoft the company doesn't give a shit. It's also rational to think they want to keep their market share; and we know they don't want 10,000 more screaming emails.

So the IE team can't release something which breaks all those intranets and web applications. Forget "breaking the web" - the web can heal itself (mob rules and all...).

But imagine what happens if you break a bank's intranet? Breaking a hospital's patient file records database? Breaking a government's welfare payment system? These are scenarios I think are entirely plausible and would cause serious trouble. Breaking an entire product line of some major vendor? That's unlikely to bode well for the IE team either.

So version targeting is a way out. They can build a better UI, a more secure browser and still keep the old rendering engine for those systems that won't render in standards mode.

If that same solution can be set up to keep the lazy developers happy and quiet, so much the better (for Microsoft).

where does that leave standards?

Standardistas get caught in the crossfire. We have to do more work because we build the "right way". But we're motivated enough to go and fix our sites, or set up a version target, or deal with it some other way. We'll live.

Being able to specify browser support probably means that a lot of existing sites and web applications will never progress. They'll freeze at IE7 either through choice or inaction.

Huge numbers of people will opt out of web standards and opt-in to IE, because it gives them the illusion of stability and control. Is this a big loss? Perhaps not - they probably weren't ever going to be willing or able to make the switch to standards anyway.

So essentially Microsoft is giving up on a huge number of developers. They're giving them a free pass to mediocrity - making it easier to just do nothing rather than build to standards. There is no way this won't lead to more crappy, non-compliant, non-accessible and inefficient web sites and applications. So it's bad for standards on that count.

But, the flip side is that all those crappy sites can sit and stagnate without stopping the rest of us building to standards. Plus I gather from some of the comments I've seen, the alternatives were all worse.

Maybe the whole issue will be a turning point. Perhaps standards-based development becomes a niche industry, like tailor-made suits compared with cheap off-the-rack suits from budget stores. People might recognise the quality, but they'll only pay for it on special occasions.

standards 0, business 1

While it's disturbing how well lemurs can illustrate the issue as it might play out for small companies (X-UA-Lemur-Compatible, if you haven't seen it), I don't think that's what ultimately drove Microsoft's decision. I think the most telling battles were probably fought on the major application front.

Standards lost. Business won. But IE8 may live to fight another day and with it, maybe standards will ultimately come out on top.

I still think X-UA-Compatible should have been an opt-in system, putting the burden onto the people who caused the problem in the first place. It would have been far better for web standards if all those lazy developers out there had to explain why they needed to roll out another patch. Maybe a few questions would have been asked.

But that's not how it's going to play out. Microsoft is making web standards an opt-in game. In some ways the game hasn't truly changed... we still have to convince people to opt-in to standards, it's just going to be a little harder now.

I hope the big bad web applications appreciate it.

Labels: , , , , , ,

forthcoming events

If you are in Sydney, Melbourne or Perth there's stuff coming up you should go to:

Update: let's add to the list... Web Directions has just announced Sydney, Melbourne and Canberra dates. No details precisely what the two new events will be, though. Anyway, details at Web Directions South: 2008.

Labels:

opt-out version targeting is spam

So. There's been an idea. IE8 is going to pretend to be IE7 unless you explicitly ask it to be IE8. Sure, that makes... absolutely no sense.

[Update 2008.03.05 - Microsoft has now reversed this decision. See the 200ok weblog: IE8 to default to IE8 after all, hell chilly.]

You probably already know what I'm talking about. Let's do the run-down:

So I've been trying to work out what to make of this whole situation.

almost but not quite

The short version is this: I'm not wild about it, but I think it would be acceptable if the method was opt-in. That is, you should have to intentionally invoke the older rendering engine.

But that's not what's happening. What's being proposed is that to get IE8 to render your site in standards mode, you now have to put in a DOCTYPE and a new meta tag asking the browser to actually render in the mode specified by the DOCTYPE.

So I think this is a bad idea.

If the system was opt-in then it wouldn't be too bad. But instead it's opt-out (you know, like all those emails you never asked for). If a developer takes no action their site will initiate the old rendering mode in IE. So all those disinterested developers who only built for IE6 in the first place get rewarded for inaction.

Meanwhile those developers who build to standards have to cruft up their pages (or dick around with their server settings) just to get IE8 to render pages in IE8 mode. This is crap.

version targets are spam

IE8 version switching is like spam! Sure, let people have the option, if they're into that sort of thing. But don't force it on people who never asked for it.

we should not reward ignorance

Chris Wilson mentions on the IEBlog that this is all based on trying to keep badly written pages from breaking in newer, more standards-compliant versions of IE. While I understand it's been hard for MS to weather the storm as thousands of developers the world over discover their sites suck, that doesn't make those developers "right".

