Hallvord R. M. Steen

10 is the one

Friday, December 19, 2008 12:29:51 AM

So we're busy preparing the major upgrade from 9.5x and 9.6x - and what's more obvious than calling it Opera 10? What's in a name, or a version number?

Apparently a lot of trouble.

As Andrew Gregory already noticed, we're the first browser ever to release with a two-digit version number. If websites assume that version numbers always have a one-letter "major" part and look for a single digit, they are going to "detect" Opera 1!

Since we released the first preview of Opera 10, we're seeing the bug reports come in. Web sites go belly up because of their bad sniffing. Some of them aren't even ashamed of it..

Thanks, Bank of America. Do you feel like it's 1995 again? Yeah, me too.

You'd think that with the intense development Microsoft has been lavishing on live.com they would have found somebody capable of writing a usable browser sniffer (or ideally a person clever enough to say "wait, we don't really need one - what if we just use feature detection instead?"). Think again..

..and for further evidence that their backend version detection is an odd piece of software engineering, read their cookies closely - Opera 9.62's request first, then Opera 10:

GET /mail/browsersupport.aspx 
Host: co109w.col109.mail.live.com 
User-Agent: Opera/9.62 (Windows NT 5.1; U; en) Presto/2.2.0 

Set-Cookie: BrowserSense=Win=1&Downlevel=0&WinIEOnly=0&Firefox=0&Opera=1&OperaVersion=9.2&Safari=0; domain=.live.com; path=/

GET /mail/browsersupport.aspx 
Host: co109w.col109.mail.live.com 
User-Agent: Opera/10.00 (Windows NT 5.1; U; en) Presto/2.2.0 

Set-Cookie: BrowserSense=Win=1&Downlevel=1&WinIEOnly=0&Firefox=0&Opera=1&OperaVersion=&Safari=0; domain=.live.com; path=/

Did you spot the missing version value? We really confused them by adding 0.37 to our previous value, didn't we?

Speaking of cookies, they are the main reason we added the feature that lets you hide Opera's identity. Back then in 1996 or so, some sites would do browser sniffing and send cookies only to known browsers. On the next page, if you didn't serve it cookies the site would say "hey, you don't support cookies so go away". What would Joseph Heller make of that, I wonder?

So, rewind to meet the catch-22 server, re-born at Bank South Australia:

GET /InternetBanking/ HTTP/1.1
User-Agent: Opera/9.62 (Windows NT 5.1; U; en) Presto/2.1.1
Host: ibanking.banksa.com.au

HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=000019WTazsWAk-lB38OrmKD3kR:13l3ifhnq;Path=/
Set-Cookie: bhCookieSess=1;Path=/
Set-Cookie: bhCookiePerm=1;Expires=Sat, 20-Dec-2008 23:35:40 GMT;Path=/

..and Opera 10..:

GET /InternetBanking/ HTTP/1.1
User-Agent: Opera/10.00 (Windows NT 5.1; U; en) Presto/2.2.0
Host: ibanking.banksa.com.au

HTTP/1.1 200 OK
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-AU
Date: Thu, 18 Dec 2008 23:34:37 GMT
Connection: close

Um, I'm hungry. Where are your cookies? Predictably the next page looks like this:

This is probably just the beginning.

Will the web ever learn?

Browser security handbookGoogle Maps vs. DOM2 specification 1-0

Comments

« Previous 1 2

Andrew Gregory # Saturday, December 20, 2008 12:25:33 PM

"It is the result of changing a header value"

No, it isn't. It's the result of bad code on the web site. I wish more sites were like the Bank of America and displayed their idiocy publicly. At least the BoA makes it clear who's at fault.

I don't think Opera should change anything. I think the site breakage that occurs due to version 10 is acceptable. It seems to be such a small proportion out of all the broken sites. More sites stopped working when Opera dropped overt document.all support (although that was balanced by other sites starting to work). Breakage that does occur can most likely be handled using the existing "Mask as" options.

Opera mangling their UA string would only make things more difficult for those web designers trying to do the right thing by Opera. You're suggesting Opera make their coding lives even more difficult than they are now. That will only increase resentment towards Opera.

I think some thought should be put into making the efforts Opera make towards site compatibility more visible. Everytime a UA override, browser.js patch, or Opera-supplied site preference is used, there should be some visible indication of it. A dunces hat, perhaps?

Haavardhaavard # Saturday, December 20, 2008 6:03:56 PM

TreeGo: Version numbers are important for many reasons.

