473,605 Members | 2,602 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Lots of noise about user agent strings

Seems developers of mobile applications are pretty much devoted to UA
sniffing:

<URL: http://wurfl.sourceforge.net/vodafonerant/index.htm >
--
Rob
Jun 27 '08 #1
35 2461
RobG wrote:
Seems developers of mobile applications are pretty much devoted
to UA sniffing:

<URL: http://wurfl.sourceforge.net/vodafonerant/index.htm >
Yes, it appears to be someone who has made a serious mistake complaining
about the reality that made it a mistake. Quoting a bit of that page
shows that quite a few false beliefs were behind the mistake:-

| All the way since the inception of the web, HTTP clients have
| had unique User-Agent (UA) strings which let the server know
| who they were. This mechanism was taken over as-is by mobile
| browser manufacturers. While there have been a few exceptions
| due to device manufacturer's sloppiness, it is accurate to say
| that 99.99% of the devices out there have unique UA strings
| which can be associated to brand, model and a bunch of other
| info about the device properties.

HTTP clients have not had unique UA strings for well over a decade now,
and even UA strings that were distinct from others were explicitly
designed to prevent the server from knowing which client was being used
(hence the "Mozilla" bit at the front of IE's UA header, it was put
there only to mislead servers).

And it is absolutely not the case the 99.99% of devices have unique UA
strings. I may not get to look at mobile device browsers that often but
to date the vast majority of the scriptable browsers I have examined
have had UA strings that were more or less indistinguishab le from those
of IE 6.

The bottom line remains that the HTTP specification defines the
User-Agent header as an arbitrary sequence of characters and does not
even require that the sequence of characters be the same for two
consecutive requests, let alone being in any sense unique. Any attempt
to treat something that is specified in that way as a source of
information is going to be a very obvious mistake.

Richard.

Jun 27 '08 #2
RobG meinte:
Seems developers of mobile applications are pretty much devoted to UA
sniffing:

<URL: http://wurfl.sourceforge.net/vodafonerant/index.htm >
A real expert:

"All the way since the inception of the web, HTTP clients have had
unique User-Agent (UA) strings which let the server know who they were."

He should probably try to understand web technologies and not write 43kB
of rant.

Gregor
--
http://photo.gregorkofler.at ::: Landschafts- und Reisefotografie
http://web.gregorkofler.com ::: meine JS-Spielwiese
http://www.image2d.com ::: Bildagentur für den alpinen Raum
Jun 27 '08 #3
VK
On May 27, 2:23 pm, Gregor Kofler <use...@gregork ofler.atwrote:
RobG meinte:
Seems developers of mobile applications are pretty much devoted to UA
sniffing:
<URL:http://wurfl.sourcefor ge.net/vodafonerant/index.htm>

A real expert:

"All the way since the inception of the web, HTTP clients have had
unique User-Agent (UA) strings which let the server know who they were."
What offense to you have to that?
User-Agent string is intended to let the server know who is requesting
the page, this is why they were created and how they are used since
Mosaic. Is your version being that it is a NCSA invented beatifying
ornament of HTTP request? Sorry to say then that it is utterly wrong
though semi-poetic version.

User-Agent are unique to each browser and each browser version unless
the browser code is manually reverse-engineered and altered by the end
user in violence of EULA. Such situation is definitely possible but
serious solutions do not normally account users surfing the Web with
hacked software: unless it is a special statistics collector.

The Vodafon problem is a problem causing money loss to the involved
MMS / media push providers. The problem is not deadly because the
agent info is not removed but only reformatted - yet such things are
not allowed anyway, the intermediary servers must not be refactoring
HTTP requests. Otherwise one day by typing example.com one will end up
in example.net because some intermediary server's admin will decide
that example.net is better as the target address. It is easy to start
and much harder to stop so, yes, such things should be squeezed out
right at the beginning.
Jun 27 '08 #4
VK schrieb am 27.05.2008 15:50:
On May 27, 2:23 pm, Gregor Kofler <use...@gregork ofler.atwrote:
>RobG meinte:
>>Seems developers of mobile applications are pretty much devoted to UA
sniffing:
<URL:http://wurfl.sourcefor ge.net/vodafonerant/index.htm>
A real expert:

"All the way since the inception of the web, HTTP clients have had
unique User-Agent (UA) strings which let the server know who they were."