Chris says There's no easy answer, because it is impossible for us to tell whether the author wrote their content to standards or to IE's previous behavior.

But there is a way to tell! If they've included a DOCTYPE, they've declared they want to render to standards. If they did that in ignorance, it's time they started earning their money instead of letting Dreamweaver do their jobs.

Alternatively, MS can just throw them a bone and tell them how to bail out. People who didn't actually want that DOCTYPE are free to go and remove it from their pages and wear their Tag Soup badges as proudly as they like.

Or, more likely, just let them opt-in to the version target system. It'll still be less work for them than learning how to build to standards.

Yes, IE6 has created a legacy. But freezing half the world in IE7 isn't going to help move forward. It'll just keep things from progressing. People too disinterested to know what a DOCTYPE is aren't going to engage with this process. They're not going to learn anything or opt in to standards behavior on their own schedule.

once more with feeling...

If we're going to have a proprietary hack, or a new "standard" then for the love of Mike why can't we have an intentional selector hack?

Forget conditional comments or <meta> tags in every single document you maintain. Give us a legitimate version of * html to scope our tweaks to the browsers that need it. Something like ua[ie6] { } would be just dandy.

Sure, this will only suit those of us who know how to create pages that only need a few tweaks across browsers. But we've worked hard to get to that stage. Why shouldn't we get the love? :)

but basically...

Regardless of how many people support the version target idea - and regardless of just how scary-smart some of them are - right now I think it hurts the web to give bad developers a free pass like this. I think it will lead to many years of lazy developers keeping the web closed. Why bother building to standards? Why bother building for anything except IE7? They can just build in IE7, whack in a meta tag saying that's all they tested, then they can piss off back to the pub.

That's not the intention of version targets, you say? Sure, but that's how plenty of people out there will take it. The whole situation legitimises the approach of building for a restricted platform.

A cynical person might suggest that Microsoft is intentionally trying to lock the world down to IE; or try to get the other browser makers to bleed resources by trying to maintain legacy rendering engines. I have no doubt that individuals at MS do not want this result. But MS the company just might.

just make version targeting opt-in

IE8 should default to IE8, not IE7. I mean really, should I even have to say that?

So much of this situation hinges on the default behaviour. If there's a DOCTYPE and no meta tag, the browser should default to standards mode. It has received no instructions to contradict the W3C specifications, so why should it go ahead and load up a non-standards-compliant rendering engine?

Having a browser arbitrarily pick a rendering mode against the definition of the document makes a mockery of standards. Allowing a developer to specifically ask for the old rendering mode is a soft option, but it at least the document would contain an explicit instruction to override the DOCTYPE.

If version targeting became an opt-in system, for all that it'd feel like a dirty little secret it would be an acceptable tool. If version targeting remains opt-out, it's spam.

...ready or not!

But sadly it's not really something that's open to discussion. As Lachlan has already observed, Microsoft doesn’t tell you it’s going to do something of this scale unless it means it.

Microsoft is clearly going to go ahead with this idea. After all the blue monster isn't going to backflip into a higher level of standards purity. The announcement came through A List Apart and apparently they have more articles to come on the subject. Eric Meyer was enlisted to comment on the announcement. Passionate, smart people with serious NDAs were involved in the internal discussions at Microsoft and we still got this result (can you imagine the options that got rejected?).

So it's spam time.

Labels: , ,

dashing into trouble - why html comments break in firefox

[Or, When Minutiae Attack!]

There's a perennial question that pops up on email lists and from other developers. The question goes something like this:

"This page works fine in everything except Firefox and I can't tell why... it's showing an HTML comment as raw code..."

the problem

This problem usually boils down to a quirk in the way Firefox handles HTML comments. Most browsers only treat --> as a closing comment in HTML. However, Firefox also treats any instance of -- as a closing comment.

So, if you have a comment with two or more adjacent hyphens, you're in trouble. Both of these are out:

<!-- --------------- Blah --------------- -->

<!--
<p>
Blah blah blah -- then blah.</p>
-->

Firefox will display the comment as raw code, instead of hiding the comment and its contents. The late Netscape Navigator did this too - in fact I first saw the problem in NN4, back in 2000.

the solution

The solution is simple, even if it's not always convenient: don't put adjacent hyphens inside an HTML comment. That's fine and dandy unless you have content authors who have a habit of using two hyphens instead of an em dash!