Technology - indicates major changes/additions. Indicates that the new build is different from the older build.

Marketing - indicates that there is something brand new that the market might be interested in (not just bugfixes).

10 is not an arbitrary number. It indicates a major release after version 9 with significant changes and additions.

TreeGo # Saturday, December 20, 2008 8:47:10 PM

OK. Thank you, haavard.

leighmanLeighman # Saturday, December 20, 2008 9:24:50 PM

Only thing I had a problem with was Yahoo, I think. And that now appears to be fixed so bring on 10 final release, I say

I do agree that something which notified users that browser js was being used, for whatever reason, would be a good idea.

J. KingMTKnight # Sunday, December 21, 2008 2:19:03 AM

Jere, the problem has always existed: it just hasn't manifested until now. In a few years, good sense willing, Internet Explorer may also run into the same problem, as they go from version 8 to version 9 to version 10. Is it Microsoft's fault that they are finally moving forward? Is it Opera's fault that they have been serving their userbase faithfully and consistently with a steady stream of good releases, many of them major, for fourteen years?

Opera just happens to be the first bitten by others' incompetence; it's in no way a problem of their making.

mabdul # Sunday, December 21, 2008 1:35:42 PM

maybe ms will publish a new browser with a webkit engine and a totally new name for the browser. *g* I mean so they could start from a new point and become more standard complicant... maybe.

Charles SchlossChas4 # Monday, December 22, 2008 2:56:02 AM

d4n3 funny link I read most of the comments

If web dev just wrote in web standards code we would not have as much of this problem

using Opera 10 Alpha 1

<www.usbank.com>

To get the most benefit from U.S. Bank Internet Banking, we recommend using one of the supported browsers described in our Browser Requirements and Security Standards.

for the Browser page: http://www.usbank.com/cgi_w/cfm/about/browsers.cfm

I did send them feedback

mabdul # Monday, December 22, 2008 2:03:02 PM

http://www.usbank.com/cgi_w/cfm/about/browsers.cfm
why will this bank a particular os(mac/win)? why not linux with ff? or maybe bsd/unix or other? *confused*

Unregistered user # Monday, December 22, 2008 2:07:01 PM

Anonymous writes: I'd suggest naming the latest version 9.99 and decrement from there; 9.98, 9.97, 9.96 ...

Jere # Tuesday, December 23, 2008 3:30:13 AM

MTKnight, Andrew,

with IE perhaps being closest of the competing browsers to reach version 10, I'd rather see Opera leave the burden of this misfortunate number on the shoulders of the IE devs. IE is significant enough to initiate a change in poor sniffing methods, Opera is not. It's an opportunity Opera should wait for. Till then, hacking around with the UA string is the only way to do the users a favor.

FataL # Tuesday, December 23, 2008 3:43:59 AM

Jere, I fully agree with you. Lets not have even more compatibility problems with Opera.
I still see many sites that have issues with Flash 10...

ΩJr.OmegaJunior # Sunday, December 28, 2008 1:11:27 PM

I only use a handful of sites, including the ones I write myself. I haven't seen any problems due to the Opera 10 version number yet.

However... it occurs to me that I, too, hadn't thought of looking for a 2-digit number in browser sniffing. Granted I only sniff at MS's excuse for a browser, but if Hallvors hadn't written this blog post, the idea wouldn't even have crossed my mind.

Sometimes it's not that us web developers are stupid... sometimes it's that we're blind.

Unregistered user # Sunday, January 11, 2009 2:08:35 PM

Аноним writes: Did you know that Opera/9.99999... is exactly the same as Opera/10.0? ;=]

Unregistered user # Tuesday, January 13, 2009 12:53:12 PM

Anonymous writes: This never-ending stubbornness is the reason why I switched to Firefox. Opera would rather be right than usable. The term for that is martyr complex.

Hallvord R. M. Steenhallvors # Wednesday, January 14, 2009 12:31:03 PM

Opera would rather be right than usable. The term for that is martyr complex.

LOL, we have a solution! Give the company a suitable psychological diagnosis and some therapy, voila!

I wish it was that simple

The web is a complex place. Today, I believe browser sniffing practises are so varied and insane that pretty much anything we do with the User-Agent string will break a subset of websites. There is a trade-off between complexity and compatibility, but what we've seen in the past is a sort of complexity arms race between browsers and browser sniffers. It makes sense to me to try to avoid that, and rather work on tools like site-specific spoofing and patching. The default is simple, only when required we add complexity.