What offense to you have to that?
User-Agent string is intended to let the server know who is requesting
the page, this is why they were created and how they are used since
Mosaic. Is your version being that it is a NCSA invented beatifying
ornament of HTTP request? Sorry to say then that it is utterly wrong
though semi-poetic version.

User-Agent are unique to each browser and each browser version unless
the browser code is manually reverse-engineered and altered by the end
user in violence of EULA. Such situation is definitely possible but
Opera was shipped a while in the default config of cloning IE6 to avoid
user problems.
serious solutions do not normally account users surfing the Web with
hacked software: unless it is a special statistics collector.
i dont think all those opera users hacked their software .-)

--
Mit freundlichen Grüßen
Holger Jeromin
Jun 27 '08 #5
VK
On May 27, 6:48 pm, Holger Jeromin <news03_2...@ka tur.dewrote:
Opera was shipped a while in the default config of cloning IE6 to avoid
user problems.
Opera never was shipped User-Agent string _cloning_ any of existing IE
User-String. In some older releases Opera's User-Agent string was
partially altered to contain some keywords most oftenly used for
server-side or client-side IE detection so it had "MSIE" and
"Microsoft Internet Explorer" in it. It still was vendor-specific
enough to detect Opera if one was targeted to detect exactly Opera and
not IE.

Opera is not alone nor it is the champion in this producer-humiliating
activity. All time the best in my collection are remaining some
releases of Safari with User-Agent string - and I'm not kidding -
"Mozilla/5.0 MSIE Microsoft Internet Explorer like Gecko; KHTML..."
with the part after KHTML giving the actual Safari-specific info.
Sometimes when I am depressed this "Microsoft Internet Explorer like
Gecko" cheers me up. :-)

In any case the User-Agent spoofing business faded out way of time ago
as the "brand putting down" impact proved to be much higher than any
possible immediate benefits.

For the client-side there is also navigator.vendo r string which is
more easy to parse for the producer name. It is not relevant for the
original Vodafon topic.
Jun 27 '08 #6
VK meinte:
What offense to you have to that?
User-Agent string is intended to let the server know who is requesting
the page, this is why they were created and how they are used since
Mosaic. Is your version being that it is a NCSA invented beatifying
ornament of HTTP request? Sorry to say then that it is utterly wrong
though semi-poetic version.
It isn't even "beautifyin g".
User-Agent are unique to each browser and each browser version unless
the browser code is manually reverse-engineered and altered by the end
user in violence of EULA.
A-ha. How come, that Firefox explicitly allows me to set my UA
identification string to whatever I want?

[fantasizing what is allowed and what not snipped]

Gregor
--
http://photo.gregorkofler.at ::: Landschafts- und Reisefotografie
http://web.gregorkofler.com ::: meine JS-Spielwiese
http://www.image2d.com ::: Bildagentur für den alpinen Raum
Jun 27 '08 #7
VK
On May 27, 8:55 pm, Gregor Kofler <use...@gregork ofler.atwrote:
A-ha. How come, that Firefox explicitly allows me to set my UA
identification string to whatever I want?
You are sounding like a child, really: "Look ma', I have just pulled
out a wheel out of my new toy car!. Am I cool or what?" :-)

I have no intention to stop you from your hacking exercises. After
Firefox is done
http://www.beatnikpad.com/archives/2...ent-in-firefox
please feel free to start pulling out another wheel :-)
http://www.pctools.com/guides/registry/detail/799/

As I said before it is perfectly possible in this or another way for
absolutely any browser on the market. Another question that it has no
relation to the real Web development. The amount of users going
through the User-Agent string change doesn't exceed the amount of
other inadequately acting groups of Web surfers: Lynx users, self-made
browser users, officially registered psycho cases with Internet
access: and other inevitable small shrink one has to expect in any
business involved with a big amount of people.

There is one puzzling point that bothers while reading similar to that
discussions. It is a bit OT to OP but overall fits well into User-
Agent string questions.
Let's us imagine that the cell phone radio pollution indeed did get
some unexpected brain cells damage effect - so every single user in
the world first thing of all finds the appropriate hack for her
proffered browser and changing the current User-Agent string to "There
is no Web, there is only Xul". Therefore server-side detection and
User-Agent detection as such become totally unreliable. The only hope
is the client-side feature detection (and a few remaining sane doctors
searching a remedy from the brain disease). So the dream of some came
true. Cool. I just have one small question:
Look at the User-Agent hacks for Firefox or at IE. Now look at this
chunk of code:
document.getFoo bar = new Function;
window.alert(ty peof document.getFoo bar);
or
document.getFoo bar = new Object;
window.alert(ty peof document.getFoo bar);
So now the question: who and why had decided that much more labor and
skill intensive procedure will be most probably used - but an easy
like a moo-cow runtime feature spoofing will never be? Was it some
common "internal feeling" or at least once there was a reasonable
discussion on the subject? What were the arguments? Thank you in
advance.
Jun 27 '08 #8
VK meinte:
On May 27, 8:55 pm, Gregor Kofler <use...@gregork ofler.atwrote:
>A-ha. How come, that Firefox explicitly allows me to set my UA
identificati on string to whatever I want?

You are sounding like a child, really: "Look ma', I have just pulled
out a wheel out of my new toy car!. Am I cool or what?" :-)

I have no intention to stop you from your hacking exercises.
As I said before it is perfectly possible in this or another way for
absolutely any browser on the market.
In case you forgot, 4 hours 21 minutes earlier you stated:

"User-Agent are unique to each browser and each browser version unless
the browser code is manually reverse-engineered and altered by the end
user in violence of EULA."

--
http://photo.gregorkofler.at ::: Landschafts- und Reisefotografie
http://web.gregorkofler.com ::: meine JS-Spielwiese
http://www.image2d.com ::: Bildagentur für den alpinen Raum
Jun 27 '08 #9
On May 27, 8:23 pm, Gregor Kofler <use...@gregork ofler.atwrote:
RobG meinte:
Seems developers of mobile applications are pretty much devoted to UA
sniffing:
<URL:http://wurfl.sourcefor ge.net/vodafonerant/index.htm>

A real expert:

"All the way since the inception of the web, HTTP clients have had
unique User-Agent (UA) strings which let the server know who they were."

He should probably try to understand web technologies and not write 43kB
of rant.
The complaint is based on the belief that the UA string is the only
viable way to reliably deliver web content and downloads to mobile
devices. The owners of these sites want users to be able to download
games, software, ringtones, etc. to their mobile devices and have
confidence that they should work.

As a result, they have a database of thousands of UA strings that are
used to identify the browser and device and attempt to deliver
appropriate content.

It seems to me that they've ignored the simplest of solutions, which
might include delivering small test downloads so the user can discover
what works on their device (or not), or to just ask the user what
device they are using.

I don't have any experience in developing or using such sites, I was
wondering if anyone here has and can comment on the situation.

--
Rob
Jun 27 '08 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

13
5727
by: Erik | last post by:
I want to write a Server Side PHP program that generates a HTML page client side. How would I get at the clients' screen size, before serving the generated page ? Would it be a two-step process: first let the client execute a piece of JavaScript to generate Height and Width, and then send those values to the PHP server (FORM, PUT) ? Or can it be done in only one PHP program ?
60
7239
by: Fotios | last post by:
Hi guys, I have put together a flexible client-side user agent detector (written in js). I thought that some of you may find it useful. Code is here: http://fotios.cc/software/ua_detect.htm The detector requires javascript 1.0 to work. This translates to netscape 2.0 and IE 3.0 (although maybe IE 2.0 also works with it)
3
2003
by: LIN | last post by:
Hi, In my log files I often simple 'Mozilla' as UserAgent. In that case what may be the browser type. If Mozilla/4.0 is the UserAgent can we take it as a Netscape Browser. LIN
3
1353
by: Raventhorn | last post by:
I am having problems that I also saw people having in the ASP.NET forums with menus and people coming to a site with weird user agent values. Is there a way to access the user agent before the user hits the site so we can determine which ones are screwing up our site? Also, is there a list of user agents available for different browsers?
1
3717
by: Bill | last post by:
Is there a fast way, with Classic ASP, to determine if a user agent is a search engine spider? I know that ASP.NET has Request.Browser.Crawler, I'm looking to see if classic ASP has something built in, or do I have to look for strings in the user agent. Thanks!
5
7046
by: Gordon | last post by:
As part of a data collecting system (basically a system that collects submissions from forms), I was planning on logging a bit of data about the submitting user agent for the purposes of spotting things like multiple submissions. We don't want to block multiple submissions altogether, we just want to be able to easily spot them. My idea was to use the $_SERVER fields to get some data about the user agent, md5 the collected data and...
0
7931
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
8423
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
1
8067
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
8281
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
6740
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
0
5444
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
3956
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
2437
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
0
1270
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.