In 1999, I was an intern at a company in India. We wanted to put a machine in a datacenter, and the datacenter admin asked us to set the Administrator password to "password". Turns out that all the other companies that put their boxes in that datacenter did the same. Infosys was one of those companies.
Epic! Hope you don't mind my quote here. I enjoyed it :-)
"...I glanced over at the other boxes, and they all had stickers on them saying "Administrator/password"...The three of us from TSPL looked at each other, and our president told me to decide. I asked the datacenter guy why he needed that. He said that sometimes they need to shutdown the boxes so they can move them to a different power strip. I asked him if it would be sufficient to give him an account that only had local access and could only reboot the box. He thought about it for a bit and said yes... So I created a new account that required a physically attached keyboard for login, and all it had was the ability to reboot the box. Our app was set up to start up automatically on boot, so we weren't worried about someone having to start it. DC guy physically locked the box to a rack, showed us that he was keeping they key, and we headed back to the office...
...We now needed to test our setup, so we asked everyone in the office to let us use the internet connection. We tried accessing our app, and it worked!...
...Since I had Admin access to our box, I was also able to open the "Network Neighbourhood" of our box in the datacenter. On that network, I saw all the other hosts that were in the datacenter. They had names identifying them from India's largest IT companies. These were companies I'd initially though of interning at...I looked at our president and grinned, and he looked back and said, "Send me a safe summary report when you're done" and walked off to his office.
I double clicked on one of the other big boxes and was prompted for a username and password to connect to it...
I'm not sure how you came to the conclusion that "Akamai is whining" about this. It's an informational blog post about what's happening and what's changing.
User Agent strings aren't used for feature detection, they're used for classification. As a developer, when you're trying to fix a bug reported by a customer, it helps to know exactly which browser right down to the patch version that bug shows up in so that you can try and reproduce the bug in the same environment.
Odd response—especially the (perversely ironic!) dig in your first sentence. The blog post states:
> At Akamai, we use the User-Agent header at the edge and as part of many Akamai products for business logic
The post then goes on to describe several things that are expected to break (or would be breaking—if Akamai weren't taking steps on their end) since they rely on the value of client's User-Agent header, and it affects how they respond. It's definitely not just for being used at Akamai to help reproduce bugs in the same environments...
Then you can ask the customer. You have a relationship with them.
Akamai uses user-agent strings in its Bot Manager. They see what specific version of what browser you're running, then check certain characteristics of the request (eg header order) against a database. That isn't going to work anymore.
And good riddens. It makes the internet brittle and isn't especially hard to work around anyway.
> I'm not sure how you came to the conclusion that "Akamai is whining" about this
I largely overstated that. Of course. However, my feeling throughout the entire post is that it was like they were announcing bad news about which they were not too overly about this because they based their optimization strategy on this. I was like "the world told you so".
As the author of the post... :) We don't see this as bad news, quite the opposite in fact. Feature detection (if you're running JavaScript), Client Hints (if you're running code at the edge), etc are all a lot better to use for logic decisions. We've been making changes to rely less on the UA header directly for our Akamai products.
Our goal of the post was more around educating our customers, who may not be aware of these changes, and these changes can affect their custom logic, if they depend on the UA.
Back in the 90s the Microsoft version was "Embrace and Extend" which really meant, adopt a standard and then change it so that the original implementation no longer works.
Fun times. I remember back in the year 2000, during the dot com craze, there was a company in India that built a clone of "Who wants to be a millionaire". It was in beta and there was no real cash or prize involved.
They had all the answers stored in the source code. I wrote up a quick perl script to play the game and unfortunately left it running overnight, and in the morning there were complaints from other players asking how I'd reached the top rank so quickly.
