Hacker News new | past | comments | ask | show | jobs | submit login

Feature detection isn't the only use case User Agent strings service, two I've seen frequently are:

* Exception Tracking - The User Agent string is usually attached to exceptions to aid in reproduction.

* Outdated Client Detection - Primarily in internal dashboards in BYOD environments, I've seen the server display an error when a known outdated/insecure browser connects.

When Safari froze their UA, another big one that came up was browser bugs. Specific versions of browsers on specific platforms have bugs, and you need to be able to tell your user to upgrade.

Please use the latest supported browser.

There, I just told you to upgrade without sniffing UA.

No user is going to see that sentence. They're going to read right past it, click some button, it doesn't work, "this site sucks" and go somewhere else.

I'll take that over a feature that just gets abused for all kinds of things and will create breakage which makes users just go elsewhere because it's broken.

It is ridiculous for every website to be babysitting their users software, when we already have operating systems that keep software up to date, package managers that keep software up to date, and software that keeps itself up to date.

If I need to make a really important website that can't lose users like that, I just need to make damn sure it works with any relevant browser without any UA sniffing hacks that will bite back down the line.

If I'm making some bleeding edge crap that really needs a bleeding edge browser, I'm sure I can find a place for that sentence where most users will find it, and if I lose a few users, it probably isn't that big of a deal. Chances are I'd lose more users anyway due to many not wanting or being able to update for any number of reasons.

Also, "please upgrade, then call back" is always the first point on any support call checklist.

On the web you've lost 95% of users before they contact support

Possibly add a randomized date to new UA, in range from last fixed CVE, to browser compilation date

That would avoid feature detection, but still create epochs to disallow insecure browsers


For exception tracking, the best I can suggest is getting screen size + other features; then storing them, ready to pass with the exception

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact