Browser Support in My Books

A number of my books rely on browser output to show the result of various coding techniques, including Security for Web Developers, HTML5 Programming with JavaScript for Dummies, and CSS3 for Dummies. I try to keep up with changes in technology with my books and I’m currently testing the code in all three books with Internet Explorer 11. According to a recent ComputerWorld article, users of older version of IE only have six weeks to make an update to the new version. They can also use the Edge browser or move to a competitor’s browser. My books list the browsers I used for initial testing of the source code, but I do try to at least check the code with newer browsers to ensure you have a good reading experience. In this case, the check is critical because I can’t expect you to rely on unsupported software to use my books.

When I originally wrote each of these books, I had at least one technical editor and a number of beta readers checking my code under various conditions to ensure the code would run as advertised on the maximum number of systems. I no longer have the support, so I’m testing these updates on just my systems. If you encounter a problem with the source code of any of these books, please be sure to contact me at John@JohnMuellerBooks.com. Now, here’s the important part. Make absolutely certain to let me know that you’re using a newer browser—one not originally tested in the book so I can handle your query correctly and also provide an update on my blog. Your input will help other readers.

Whenever possible, I encourage readers to use the environment described in the book to write their own code. Doing so reduces the potential for problems because I know that the environment is tested by a number of people in a number of environments. However, sometimes using the original environment isn’t possible any longer, such as this instance where Microsoft is putting its collective foot down and forcing an update. Please be sure to write me if you have any questions about the source code for these book. Thanks, as always, for your continued support!

 

Applauding the Death of ActiveX – Maybe

I still remember when Microsoft first introduced ActiveX in 1996. The technology was supposed to greatly simplify web applications. I even wrote ActiveX from the Ground Up to provide simplified technical information on using ActiveX (the book helped a lot of people, but some developers were looking for something a bit more technical). The idea was to extend Microsoft’s Object Linking and Embedding (OLE) technology to the Internet to make it possible to reuse code and to allow applications to share data.

The problems with ActiveX are many. The simplest of these problems is that ActiveX only works with Internet Explorer and only on Windows and Macintosh systems. The limitation means that ActiveX really doesn’t have a place with modern application development where everything has to run everywhere. However, even with this limitation, ActiveX is a security nightmare because it’s literally an invitation for anyone with any sort of code writing savvy at all to invade your system. Because these controls have complete access to your system (they don’t run in a sandbox), a hacker exploiting them can literally do anything and get by with it. Even Microsoft spent a good deal of time telling you how to protect yourself from the security issues that come with ActiveX control use. In short, using ActiveX controls are a truly horrid idea.

That’s why I’m pleased to mention that ActiveX will soon be dead—at least, from the perspective of new browser development. The new Edge browser won’t include any form of ActiveX support. Unfortunately, Internet Explorer (IE) will continue to hang around for quite a while, which means that a lot of old browsers out there will continue to represent a potential and potent security risk. On the desktop, IE11 has about 27.22 percent of the market share, IE8 13.58 percent, IE9 6.76 percent, and IE10 5.55 percent, for a total of 53.11 percent of the market. There is a high chance that someone out there has ActiveX running and that ActiveX control is causing everyone else woe.

Unfortunately, Edge won’t be available for Windows 7 and older versions of Windows, so you know that those older versions of Internet Explorer will hang around forever. Given the security risk that ActiveX represents, you’d think Microsoft would want to save itself some trouble and make Edge available for everyone. Consequently, even though ActiveX is eventually going to go away, don’t look for it to die immediately. Let me know your thoughts on Edge, ActiveX, and the potential problems with older versions of IE at John@JohnMuellerBooks.com.

 

Updating Your Copy of Java

It’s almost never a good idea to keep really old versions of software on your system that provide some sort of security or Internet access functionality. One of the worst technologies in this regard is Java. It seems like everyone wants to pick on every security flaw found in Java, probably because the language is so incredibly popular and it’s available on just about every platform on the planet. There have been all sorts of attempts by vendors to remove Java because it’s perceived as such a problem. Microsoft is now trying to take some action regarding Java. You can read the full details in Microsoft to block outdated Java versions in Internet Explorer on ZDNet. However, the short version is that if you’ve been holding off updating your copy of Java, you can’t wait much longer and expect it to continue working.

Of course, this news brings me to my books. A number of my books either discuss Java directly or rely on Java in some other way that depends on Internet Explorer support. For example, when working with Java eLearning Kit for Dummies, you need to use Java and if you’re working on the Windows platform, it’s likely that you’re using Internet Explorer. If you’ve also been limping along with that really outdated copy of Java, the examples in the book may not work after Tuesday (August 12). Microsoft has a way of slipping in updates at times in ways that people really don’t catch until it’s too late.

Mind you, I think this is a good update because old software is just too easy exploit by those nefarious individuals trying to steal your credit information and turn your computer into a zombie. Of course, updates can create havoc with book examples as well. If you do perform an update and find that you’re having a problem with an example that used to work in books that rely on Java, please be sure to let me know about it at John@JohnMuellerBooks.com. I want to ensure your book examples continue to run even after the much needed update.

