[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Figuring out Why Standards are there.



On (22/05/06 11:38), Greg Folkert wrote:
> On Mon, 2006-05-22 at 03:32 -0700, formless void wrote:
> > I finally found that W3C has got
> > 
> > User Agent Accessibility Guidelines at
> > 
> > http://www.w3.org/TR/WAI-USERAGENT/
> > 
> > Now my question is how authenticative W3C is?
> 
> What do you mean by "authenticative"? Do you mean au?thor?i?ta?tive?
> 
>         au?thor?i?ta?tive
>                 adjective
>              1. Having or arising from authority; official: an
>                 authoritative decree; authoritative sources.
>              2. Of acknowledged accuracy or excellence; highly reliable:
>                 an authoritative account of the revolution.
>              3. Wielding authority; commanding: the captain's
>                 authoritative manner.
> 
> If that is what you meant, then my answer is, W3C *is the authority* on
> the subject of the useragent. But being the authority on any subject
> doesn't mean anyone pays attention to you or your organization. It is
> voluntary compliance.
> 
> > Why am I asking this?  Because, setting up a standard is one thing and
> > getting vendors to implement is another.
> 
> See Voluntary Compliance. 
> 
> > It seems to me that the standard has been there for 4 years and no
> > browser has implemented it so far, as I can find no where within the
> > major browsers (such as IE, Netscape or Firefox) saying that the
> > accessibility of the browser is w3c compliant.
> 
> Have you even looked at Firefox's Mozilla website?
> 
> http://www.mozilla.com/firefox/
> 
>         Accessibility
>                 Firefox 1.5 delivers easier navigation for everyone,
>                 including those who are visually or motor-impaired.
>                 Firefox is the first browser to support DHTML
>                 accessibility, which, when enabled by Web authors,
>                 allows rich Web applications to be read aloud. Users may
>                 navigate with keystrokes rather than mouse clicks,
>                 reducing the tabbing required to navigate documents such
>                 as spreadsheets. Firefox 1.5 (Windows version) is also
>                 the first browser to meet US Federal Government
>                 Requirements (http://www.mozilla.com/firefox/vpat.html)
>                 that software be easily accessible to users with
>                 physical impairments.
> 
> 
> > Another issue concerns me is that the w3c guideline only addresses the
> > accessibility issue and not enough on User Agent security - Section
> > 1.5 only.  Where I can find security standards of the web browser?
> 
> http://www.w3.org/TR/2002/REC-UAAG10-20021217/guidelines.html#tech-ui-access-api
> 
>      1. For security reasons, user agents are not required to allow
>         instructions in content to modify user agent user interface
>         controls.
> 
> Also Note, that this is a guideline. (guidelines.html) which mean it is
> intended to steer, not define the APIs used in security considerations.
> 
> Also note that, you can program in a 100% sandbox environment and still
> produce insecure code. It is a matter of understanding the implications
> of your code and programming for security from the get go. Most software
> in general that started as a "pet project" did not start with the proper
> footing in secure programming.
> 
> When I say secure, I don't mean secure like Bank Vault Secure, but
> secure as in "Does what it is supposed to with out allowing stack
> overruns or improper handling of types to allow leaks, etc..."
> 
> So, if *YOU* need a secure implementation of a Browser with User Ageent
> Security Cranked way up... well, I suggest you start with a clean sheet,
> any of the existing code bases you have to work with in the way of
> web-browsers are far to buggy for them to be fixed, without a 100%
> re-factoring, linting, unit-testing with peer-review re-do. That ain't
> gonna happen unless YOU do it.
> 
> > It is perfectly fine, if the vendors are unable to achieve the
> > security of the browser at the same time with the accessibility, and
> > rely on the third party software to make compliment it. 
> 
> No, the core of the browser needs to implement good programming methods
> to not allow the exploits like IE has in it.
> 
> > But the standard level has to be differentiated and indicated clearly
> > either using logo or code, what ever.
> 
> The sheeple (sheeple == average US citizen that complains about politics
> but does nothing to improve the situation ala voting or writing) of
> windows users don't care about that. All they want is blinky lights and
> toolbars that work with the "game-site" or "porn-site" of choice.
> 
> Do like Microsoft has, find an imperfection in the finish, layer some
> bondo on it... prime it then try to match the color around the problem
> so nobody notices. If that doesn't work, repaint the whole-thing again
> adding a few more blinky lights, maybe a few "Pimped" things like DRM
> and TCE... and re-release it as the next completely redesigned version.
> (WindowsXP ala Windows Vista) All without even addressing Standards
> other than the proprietary ones they have created.
> -- 
> greg, greg@gregfolkert.net
> 
> The technology that is 
> Stronger, Better, Faster: Linux
> 
> Use Debian GNU/Linux, its a bazaar thing
> 
> NOTICE: Due to Presidential Executive Orders, the 
> National Security Agency may have read this email 
> without warning, warrant, or notice, and certainly 
> without probable cause. They may do this without 
> any judicial or legislative oversight. You have no 
> recourse nor protection.

Great answer!

Regards

Clive

-- 
www.clivemenzies.co.uk ...
...strategies for business




Reply to: