jasonw

[QUOTE=cyber_x,Sep 26 2005, 10:57 AM] But, in the end, there is always going to be someone who recognizes an area where the standard is lacking and goes on to add non-standard language extensions/features.

cyber_x

I don't know about the Web languages, but this procedure is almost never followed for many of the more popular programming languages. A lot of the stuff proposed to the standards committee comes after developers or development tools have already incorporated the features into their code. For the Internet, something I work with only on occasion, I can't claim to know if this is the case.

Right. Because then the vendor needs to issue a patch. Which is what would need to happen when a flaw is discovered in any Web browser, be it compliant or non-compliant.

I am happy with it because I haven't encountered these vile problems. If I ever do, then you can bet I'll switch to whatever alternative I think is better.

For me, a little smart surfing goes a long way. I leave my IE security around medium and don't accept ActiveX controls that I'm unsure of. Every so often I'll blow away my cache and cookies. I download nekkid chick pr0n from FTP sites and IRC, not by looking for free sex sites, which is probably where the majority of people fuxx0r their systems. Believe me, I get to fix friend's spyware-infested systems all the time too.

But I don't run into those issues myself. So my entire thing is, I use what works for me. Do I disagree with you that FireFox is an inherently more secure browser? No, not at all. But I personally don't need it, at least not under Windows.

jasonw

What I was getting at here is if you code your pages to standard you are less vulnerable to needing to update your code when a patch comes out. If you code for a non-standard browser, your code is more likely to need an update after a patch release. Patch releasees for browsers that are standards compliant should only make them more so(standards compliant). But I am veering away from user experience.

I guess I just see what M$ does as harmful to the internet and I don't like that.

I know I could intelligently use IE and avoid most security flaws too since I already have a good stash of pr0n too. But, that is no excuse for all the flaws from the richest software corp in the world...

cyber_x

When you say non-standard, are you referring to things like proprietary language extensions or non-standard syntax? I'm curious if we're even referring to the same thing.

I'm familiar mostly with C and C++. I play with the Internet languages here and there but they're not part of my everyday life. For languages like C and C++, there are often cases where people like non-standard things. For instance, vendor-specific keyword extensions make life a lot easier in many cases. Or there are cases where the standard doesn't define behavior for a given segment of code, and it's up to the compiler vendor to define behavior. Is this the same type of thing you're referring to with IE and FireFox? Or something else?

True that Microsoft's moves aren't always in line with the Internet. Hell, not so many years ago, they saw their business as only the computer box and didn't see what the Internet had to do with it. I'm sure that shortsightedness contributes to some of the security concerns today. But I think they now recognize the Internet's validity. Only time will tell what that means for the products.

Lest Microsoft take too much blame for being anti-Internet, it should also be kept in mind that part of the reason the Internet became so popular in the first place is because Windows was easy to use and properly marketed to the masses. When Internet use rose in the early to mid 90's, most of the world had no idea what Linux was, much less how to use it.

Eluded

Firefox is more secure? Guess again, for the first half of 2005 firefox had double the holes compared to IE.

Developers code for Firefox? Yeah great strategy, who owns the market? Guess again....

jasonw

In the case of JavaScript vs. JScript, it is different syntax AND different extensions. That's why alot of people just make 2 sets of client-side code.

When it comes to C and C++ there is a standard, ANSI, which I do not take lightly. I compile with the -ansi and -pedantic flags with all platform independent code. Getting in that habit makes you a better coder and platform-independent code comes naturally. That's how I was able to write a backup product for Linux, Solaris, HP-UX, AIX & Irix, with one codebase. I was also able to make a racing game that compiles on Linux and Windows with no modification: Scroll down \/ 3-week project...

I try to encapsulate platform-specific code when it is needed. Also when you are developing cross-platform code with multiple compilers, in parallel, it makes it easier to avoid platform-specific code.

jasonw

That report actually came from my company. The flaw is that they only counted flaws that the vendor acknowledged.

cyber_x

Ah, ok. So JavaScript and JScript aren't things I'm very familiar with. But it seems that this sort of issue would be easy to circumvent by using some sort of conditional define that determines what the client is and then goes down the appropriate code path. It sounds like this is probably what people do.

How different are JavaScript and JScript? Extremely, somewhat, or minimal?

I could definitely see syntax and keyword differences being bad for people who need to write and maintain cross-platform code. But this is where these things are a double-edged sword. If I'm writing code for just one platform, then many times, I'm going to love keyword extensions that make many lines of code into just one line. If I'm writing cross-platform code, then obviously portability becomes important.

But at some point, if your application does something very intensive, there are going to be differences across platforms. It's the nature of the beast and any non-trivial program that uses something other than the standard libs will be platform-specific at some point. If you write a GUI app, it will differ across Windows and Linux because those operating systems are built on entirely different code bases (WinAPI versus C). If you work with the kernel, then the code will need to differ, and so forth. The only way around this would be a set of higher level libs that works across compilers, and these don't yet exist, at least not to a very wide extent.

What I'm saying, overall, is that it comes down to needs. Are language extensions a good or a bad thing? Is FireFox superior to IE? Well, it depends on the context and on the user's needs. Adhering to ANSI is nice and does increase code portability. But most developers do use non-standard extensions from time to time because they make things easier. And besides, there isn't even a compiler that's fully ANSI-compliant. Gcc is decent, Comeau is better, but there isn't a single one that's 100% compliant by Plum Hall.

jasonw

[QUOTE=cyber_x,Sep 26 2005, 12:31 PM]Ah, ok.

cyber_x

Ah, yup I'm somewhat familiar with Qt. With high level frameworks like that, anything appears to be possible because they effectively mask the dirty details. But even that isn't fully ANSI compliant either, because no compilers are. Also, Qt doesn't necessarily work with all compilers for this same reason. But TrollTech was smart enough to make sure it works with gcc and VC++.

I do agree about layering. Looking at it from an application developer's perspective (using Qt), you're right that Qt is cross-platform. Looking at it from the Qt developer's perspective (making Qt), there really is no cross-platform code.