Just Add Salt
I've always been annoyed by websites and systems that have requirements for what kind of password you can use. GoDaddy, for instance, requires its FTP passwords have an uppercase letter and a number or it will not accept your password; and UC Davis requires your password be at least 7 characters long (and strangely, no more than 8). At first glance, this seems like good security practices, preventing users from picking weak passwords. But the fact of the matter is, a properly build system should be just as secure if a user picks a terrible password like apple as if they picked something ridiculous like'@pPl3S4uCe'. This article is an in depth analysis of the several options developers have to safely store user's passwords, and why requiring hard passwords is not the way to go.
Microsoft's New Plan
Well what do you know - the people seem to have won out against the powers that be - a friend linked me to this IE Development Blog Entry, and it seems the IE development team has changed their mind. The article suggest the primary reason may be Opera's lawsuit filed in the European Union, though I'd like to think that it had more to do with the general public consensus. In either case, this particular fight is almost over.
The posting does not address what will happen in future editions of IE, will they continue allowing people to build for IE7 well into the future? Will standards only be slightly better off, or will future versions retire older versions, like they should? This is a highly important question which needs to be answered before we all celebrate.
Breaking Web Standards Forever
I've been following the debate over Version Targeting on A List Apart for a little while now, and felt like I should throw in my two cents. I would suggest reading these Pro and Con articles on the subject to give you a decent idea of the arguments for and against.
Here's a brief description of what Version Targeting is - if you already know, go ahead and click 'Read More' and skip over this. There was a time when Internet Explorer 6 controlled more than 95% of the browser market – and of course everyone built their websites around IE6 - HTML/CSS standards were little more than ideals, if a developer had even heard of them at all. Then, in late 2006, Microsoft rolled out Internet Explorer 7, their first browser update in six years. This new browser still has quirks and errors, but it is far, far more standard-compliant than IE6 was. What happened next was referred to as the breaking of the web – suddenly all those websites built for IE6 didn't work, and many developers had no idea why. If you switched from IE6 to 7 shortly after it was released, you probably came across some websites that looked broken, didn't work quite right, or just flat out failed to render.