Tag Archives: internet explorer

Why does Rails do utf8=✓

I noticed Rails apps always does utf8=✓ in their URLs. Rails at one point of time even placed a snowman unicode glyph. Here’s what Yehuda Katz has to say on this regard:

This parameter was added to forms in order to force Internet Explorer (5, 6, 7 and 8) to encode its parameters as unicode.

Specifically, this bug can be triggered if the user switches the browser’s encoding to Latin-1. To understand why a user would decide to do something seemingly so crazy, check out this google search: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=diamond+with+a+question+mark+in+it. Once the user has put the web-site into Latin-1 mode, if they use characters that can be understood as both Latin-1 and Unicode (for instance, é or ç, common in names), Internet Explorer will encode them in Latin-1.

This means that if a user searches for “Ché Guevara”, it will come through incorrectly on the server-side. In Ruby 1.9, this will result in an encoding error when the text inevitably makes its way into the regular expression engine. In Ruby 1.8, it will result in broken results for the user.

By creating a parameter that can only be understood by IE as a unicode character, we are forcing IE to look at the accept-charset attribute, which then tells it to encode all of the characters as UTF-8, even ones that can be encoded in Latin-1.

Keep in mind that in Ruby 1.8, it is extremely trivial to get Latin-1 data into your UTF-8 database (since NOTHING in the entire stack checks that the bytes that the user sent at any point are valid UTF-8 characters). As a result, it’s extremely common for Ruby applications (and PHP applications, etc. etc.) to exhibit this user-facing bug, and therefore extremely common for users to try to change the encoding as a palliative measure.

All that said, when I wrote this patch, I didn’t realize that the name of the parameter would ever appear in a user-facing place (it does with forms that use the GET action, such as search forms). Since it does, we will rename this parameter to _e, and use a more innocuous-looking unicode character.

Very funky although this has since become my standard way of determine if the application is running on Ruby on Rails.

Promising changes in IE9

Microsoft Internet Explorer 9 actually looks promising.

Welcome To A More Beautiful Web – Welcome To A More Beautiful Web – Internet Explorer 9

While the internet has kept up with every changing needs, however the way we experience hasn’t, until now! Welcome to a more beautiful web with Internet Explorer 9. Internet Explorer delivers a more beautiful Web by using the full capabilities of Windows and PC hardware so your Web sites and applications are as immersive as the native applications running on your PC.

Bing is now default search engine on IE6

What a terrible practice. Microsoft appears innocent by claiming it is currently investing a solution.

Bing Is Now Your Default Search Engine On IE6, Whether You Like It Or Not

The Next Web reports that users of Internet Explorer 6 are being forced to use Bing as their default search engine — even if they’ve manually switched their preference to another search provider, like Google. Attempts to switch the browser to something other than Bing result in an error message.

While the vast majority of users affected probably won’t even notice the change, some are beginnig to complain (you can find threads in Google’s forums here and here). Microsoft has confirmed the issue to Search Engine Roundtable, explaining that it is currently investigating a solution. (Source: Techcrunch)

By the way Bing is currently my 2nd top referrer.

Critical IE vulnerability found, browser switch recommended

Critical Internet Explorer vulnerability found, browser switch is recommended.

Serious security flaw found in IE

The flaw in Microsoft’s Internet Explorer could allow criminals to take control of people’s computers and steal their passwords, internet experts say.

Microsoft urged people to be vigilant while it investigated and prepared an emergency patch to resolve it.

Internet Explorer is used by the vast majority of the world’s computer users.

Said Mr Ferguson: “If users can find an alternative browser, then that’s good mitigation against the threat.”

But Microsoft counselled against taking such action.

“I cannot recommend people switch due to this one flaw,” said John Curran, head of Microsoft UK’s Windows group.

He added: “We’re trying to get this resolved as soon as possible.

“At present, this exploit only seems to affect 0.02% of internet sites,” said Mr Curran. (Source: BBC)

Browsing vigilantly is not something a normal user can do unless only use your web mail. The internet is filled with links all around. Even once in a while I ended up on phishing sites I try hard to avoid. It could be just an innocent advertisement.

Description:

A vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to compromise a user’s system.

The vulnerability is caused due to a use-after-free error when composed HTML elements are bound to the same data source. This can be exploited to dereference freed memory via a specially crafted HTML document.

Successful exploitation allows execution of arbitrary code.

NOTE: Reportedly, the vulnerability is currently being actively exploited.

The vulnerability is confirmed in Internet Explorer 7 on a fully patched Windows XP SP3 and in Internet Explorer 6 on a fully patched Windows XP SP2, and reported in Internet Explorer 5.01 SP4. Other versions may also be affected. (Source: Secunia)

I would recommend a temporary switch to a competing browser.

Why Ubuntu is better than Windows XP

Here’s a screenshot of a website for Windows XP:

Trojan in Windows XP

(Trojan in Windows XP.)

There is an animation of a Windows scanning utility discovering lots of trojan, an anti-spyware tool would be offered at the end. It tricks users into install something that they claim secure.

Here’s the same website in Ubuntu with the same animation:

Trojan in Ubuntu

(Trojan in Ubuntu.)

The screenshot would probably look realistic to a naive Windows XP user. And when you install the additional checking tool, who knows, you may end up with a virus.

I tried installing it in Ubuntu and couldn’t. Me sad.

[Thanks Irene for showing me the site.]