Thursday, July 26th, 2007
Chris Wilson (Platform Architect of Internet Explorer) led off Day 2 of The Ajax Experience with his keynote: “Moving The Web Forward”. The talk centered on challenges faced by browser vendors and web developers to achieve more secure, stable, interoperable, and performant solutions. Here’s a bit of a summary…
Security and privacy are incredibly important to developers, browser vendors, and the average user. Ajax introduces some challenges in providing these protections due to code sharing, proxying, script inclusion, etc. It’s as important as ever to have a security model and spend some time “hacking yourself” to find loopholes.
Privacy is a growing concern for not only IT departments but governments. While cookies are perhaps the best known vulnerability (Chris recommends checking this out), many new “danger points” have been introduced by mashups and syndication. Having a privacy model and letting your users know just what you’re doing with their information is key.
Stability and interoperability are a tough pair. The volume of applications relying on non-standard implementations is staggering. Producing a strictly standards compliant version of IE is not an option as many users (and companies) would simply not be able to move to the new version. While many sites (attempt to) implement entirely standards compliant solutions already, many sites (even medium/large sites) do not. Often these violations are implemented without developers even realizing what’s happening. To maintain stability (and not “break the web”) interoperability is something that must be approached methodically (by way of things like “standards-comliant” mode).
Performance is another major concern voiced by users, unfortunately it’s hard to determine exactly what this means to them. Performance can be measured in a variety of different ways against a variety of implementations and approaches. While it’s always a goal to make the browser itself more efficient, many of the largest performance gains are via better designs and implementations of applications themselves.
Chris closed with what is pushing the web and what we can all do to move it forward right. To paraphrase Ben Galbraith (from last years TAE): “Caring about the quality of web UI” is what’s pushing us today. Enabling online social experiences, providing friendlier layouts, graphics, and imaging drives people to sites and gets them participating.
Making browsers (and other devices) interoperable is a huge step in improving what we can provide on the web. While vendors move towards that goal, it’s vital the developers be as careful as possible to implement standards based solutions, even in environments that facilitate non-standard solutions.
Would IE be more secure if under a more permissive license? and will we ever see it?
Not really. It’s already frighteningly easy to get a copy of the windows source code (which includes IE). The challenge is making sure that lots of very smart people look at the code very closely for vulnerabilities. This is something the IE team has been quite proactive about, especially since 2002.
Chris doesn’t know of or anticipate any plans to change the license like this but won’t say never
Outlook 2007 doesn’t use the IE renderer and seems to be much less standards compliant, “Why did Microsoft do this to me?!?”
While Chris isn’t part of that team, he sees what they were trying to do: increase consistency between what is used for rendering received email and what is used for creating outgoing mail. He believes that team does realize that it’s a problem and will be working on it.
You had mentioned an issue of when developers don’t know they are relying on something that isn’t standard or writing something that isn’t standard. How can that be resolved or limited?
Workarounds are sometimes going to be necessary – Things need to work and you often can’t wait for the browser vendor to fix it. Developers need to (1) educate themselves on what is standard and what’s not and (2) document anything non-standard that they are doing or relying on to check back with when the next version is released.
Many problems are regarding the inclusion of frameworks included to get some widget or behavior. These frameworks may do something non-standardized under the covers that the developer is not aware of. To framework creators: Stay compliant wherever possible. Releasing a patched framework to accommodate new browser versions is good but there’s still trouble as people often won’t know to update (they’ve forgotten all about that).
What are your top 5 tips to making IE a good debugging env?
(Microsoft Download Center)
1. Install Visual Web Developer Express.
2-4. Get IE Debug Toolbar.
5. Keep updating the debug toolbar.
6. Get the full version of Expression Web Designer. (it’s pay-for so he’s making it #6).
oh, and #3. Fiddler
I’ve heard developing on Vista is broken.
It’s not broken, the challenge is IE runs in “protected mode” by default which sandboxes IE process to prevent others from connecting to it – and it from connecting to others. Disable protection mode and it will work.
Should i start with FF and then fix bugs with IE? What does Microsoft recommend?
Remember the tips before for debugging.
Reference the IE Developer Center for what the platform contains.
As for the general process: start with the standard and test with multiple browsers as you go. What you’re testing in any browser is that browser’s implementation of the standard – so, even if two browsers implement the same standard – you can run into trouble. By testing in several as you go, at least you know when you’re hitting incompatibilities.
What are the big things users are asking for?
Users don’t give very consistent answers to this question but research told us the important things for IE7 were tabs and printing. When starting IE7 they had no plans for enhanced printing but people were really mad about the right hand side being cutoff. They ended up getting a big win with their printing improvements.
Now (post IE7) people want performance but it’s hard to know what that really means to them. Normally the “feel” of browsing is pretty similar, to the normal user, when just casually browsing.
Another request is enabling customization and hiding portions of the UI that the “normal user” isn’t utilizing. Part of this task is to enable more customization while another large part is making existing customizability more friendly and accessible.
Posted by Jim Halberg at 2:14 pm