I had to reboot one of the Windows servers on Thursday, at which point the GDI+ checker installed by Tuesday’s security fix popped up a message explaining that there was still some software with the JPEG vulnerability. OK, fine, I’ll run it again and see what’s missing. So I clicked on, well, OK
, and it pulled up Internet Explorer.
More to the point, it pulled up Internet Explorer 2.0.
You see, that machine has some leftover files from a previous OS, and somehow the GDI+ utility picked up on that copy of iexplore.exe. Of course, it could barely handle the vulnerability info page — no ActiveX of course, and it even displayed raw JavaScript code at the top of the page because it wasn’t hidden inside a comment! (Even Lynx can handle that now!)
But once I fired up IE6 to actually run the test, I figured as long as I had the old one running, why not check a few site layouts? Or some browser sniffers, and see what it claimed and what it could handle?
Almost nothing, as it turns out. It couldn’t even find any of the sites I tried. And from the way it couldn’t find them, I realized exactly what was missing: it couldn’t handle virtual hosts.
In the old days, a web browser connected to a machine by IP address and just asked for whatever site it had. You knew what you’d typed in, of course, and that’s how it would bookmark it, but it didn’t say anything to the server because it didn’t need to. As the web grew, it quickly became clear that this would waste both computers and IP address, and “virtual hosting” was invented. Now, when your browser requests this page, it says, “Host: www.hyperborea.org” just in case the server handles more than one website. Support for this became standard in 1996 or 1997. IE 2 missed the boat — it was released in November 1995.
I’ve always said that IE wasn’t much of a browser until 3.0. It’s even more true now: you can’t even reach large chunks of the web with anything older.
But then, would you want to?