Category: Technology

Categories
Technology Web

Semantic CSS

Recovered from the Wayback Machine.

WordPress.com has released a new paid upgrade: custom CSS. Now those who host their weblogs with the service can pay for an upgrade and customize their weblogs. To start, the company provided a Sandbox theme layout that can be altered through the custom stylesheet.

It’s interesting to read about this theme in the associated forum thread. There seems to be confusion associated with web page semantics and abstracting out the presentation from the layout. The theme creator wrote, The Sandbox is powerful because it generates semantic classes for a myriad of pages, which allows practically absolute control over the theme with CSS alone. He also wrote, The Sandbox will undoubtidly(sic) be the easiest theme for novices to write CSS for, with selectors that are semantic and logical/.

I’m assuming he means that the theme uses ordered and unordered list elements for lists, but what this has to do with CSS, I don’t know.

Quick Review:

XHTML and HTML are page elements.

Some (X)HTML elements have associated semantics, such as tables for tabular data, and OL or UL for lists. However, both have and will continue to be abused.

No matter how you push it, DIV is not a semantic element–no more meaning than the cardboard box that contained my last Amazon order.

CSS, or Cascading Style Sheets, have to do with the presentation of the elements. Through these, you can make unordered lists not look like unordered lists; but this just changes the presentation, not the semantics.

What’s really meaningful? Atom feeds that don’t break and that validate. Yes, that would mean a lot to me.

Categories
Browsers

Surest way to lose a customer

I am beta testing Firefox 2 on one of my machines, and will be writing about the new JavaScript 1.7 in a post over at ScriptTeaser. One of the advantages to Firefox 2 is the spellchecker, which works with all text windows. It really is the way to go, rather than have to enable the functionality on every server.

Most of my Firefox extensions don’t work with 2.0b, but one that does is the NoScript, which allows you to ‘whitelist’ a site for JavaScript use. The purpose is to protect yourself if you end up at a site that has a JS exploit, but still allow JavaScript usage for trusted sites. Unfortunately, if a whitelisted site also has an opening for a cross-site scripting hack, exploitive JavaScript can be ‘injected’ into the page.

One can always turn JS off, but that just cuts you off from the useful to frivolous use of scripting that is pretty ubiquitous now. Still, it’s an option.

I like to use NoScript, as I like to see how sites look when their JavaScript is turned off. After all, sites need to make sure they work in a non-script environment. Home pages such hotels.com, shown below, are unacceptable–the mark of sloppy developers far too hung up on technology. Note to the company: Expedia’s worked fine without JavaScript.

Categories
JavaScript

‘ware

The Head Lemur sent me the link to this important story about a security threat based on JavaScript. This is a tough type of event to prevent, because it is increasingly difficult to turn JS off–so much of online content is JS dependent.

Typically most attacks of this nature will occur because malicious script is embedded into a web site through a cross-site scripting attack (XSS). The only way to prevent these is to scrub your form entry fields to make sure script or other unwanted material isn’t getting through. (Which reminds me that I have to check my new sites’ comments, to make sure these are ‘clean’.)

This is a threat, but I would say it’s of secondary concern compared to some others. No, don’t shoot me. It requires that a lot of factors be in place before it can work: your router not have password protection, your printers always be on and have a built-in web server and so on. The more sophisticated your home network, the more vulnerable you are. However, the more sophisticated the home network, the more we have to assume you know how to protect such network.

Still, not sure what we can do so plug such breaks. Would be a shame to start crippling JavaScript, just when it started to get interesting. As for ‘firewalling’ the browser, I agree that browsers need to make us more aware of what is happening behind the scenes. I’m also all for extensions such as Firefox’s NoScript to ‘whitelist’ JavaScript sites (though XSS can make this mute if the whitelisted site provides openings for malicious JavaScript insertion.)

(Slashdot coverageOriginal press release and white paper on the exploit.)

Categories
Web

How to rollout a Web 2.0 product

Recovered from the Wayback Machine.

Here are the steps to take when rolling out a new Web 2.0 product.

First, drop the last ‘e’ in your name.

Second, insinuate either directly or indirectly that your competitors are afraid of you because they don’t provide a direct pipeline into their customer data for your use.

Also mention how un-Web 2.0 like it is that your competitors are violating the spirit of the open web. Get your buddies to make a cryptic side reference to this at a talk on core values on the web.

When you have infrastructure problems, no need to hire an experienced tech when you can hire an evangelist instead.

Make a lot out of the application’s cool features. Much coolr than a certain othr company. Even more of how young the lead developer is. Make a _really_ big deal at how young the developr is. This is important–make sure that everyone knows that how this product will kick butt because of the youth of the developer (as compared to the old farts over at …. well, you know).

(Also make sure to mention how the application was coded in only three months. That makes it even cooler.)

Spend a lot of time with Om Malik because, well, um, because he’s Om?

Plan a big rollout party at the exact same time you plan on turning on the all new technology. At the exact same time as you’re rolling out the major application change. Free beer!

Leak rumors that your company might be aquired for millions just before the launch.

Give exactly 24 hours notice to your clients that you’re closing down the site for over a day to roll out the new features.

Come back later and say the rollout is ’slightly’ delayed because of a DOS attack.

Site will be down a little longer. Nasty bullies. But gamely appear at party anyway.

(Show photo of buzz producing human holding Stormhoek wine poster. Damn, my heart stopped a moment from that blast.)

Day 2: *silence* (Must be one hell of a DOS attack.)

Day 3: *silence* (But that’s OK, because the site has ‘beta’ on it. Everyone knows that ‘beta’ means, well, broken. But still cool.)

Categories
Technology

Safe for eyes…maybe

Recovered from the Wayback Machine.

I had pulled the colors for the Bb Gun from an old ad for Red Ryder BB guns. If you’ve watched the movie, “A Christmas Story”, you’ll recognize both the gun and the ad. I also originally had an image of the gun on the site. However, when I asked permission to use the image, the Daisy air gun company said they’d prefer that I remove it; as is their right, and I was happy to comply.

I kept the colors, though, as I thought a good strong dose of color was appropriate for the content. I had a chance yesterday, though, to check it out on a Mac where I hadn’t modified the gamma setting to be between that of a pure Mac, and that of a PC. My first reaction was, “Argggghhhh!”

Thinking that the site’s tagline starts with “Safe for eyes…”, it behooved me to make it safe for eyes. I’ve set the background color to white, for now.

Even if I hadn’t set it, I do provide full feeds at all the sites and a person could forgo the pleasure of directly reading the page at the site in favor of reading it in an aggregator. Yes, I’ve come fully around on feeds, and it was my recent book project that led to this change in attitude.

I don’t agree with the Ajax enthusiastas who say that one can blow off both valid markup and accessibility in the interests of creativity. When I was working on the Learning JavaScript book, what kept going through my mind in providing an accessible alternative to a site heavily JavaScripted and DHTMLized is to use a content management tool, like a weblog, to create multiple templates: one with ‘the goods’, one without.

(If the site was XHTML, one could also use XSLT to transform the page, but let’s face it, working with XSLT sucks.)

Still, even providing a ’site safe’ template, you can’t plan for all types of user agents. The best we can do, then, is provide a syndication feed. If we provide a properly formatted syndication feed, no matter the user agent, the site writing and the annotation that accompanies the writing is accessible. That’s the most important component of our pages, the contents of the individual posts. If all else is stripped away, this still comes through–if you use a properly formatted syndication feed, that is.

As such, I agree with DeWitt Clinton that providing type information for syndication feed consumers is imperative–especially if you have sites that provide a great deal of structured data. Where I don’t agree is that I don’t provide multiple feeds at my site. One feed is sufficient.

(And it irks me that I have to edit the default wp-atom.php that comes with WordPress in order to generate valid Atom.)

Using NOSCRIPT to add whatever is needed when JavaScript is not enabled, and making sure all content is accessible by keyboard, properly labeled, as well as logically layed out for speech-to-text browsers is the major first step in making a valid and accessible site. Providing a carefully formatted and precise syndication feed, with support for rich markup, is the second. Between the two, your word (and your metadata, and we all know how big I am on metadata) gets out.

Now, back to shopping for a new background color for Bb Gun. What think? A pale lime chiffon pie green, maybe?

PS: An good article, Reading and Subscribing to Blogs Through RSS: How Accessible is this world to people with vision loss, covers accessibility and RSS. The issue with being able to properly manage markup in addition to the recommendations outlined in this article means that if there is microformatted data associated with the post, such as calendar data, it also can be processed without undo intervention of the web page reader. An example can be to add an event to a reader’s calendar, or other such metadata related processes.