Of course popular sites show up fine without validating. They're popular.
The key is the unpopular site - small businesses, for instance - that want to compete in search engines but will never have thousands of visitors a day.
Standards-compliant websites do not necessarily make for better SEO. But the practices and culture around them do.
Accessibility generally results in improved SEO simply by 1) increasing the placement of relevant text within a page and 2) making the site more accessible to search engines. Things like alt text go a long way.
As for download speed, you're absolutely right. It's a matter of data size. But standards-based design lends itself toward smaller pages simply by removing the need for repetitive code like
<font face="Arial,Helvetica,sans-serif" size="2">
It's not the standards that make it work well, but the benefits that come along with the journey towards those standards.
Nowadays, if a client isn't willing to let my company develop an accessible, standards-based solution, he isn't going to be my client. I just won't waste my time on them.
It's important to note the difference between increased revenue and ROI. Just because more people can access your site and become customers doesn't mean that the business will make more than they spent making the site compliant.
That's the end of my devil's advocacy.
Standards-based, accessible websites have a bigger ROI than is necessarily measurable. These sites tend to produce better search engine results, be faster to download, use less bandwidth, and improved usability. And if you have an altruistic bone in your body, such a site improves the overall quality of the web.
So the ROI is definitely there, if you know how to make the case for it.
Firefox stores plugin information in memory long after the plugin is closed and done being used. Whether this problem can be attributed to Adobe's work or Mozilla's, it's still a problem.
Firefox keeps downloaded items in the download list, even when they're completed. Unfortunately, this can add up quick - so you should make sure you clear out that list frequently. I heard about this and discovered my list was hundreds of items long. It took nearly thirty seconds just to register the download.
There are also memory problems with using a lot of tabs. I used to restart Firefox five or six times a day because it was either crashing or moving so slowly that it wasn't usable.
Finally, I removed most of the extensions I had. The stuff I didn't use on a regular basis or that were further sources of my headaches (FoxyTunes is great except that it caused iTunes to open [and lock FF up)]any time I hit certain key combos).
My solution?
I use Flock and the only extensions I use are Web Developer, AdBlock, and IE View. There are plenty of others, but I decided I can afford to skip them. Also, I find it far prettier than Firefox and any of the skins I've tried.
Just my $0.02, of course, but it might work for you.
Many developers learn it the hard way - when someone exploits them. My eyes were opened to security when the client's parent company audited our work and found holes.
I was assigned the job of fixing the problems, leading me to become a ridiculously paranoid developer.
The point of these articles (heck, I've written articles just like this) is to reach those developers that may not have considered these problems.
Of course, you also have to convince the idiots out there that security is a concern...
It's often referred to as a buy/sell agreement, and can be used to prevent shareholders from selling off their portion for a quick buck.
In my company, I am given right of first refusal on my partner's shares. If I pass, the company can buy the shares (essentially the same effect, though it has other implications). If the company passes (if we didn't have the money and no insurance policy, for instance), the shares can be sold to a third party.
I tried to word that carefully because it's important to note that even things you enjoy make demands upon you. It's a demand upon my time simply to go out for a movie or cook a nice meal. It's a demand to include my wife's family - and even my own - in my life. I only have 24 hours in a day, and unfortunately some of that is spent sleeping. I used to post a lot on Slashdot, but recently I've been skimming headlines as I transition from one thing to another.
Don't get me wrong - I enjoy my life, but it's a very busy one. So my point, in all of this, was that finding time to release and relax (be it video games, Slashdot, playing pickup basketball, whatever) is important to a person's mental health.
Heck yeah. I play through my favorite levels in Jedi Academy with all the cheats enabled just to blow off steam.
Psychologically, (a geek who overanalyzes stuff?!) I think this helps me compensate for the lack of control I have in my life. The demands of work, home, marriage, etc. are all wiped away with a half an hour of tossing stormtroopers into the lava.
I agree that it's a case-by-case situation. But in some of those cases, it's clearly cheaper and faster to build a web app than desktop apps. Building to work with a wide range of browsers is very easy for me. I don't know how easy it is to build and support a similar range of OSes, but in my limited experience with developing for Windows, Mac, and Linux environments it was hell.
