This is my last blog post on 360. Yahoo will be shutting 360 down soon. 360 never made it out of beta. So sad.

This blog is moving to Yahoo! Profiles at http://profiles.yahoo.com/blog/GSBHPXZFNRM2QRAP3PXNGFMFVU. The blog facilities at Profiles are strictly inferior to those at 360. Hopefully, Profiles will quickly improve over time. I wish that Yahoo had made Profiles strictly better than 360 before shutting 360 down.

Since the beginning, browser makers have been forced to lie in order to protect themselves from incompetent web developers. This can be seen most clearly in the userAgent string. The Mozilla browser has gone extinct, yet most browsers identify themselves as some version of Mozilla. This is because there are websites that were developed by idiots that sniff the userAgent string and reject requests that are not from a Mozilla browser. The number of webmasters who caused this is significant enough that IE and Safari still intentionally misidentify themselves in order to avoid losing market share.

The only honest browser is Opera, which identifies itself as Opera. Unfortunately, Opera has been snagged by another dimension of webmaster stupidity.

Opera is now testing Opera 10. It turns out that Opera 10 fails on many sites that tolerate Opera because there are imbecilic coders who assumed that the version number would always be less than 10. So Opera has been forced to lie. It is going to be identifying Opera 10 and above as Opera 9.80.

Opera is the first to get to 10. Netscape's failures stopped it at 8. IE stopped at 6 because Microsoft thought the web was finished. They have resumed, but have only gotten up to 8 since the hiatus.

If you are a developer, check your code. It really isn't hard to do this stuff correctly. It really isn't.

OAuth - It's the best that the wrong way of doing things can provide.
Mike Stay

Web security is like medicine - trying to do good for an evolved body of kludges.
Mark Miller

I talked with the CTO of a company that makes DLNA devices. I told him about the problem I found in the DLNA Guidelines:

The DLNA home network becomes a vector for delivering viruses, assault advertising, and spam programming to every digital media device in the home. DLNA will make it possible for people to experience everything they hate about their computers and the Internet with their TVs. Viruses that take over the PC will be able to take control of all home media. Viruses can change channels, delete programs, replace programs with evil programs, and possibly infect the other devices. A virus in the computer can launch a Denial of Service attack against the TV. DLNA has no security mechanism of any kind to protect the home system.

He said that no one would create such attacks. I reminded him about the current state of email and spam, and then he admitted that the attacks were likely. He suggested that a solution might be to have the TV and computer authenticate each other. I showed him why that wouldn't work. He then suggested that people would need to get firewalls in their home between the computer and DLNA devices. I explained why that was also a really bad idea. Finally he expressed optimism that eventually DLNA will eventually identify and solve the problem somehow.

I think that the computer-engineering approach to convergence can be just as wrong as Hollywood's approach. Consumers do not need and have not asked for the Digital Living Room. They will reject it if it is not really easy to use, or if it does not deliver high value and convenience, or if it introduces problems. The media companies have looked at the threats but not the opportunities. The technology companies have looked at the opportunities but not the threats.