 

jQuery 2.0 and My Books

A number of readers who know that I work extensively with jQuery have written to tell me about changes to the support it provides for older versions of browsers. In fact, you can read about these changes in a recent InfoWorld article, “jQuery 2.0 drops support for old versions of Internet Explorer.” The article title is misleading because there are also apparently changes for other browsers such as Firefox and Chrome as well. My advise is to test your application to ensure it actually works as anticipated with the browsers you want to support before you upgrade to jQuery 2.0 in a production environment.

Of course, the concern from readers is that the code in my books will suddenly stop running in their browsers. There is no need for concern. Even though the examples in my latest book have an URL that points to http://code.jquery.com/jquery-latest.js, if you follow the link you’ll find that it actually uses the 1.9.1 version of the library, not the 2.0 version. If you want to be absolutely certain you won’t encounter any problems, you can always change this URL to http://code.jquery.com/jquery-1.9.1.js, which ensures you’ll continue using the 1.9.1 version no matter how the library changes its site.

As to whether I plan to use the new version of the library in upcoming books, it depends on what I see as trends in the market and requests that I receive from readers. As things are now, I probably won’t visit the 2.0 version in my books unless readers specifically request it. Even then, the majority of examples in my books will continue to use the 1.9.1 version until such time as the older browsers it supports lack sufficient market presence to make it a worthwhile tradeoff to continue using the older library. In other words, I’ll continue to support the version of the library that works for most people.

Your input is important to me. If you have a particular preference that differs from what I have stated in this post, please let me know at John@JohnMuellerBooks.com. My goal is to provide books that meet the needs of as many people as is possible. At some point, if enough readers find that the older examples in my books simply don’t work, I’ll do what I usually do and provide updated examples in my blog. Please be sure to let me know your thoughts about third party JavaScript libraries in general and jQuery in specific.

 

Are Enforced Updates a Good Idea?

I currently have a system running Windows 98 in my home because there are some older games and other applications that I still enjoy using on that platform. The system isn’t connected to the Internet or any other machine because I consider the system a security hazard. I’ve set this system up for the sheer pleasure of seeing some of my old applications come to life again and to make use of some older hardware that still works just fine. The system has our movie database on it and a few other non-business items. However, the fact remains that this system would be unsafe to use to browse the Internet. It would probably be infected to the point of being unusable in a matter of hours (if it lasted that long).

Generally, when it comes to my Internet-connected systems, I use the latest software available to keep my systems secure. The software isn’t allowed to languish until it reaches an unprotected state either. I test every available update on one machine. If it works and I don’t see any major problems, I deploy it to all of the other systems I own on the same day. One of the major ways to keep your systems safe is to ensure you’re running the latest version of the software—the one with all of the latest bug fixes.

For most developers, debugging is an ongoing process. Although it seems is if it would be possible to squash every bug in the application after one carefully conducted review, the reality is that most applications are complex enough that even a team of developers can’t find every bug in multiple reviews, much less one. It also doesn’t help that many companies rush products to market long before they’re ready because they need to generate money from that product in order to remain solvent. So, from a certain perspective, we’re all beta testers and those bug updates are a requirement if we want to keep our systems running properly in the hostile environment of the Internet.

Unfortunately, not everyone is as conscientious as I am and some people are downright suspicious of updates. So, I can understand
Microsoft’s perspective about employing forced updates of some of their
products when those products are attached to an unfriendly Internet.
Just in case you haven’t heard it, Microsoft is going to start automatically updating Internet Explorer users. However, Microsoft is hardly the first one to the party with enforced updates. A lot of other vendors use this tactic as well. Many products today include a forced update feature. Most allow the user to opt out of the forced update, but the default setup relies on forced updates to keep less skilled user’s machines updated.

There are many advantages to using forced updates. The most important is that using forced updates keeps everyone on the Internet safer. The fewer machines that nefarious individuals can exploit, the better. Forced updates also reduce vendor support calls and could therefore help keep software costs lower. Using forced updates can also improve the user experience and make users more productive. For all these reasons, and more, I see forced updates as a big win for the less experienced user, especially the home user who is currently susceptible to every sort of virus and intrusion out there.

However, there is a down side to using forced updates. All users find them intrusive. Even if the update is silent, it uses resources during the update process. As a result, the user’s system suddenly slows down, which could actually cause some number of support calls when the update process is a resource hog. Forced updates are also a cause for concern in corporate environments where running untested software can cause a host of interoperability problems with custom software. Expert users also find forced updates a problem because the update can (and usually will) cause problems with the user’s custom configuration.

I’d also like to see forced updates provide a wait feature. Some users will apply unauthorized fixes to repair a bug until an update comes out. These unauthorized fixes tend to cause problems with the update. Giving the user a chance to remove the unauthorized fix before the update occurs will keep the update from actually trashing the user’s system. Personally, I never use these unauthorized fixes simply because they do have such a huge potential for causing more problems than they fix. However, some users don’t have the option to wait for the update to come out and must rely on an unauthorized fix.

So, what is your opinion about forced updates?  Are they a good idea? Generally, I see them as a win for novice and home users, but less helpful to corporate and expert users. Let me know your opinion at John@JohnMuellerBooks.com.