Microsoft Edge bug odyssey shows why we can't have nice things

Content Length != Range?

You may want to inform web cache makers too - how they rationalise Range can Vary..

It's not that we can't have nice things...

It's that Microsoft is too incompetent to deliver anything nice.

"You've found a security flaw in our stuff? We'll think about fixing that in about three or four months. Your bug bounty? Forget it, we ain't payin' you shite. Thanks for using Microsoft!"

We can have nice things, we just can't get them from Microsoft.

Expecting Professionalism?

NOPE!!

"Entropy, Clippy. Startup-tier levels of entropy."

Depressing

The four biggest browsers all failed to validate their inputs? 1980 called. They want their vulnerability back.

Actions Speak

The actions of Mozilla and Slurp speak volumes about the organizations. One acknowledges reports and deals with as fast as possible. The other seems to be either too disorganized or suffering from bureaucratic infighting to react. Firefox will get patched in a reasonable time period without prompting; Edge might get patched when some slob bestirs himself to actually do something possibly after several months of harassing.

It is obvious which browser should be trusted: Firefox.

"That's not a bug, that's a feature!" M. Zuckerberg

Archibald contends the bug is significant. "It means you could visit my site in Edge, and I could read your emails, I could read your Facebook feed, all without you knowing," he said.

https://www.nytimes.com/interactive/2018/06/03/technology/facebook-device-partners-users-friends-data.html

Facebook has reached data-sharing partnerships with at least 60 device makers — including Apple, Amazon, BlackBerry, Microsoft and Samsung

“These partnerships work very differently from the way in which app developers use our platform,” said Ime Archibong, a Facebook vice president. Unlike developers that provide games and services to Facebook users, the device partners can use Facebook data only to provide versions of “the Facebook experience,” the officials said.

Microsoft Edge?

You mean the Chrome/Firefox/(insert name of alternative browser) downloader app?

Its about time the EU banned microslurp from disabling any way of uninstalling edge. I'd like to rid windows 10 of it.

Malicious compliance

I'm waiting for the other side of the story to show up in Reddit's malicious /r/MaliciousCompliance

why edge?

I seriously wonder why Microsoft still bothers with Edge. It doesn't bring in any revenue and has negligible marketshare.

They could just as well strike a deal with Mozilla to have a MS-branded Firefox in Windows (defaulting to Bring), and save some $$$.

(I presume a similar deal with Google would be a bridge too far.)

Yes, but

it would be interesting to know if Mozilla's response would have been equally prompt if the reporter hadn't been Jake Archibald or some other household name amongst web / browser developers, but rather an anonymous user.

From Hell's Heart I Code At Thee

Four years ago I would have written this off to Microsquish's abysmal decline into the Eighth Circle of Hell, Ballmer/Sinofsky. Since Nadella took over in 2014, Microsquish has slowly climbed from the depths of technical hell and they are a long way up from the bottom they once plumbed. But they are not out. Not by a long shot, apparently.

Satya has much to do. I see him doing most of it in his cloud services. However he is one man and I, frankly, don't see a lot of support from amongst his senior executives. Any organization as entrenched as Microsquish will have inertia for the status quo, and any changes (which are necessary for their very survival) will be opposed.

I fear we are seeing the same behavior that nearly destroyed the MS product still evident in its responses to criticism (which is the way MS perceives bug revelations).

I, for one, would welcome a "giant flushing sound" from Redmond. Something still rots in the bowels of Microsquish.