Uncle MickMickeyjoe-Irl # Wednesday, January 14, 2009 1:51:11 PM

The term for that is martyr complex.

There's a term to describe everyone.

for example.

Daned4n3 # Thursday, January 15, 2009 2:02:15 AM

how about making a dev.opera article with code examples of how to properly detect and parse the opera version and user agent string (plus the warning that browser sniffing = bad)

DavidSchalandra # Thursday, January 29, 2009 3:05:54 PM

I just found another website checking just the first digit:
www.godiva.com

Just dropped them a small note via email so they can fix it.

I keep on fighting.

Mad Scientist (عادل)qlue # Tuesday, February 3, 2009 8:55:10 PM

The biggest problem for me is, I'm using a mobile. And I'm tired of been told to download adobe flash player when all I want to do is check some price list or something equally simple. It's even more ridiculous when it's a mobile networks website where you're meant to set yous settings.
http://www.vodacom4me.co.za

Unregistered user # Saturday, March 21, 2009 6:04:54 PM

joelpt writes: If the first author of a User-Agent string had gone with a two digit leading on the version number we wouldn't have this problem now: Netscape/01.0 But the bigger problem with User-Agent strings is that they are a mess. Their contents over time have formed this bizarre de-facto standard resulting in this kind of thing (Google Chrome's): Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.48 Safari/525.19 These UA strings have historically been engineered to this "standard" in the first place, so I think Opera may as well use an engineered "Opera/9.99" leader in their UA string now. That being said, a designed, standardized UA string 'grammar' would save browser developers and (especially) web devs a lot of effort. But such does not exist. This situation is actually not much different from the Y2K problem. Though in this case Opera could use an engineered UA string and circumvent it.

Unregistered user # Monday, March 30, 2009 9:26:58 PM

Anonymous writes: I don't get the point of browser sniffing. Web devs check for the specific browser (and browsers version) because their code is wrong. So, why don't they write a valid one? This is really a simple question. Anyway, I think that Opera should break that and name it's new version Opera 10. The web is crouded with so many poorly-written sites, but that (really bad) habit should be cracked eventually. If Opera don't do it, MS will. And they will pump the story so much, that they will gain enormous profit from it. As always. Oh, and that USBank web site that you were all talking about is giving me a notice that I should get the one of the "true" browsers. I'm using Opera 9.64. They can't make their web site work with normal versioning mode (first digit is 9), so how can anyone expect from them to work with v10? Their web site is so full of errors, that it is a miracle that it even works with IE and FF. Here is a validator link for USBank.com http://validator.w3.org/check?uri=www.usbank.com&charset=%28detect+automatically%29&doctype=Inline&group=0 I say, go with Opera 10! :)

Hallvord R. M. Steenhallvors # Wednesday, May 27, 2009 6:48:37 PM

Jere, you win

As a result of probably thousands of ASP.NET sites not sending us full JS source and many, many other problems caused by the "10" we're letting Opera 10 pretend to be 9.80. Here's the announcement:
http://dev.opera.com/articles/view/opera-ua-string-changes/

FataL # Wednesday, May 27, 2009 8:05:16 PM

This is right decision!

Lets wait for IE 10 (probably five more years).

Charles SchlossChas4 # Wednesday, May 27, 2009 11:11:02 PM

five more years it may be hard tho, I wonder if the IE team has noticed how far behind they have gotten compared to all other web browsers

lucideer # Friday, May 29, 2009 3:22:59 PM

Originally posted by FataL:

Lets wait for IE 10 (probably five more years)

Have you considered that IE10 might actually be Microsoft Gazelle 2.0 or some such?

FataL # Friday, May 29, 2009 4:19:50 PM

Originally posted by lucideer:

Have you considered that IE10 might actually be Microsoft Gazelle 2.0 or some such?

Then they will get in trouble with too low version number anyway.

Charles SchlossChas4 # Friday, May 29, 2009 4:21:48 PM

Didn't Adobe have trouble with Flash Player 10 also?