In any case, you either need to remove the adjacent hyphens, or if it's appropriate you can convert them to more correct characters.

If your page's content includes double hyphens and you're not allowed to modify it, then you're not going to be able to comment blocks of it out. Yes, that is indeed annoying.

is firefox wrong?

Technically, very technically, Firefox is right. The HTML 4 specification defines "--" as the comment delimiters; while "<!" and ">" are the markup declaration delimiters. From the spec:

White space is not permitted between the markup declaration open delimiter("<!") and the comment open delimiter ("--"), but is permitted between the comment close delimiter ("--") and the markup declaration close delimiter (">"). A common error is to include a string of hyphens ("---") within a comment. Authors should avoid putting two or more adjacent hyphens inside comments.

Information that appears between comments has no special meaning (e.g., character references are not interpreted as such).

Note that comments are markup.

...so, Firefox is not "wrong". It's just following the spec to the letter (or hyphen, as the case may be). The other browsers have gone with a more human-friendly interpretation of the spec.

so are all the other browsers wrong?

I don't think the other browsers are definitively wrong either. They still comply with a different interpretation. Personally I read the specification the same way: "any instance of -- followed by > or whitespace and > is a closing comment".

According to this interpretation, "-->" and "--  >" are valid closing comments, but "-- blah" is not. It's also a reasonably logical approach to say that since a closing comment should be "-->", then the browser should ignore anything which is not "-->". That's pretty much what a comment is there for, after all - to ignore stuff.

is the spec wrong?

Well the spec can't really be "wrong" I guess. It is what it is. But in this case I think the specification is a bit illogical:

  • I don't see the sense in random exceptions to rules - why specify vagueness? "this is the closing comment tag, except when it's not".
  • Why allow whitespace in the closing comment, when it's not allowed in the opening comment? If whitespace was prohibited the only valid interpretation would have been the complete "-->" and the whole problem goes away.
  • The "common error" note just confuses the issue. It does not say why including adjacent hyphens is an error, nor does it define any specific error handling method.
  • The double-hyphen approach can't be a technical requirement for producing a rendering engine, since the other browsers are able to restrict closing comments specifically to "-->".
  • It's impractical to expect that commented content will never contain multiple adjacent hyphens. Sure, we can live without hyphens in comments; but we shouldn't dictate content based on markup (no matter how small a detail it is).
  • And finally... it's irritating, so I'm going to be cranky at the spec ;)

Besides that, as the HTML5 spec notes, HTML has always been implemented by browsers as a language in its own right. There's no need to slavishly follow anything else. The more human interpretation could just as easily have been specified.

But then, comments appear to be a blind spot in W3C specs - how I curse the lack of a single-line comment in CSS... but I digress.

will html5 clear it up?

No. HTML5 actually makes things a little harder to remember, by addingdocumenting (hat tip zcorpan) the restriction that a comment can't end with a hyphen either:

Comments must start with the four character sequence U+003C LESS-THAN SIGN, U+0021 EXCLAMATION MARK, U+002D HYPHEN-MINUS, U+002D HYPHEN-MINUS (<!--). Following this sequence, the comment may have text, with the additional restriction that the text must not contain two consecutive U+002D HYPHEN-MINUS (-) characters, nor end with a U+002D HYPHEN-MINUS (-) character. Finally, the comment must be ended by the three character sequence U+002D HYPHEN-MINUS, U+002D HYPHEN-MINUS, U+003E GREATER-THAN SIGN (-->).

What's the saying about laws and sausages?

conclusion

Perhaps there's some deep-seated syntactical reason for the double hyphen approach. The HTML4 spec's warning about "a common error" hints at some underlying logic without actually revealing it. Maybe it's related to the formatting of DTD comments. Maybe it was just a Netscape quirk which got turned into a standard. Maybe it's totally random.

It seems unlikely that Mozilla is going to change this particular detail, particularly as it's not a "bug" to follow the specifications; and besides, Firefox 3 Beta 2 still has the quirk.

Still, Firefox does correct omitted background colours by defaulting to white - so they're not above "helpful" rendering tricks. So maybe there's some hope on that front.

But in the meantime, no matter what we think we just have to live with it. It's yet another bit of web development minutiae to file away in your head, for the day you see it happen.

Update 2011.10.17: a quick test in Firefox 6 and 7 suggests they've finally fixed this issue. With the suggestion that FF 3.6 will reach EOL in the near future, we might finally be able to say goodbye to this curious little problem.

Labels: , , , , , , , ,

about

Web development and standards, as seen by Ben Buchanan.

subscribe

elsewhere

[More bookmarks]