I told you last year how the name of the Safari browser for OS X was chosen, and now the man who took care of the development of the entire project tells us how everything was kept secret. At the end of the '90s, Don Melton was chosen to lead the team that would develop Safari, the browser being initially disguised as a version of Internet Explorer for Mac. The team that was going to develop the project did not know what they were working on until they accepted the challenge and of course it was hidden in one of the buildings of the Apple campus in Cupertino.
For much of the time we spent developing Safari — long before it was called by that name — it pretended to be Microsoft Internet Explorer. Specifically, Internet Explorer for Mac, which Apple had provided with the OS since 1998. Not only was I tasked by Scott Forstall with building a browser and building a team to build that browser, I had to keep the whole damn project a secret. Which, by the way, really complicated the shit out of hiring most of the original team since I couldn't tell them what they were working on until they took the job.
Even if the team was hidden and no one talked about the browser, the world could find out everything that Apple was developing by simply analyzing the logs of the servers on which the websites visited by the team members were hosted. To avoid this, Safari was initially "disguised" in Internet Explorer and then in Mozilla's Firefox, all to keep the project secret until 2003 when Steve Jobs officially presented Safari for OS X in a Apple conferences.
When a Web browser fetches a page from a Web server, the browser identifies itself to that server with a user agent string — basically its name, version, platform, etc. The browser also gives the server an IP address so the server knows where to return the page. This exchange not only makes the Web work, it also allows the server to tell who is using what browser and where they're using it. Back around 1990, some forward-thinking IT person secured for Apple an entire Class A network of IP addresses. That's right, Apple has 16,777,216 static IP addresses. And because all of these addresses belong together — in what's now called a "/8 block" — every one of them starts with the same number. In Apple's case, the number is
17. IP address17.149.160.49? That's Apple.17.1.2.3? Yes, Apple.17.18.19.20? Also, Apple.17.253.254.255? Apple, dammit!
Despite the fact that Apple has registered an entire class of IPs in its name and anyone can see extremely easily when an Apple employee visits their website, the browser identifies itself to websites using the identifiers of other browsers available at the time. In this way, the team managed to keep everything secret during the tests, the measures taken by them being probably used today for other similar projects.
Even though we operated the project like some CIA black op — with loyalty oaths and all — we couldn't let Safari be "Safari" when we used it on the Apple campus network. Otherwise, some Web server administrator somewhere might be scanning their log files and notice the connection between user agent string and IP address origin. Then the big surprise Steve Jobs wanted to unveil at MacWorld on January 7, 2003, would be shot. So we hid my cleverly designed Safari user agent string whenever we were at Apple. And I say "my" because that's actually one of the few pieces of code in Safari and WebKit that I can 1) claim to have designed and 2) is still actually in the source. Thank God my engineering team removed or refactored all my other hacks. I hired good people.