Unregistered user # Wednesday, June 3, 2009 9:14:29 AM

gulli writes: Hallvors, bad choice in my opinion - you should have stuck with the original Opera/10.00 or at least leave that as an option. I'll take the fight with websites so poorly written that they need a specific browser version. The "Version/10.00" thingy or any other version fixing simply adds complexity and annoyance for those developers that actually care about simplicity and standards and there are more and more of us. I personally avoid pages that do not let me in using Opera, sometimes that means some inconvenience for me. I for example ask companies that try to sell me stuff (like phone companies) if their site will work with Opera on Linux even though I usually use Windows simply because I have doubts about their ability to provide me with usable information source if the site is stuck with some ancient IE version.

lucideer # Wednesday, June 3, 2009 10:40:07 AM

Originally posted by anonymous:

I for example ask companies that try to sell me stuff (like phone companies) if their site will work with Opera on Linux even though I usually use Windows

I usually just tell them I use a version of Windows that comes without IE - they've believed me sofar... gives you an idea of the expertise that's out there.

Charles SchlossChas4 # Wednesday, June 3, 2009 2:58:09 PM

ucideer is the the Windows N version?

Andrew Nguyenandrewnguyen # Thursday, June 4, 2009 2:23:02 AM

I totally agree with calling it Opera X.

Mad Scientist (عادل)qlue # Sunday, June 7, 2009 10:52:57 AM

On one hand, I agree in standing our ground in favour of standards. However, I'm also enough of a realist to know that when a badly coded website breaks in a browser, the typical user blames the browser, "because that other browser works with it!".

lucideer # Sunday, June 7, 2009 1:16:04 PM

@qlue
If you've read the blog post for the new 10 beta, you'll see that they did in the end capitulate and changed the userAgent to 9.80.

Unregistered user # Tuesday, July 21, 2009 4:51:51 PM

Andre writes: How about someone posting here a method that works, that way we can point these sites to some working code?

Unregistered user # Tuesday, July 21, 2009 4:55:09 PM

Anonymous writes: Here is one: http://www.quirksmode.org/js/detect.html , though object detection is certainly the better way to go.

Unregistered user # Tuesday, July 21, 2009 5:41:39 PM

Anonymous writes: Off the top of my head, I can think of the following software products that have gone to 11 and haven't (yet) changed to another scheme or name: OpenSuSE Linux. Windows Media Player. Some long-running video game series. I'm trying to think of any others... Here's another, but reverse approach: Solaris. SunOS was renamed Solaris, but they kept the internal name. Solaris 2.6 was SunOS 5.6, Solaris 2.7 was SunOS 5.7. Then the marketing department decided the version number looked to small, so Solaris 2.8, SunOS 5.8, is called Solaris 8. Internally its still 2.8 or 5.8 depending where you look. Similarly, Solaris 9 (marketing) is actually Solaris 2.9 and SunOS 5.9. A couple years back it hit Solaris 10. I have not looked, but I've wondered if its Solaris 2.10 or Solaris 3.0 and is it SunOS 5.10 or 6.0? If its 2.10, then is that greater than 2.9 or less than 2.2? I have noticed that since they have hit this scheme, they forgot how to have minor versions, so rather than Solaris 10.1 when they updated and didnt'y call it 11 (is that 2.10.1 or 3.1?) they just called it Solaris 10 Update 1, and then proceeded with Update 2, Update 3, etc. What the hell version is Solaris at and is SunOS even in existence? Oh well, maybe it will become OracleOS 1.0 and it won't matter anymore.

Unregistered user # Friday, October 2, 2009 12:27:24 AM

jon writes: i would never have written such code! those webmasters are retards! :P

Charles SchlossChas4 # Saturday, February 11, 2012 5:06:05 PM

Firefox goes 2-digit, time to check your UA sniffing scripts

https://hacks.mozilla.org/2012/01/firefox-goes-2-digit-time-to-check-your-ua-sniffing-scripts/

Tracking bug for UA sniffers failing to handle a two-digit version
https://bugzilla.mozilla.org/show_bug.cgi?id=690287

I know I have seen this before http://files.myopera.com/Tamil/Smilies/Wink.gif -

I wonder what happened when Chrome hit the double digit, IE is close to 10

Uncle MickMickeyjoe-Irl # Saturday, February 11, 2012 10:12:03 PM

Originally posted by Chas4:

I wonder what happened when Chrome hit the double digit, IE is close to 10

Chrome released v10 last year. Currently on v17 19.

Charles SchlossChas4 # Saturday, February 11, 2012 10:45:47 PM

Hmm I wonder if Chrome hit the same bug/ issue

Hallvord R. M. Steenhallvors # Tuesday, February 14, 2012 10:02:49 AM

Seen Chrome's UA string recently? It's got so many browser names and version numbers that they clearly expect every browser sniffer to find something they like in there

« Previous 1 2

Showing comments 51 - 91.