Could it be?
Has Microsoft forcibly started pushing IE8 to Windows XP machines via Windows Update?
As cruel as it might sound the user still has an opt-out choice when security updates are available. The spreading of IE8 could mean a quicker death of IE6 which is good for everyone except for those corporate IT admins clinging to their installation-images with IE6 as default. Die, clingy corporate admins, die!
I'm carefully excited.
Finally. Internet Explorer 8 has been released. One small step for the users, but a giant leap for the internet.
The most popular danish community-site for dogsitters ("hundesittere"), www.hundesitter.dk, has joined in on the fight against IE6. The site now employs an IE6 warning in Danish on the front page.
A big thanks to the author of the site, Sabine Förderer.
This is a call-out to web developers of the world:
End support for Internet Explorer 6.0 on all new sites!
Several norwegian sites have already lead the way and are warning IE6 users that they should upgrade. The more developers and sites who join in on this the better. Christopher Blizzard proposes on an actual deadline:
Support for Internet Explorer 6 ceases on 31st. of December, 2009.
Should your clients want support for IE6, advice them that Microsoft already supports this campaign and that several free alternatives (i.e. Firefox, Safari, Opera) are available for the users. Asking them to upgrade is not just a question of supporting your site, but just as much as improving security and user experience.
We need to spread the word as much as possible so you could blog about the campaign, join the facebook group or just talk to your friends.
You can get more norwegian news on tu.no/tema/ie6-kampen/.
How to begin
In the coming days, I will create a project page containing a guide on embedding a non-obstructive warning message to IE6 users, so all you need to do on your sites is embed this and you're playing an important role of the campaign.
Microsoft just discovered a potentially dangerous bug. Heise-online has a thorough explaination of the issue.
So what's the bug? In short terms: IE6 and 7 handles images based on a mixture of MIME sniffing, content-type header and byte-header sniffing (alias signature). When extension, content-type and signature disagrees the MIME-type kicks in. The issue arises when the MIME-type indicates HTML and it tries to act on it.
So what's the danger? Websites that naively displays images from users may be vulnerable to cross-site scripting, phising attacks or other indirect attacks. If your websites doesn't check the image for consistency (which it should) you may make it vulnerable to these "attacks".
What's dangerous is not the fact that there's a bug but that Microsoft only intend to fix it for Internet Explorer 8 leaving a lot of people vulnerable. In all fairness they are trying to promote IE8 but one might argue there are better ways of motivating people.
Luckily the bug isn't that easily exploited. Let's hope the crackers of the world are feeling lazy for a few years…
IE8 RC1 has been anounced but where are the joyful cheers and the popping champagne?
First, IE6 is still big
Well we still have IE6 to support with and since they decided not to support any new CSS3 features at all we still lack being able to make a modern site without the use filters (something as simple as the opacity property is still missing).
Second, IE7 spread slowly
We're still waiting for customers to take IE7 more seriously than IE6. In Denmark the tendency is still not leaning enough toward IE7. Knowing how long it took for IE7 to spread we can expect at least 3-4 years before IE8 reaches the same level as IE7.
Third, A new browser to support
IE8 introduces more IE-specific selectors which mean making opacity and fading effects now requires more lines of code. Good thing we got jQuery to do that 😉
But on the bright side IE8 will support CSS2.1 completely. This means that Microsoft will hopefully dedicate more time on bugfixing. IE8 is definitely a step forward but Firefox 2.0 would still be considered leaps ahead compared.