When I made that statement I was thinking of the apps my undergraduate University built/bought. At the time, most of these were desktop apps. You either supported Windows, Mac, Linux, and Unix - a total of maybe 15 variants, or you required everyone to use a certain platform. Both of these happened, and neither one was particularly successful. The speed with which the desktop development cycle moves is particularly at fault - even when you discover bugs, you can't just fix them overnight. Often, these problems would remain for years simply because the fix was too large an undertaking. I frequently build and roll out web apps in weeks or a couple of months. If there's a bug, the client lets me know and I usually have it fixed within a day or two.
You make a good point about people. Surrounding yourself with talented developers (in your office as co-workers or simply through friendships as colleagues) is an excellent way to push the limits of your skills.
As you learn more, they will benefit as well. It's a great system, provided people are open and willing to be helpful. If you work in a place that hoards information and your co-workers feel threatened by other talent, however, it's a dead end.
1. You shouldn't be testing for a UA, but for object support.
2. You can build accessibility into an AJAXified application, but it will take more work. I find that the people who care enough about accessibility on normal websites are the people who are also willing to put in the extra work making applications accessible.
3. Another attack vector? Sure, but introducing any technology introduces new risks. That doesn't mean you should dismiss it entirely. Bad code is bad code - no matter whether it's AJAX or PHP or Ruby.
4. This goes back to accessibility. If a client doesn't have Javascript at all, you need to account for that. If you're writing an app that absolutely requires Javascript, then you need to accept that some users won't be able to use the site.
5. This is the crux of your argument, I think. Some applications are dependent upon Javascript for a good reason - they aren't normal websites. The example I use is of a university that has thirty or so platform and browser combinations to support. Deploying an internal desktop app is expensive, difficult to support, etc. But a web app can be brought up on all of the supported environments - which means you can build for those and ignore anything that's unsupported (like Lynx). We're talking about interfaces which replace a desktop app - but still need comparable functionality, speed, and interfaces.
The web has always been a quickly changing landscape. AJAX is a feature on that landscape, not the future of it. Like anything else it has its valid uses and invalid uses, can be abused, and can be done poorly. But so far, none of this is a reason to dismiss it entirely.
For some of us, losing your Internet connection is the worst part of that. Unless I'm updating my accounting or writing a proposal that doesn't need any additional research, there's almost nothing I can do. I take advantage of those times to play around in Ruby on Rails or read a book.
Not all businesses are as dependent on Internet as mine (web development)... But many businesses still keep their cell phones around. And with some VoIP providers, you can have your calls forwarded to your cell phone.
"...as long as you're the only one using it you're safe..."
Or if you have information that someone else wants. Or you've made enemies with someone who wants to cause you harm. Or if your system has common vulnerabilities that might be exploited by bots, viruses, or worms. Or...
This is also a good way of becoming more unhappy. Blowing off steam once in a while isn't necessarily, bad, but it also doesn't solve problems. It just makes it easier to cope with them.
I suggest you talk to the boss - make sure he understands the atmosphere this is creating. Voice your concerns, but do it calmly and diplomatically. Also be ready to make constructive suggestions for improving the situation.
If this fails, then you can suck it up, you can endanger your job by going over his head, or you can look for a new job. You're going to spend a good chunk of your life working - you should try to enjoy it.
You forgot to insert the obligatory missing step...
3. Spread the article over the course of six pages requiring people to click Next in order to read the next paragraph. 4. Attach Google ads to your article (all six pages). 5. Profit!
I read about this from a Digg post and noticed that these events weren't exactly new - but the recent exposure here in the US has brought it to our attention.
Li Datong, the author of the memo (I can't help but be reminded of Jerry Maguire), was basically fired for this.
"They are being transferred to work in the paper's news research department, which they jokingly referred to in their letter as 'the warehouse.'"
I think it comes from having extra machines. Note that the guy has four extra computers lying around waiting for a purpose. I have three or four unused machines in the basement. I hate to throw them away - so I might end up using them for some side project like setting up Asterisk or an extra development web server. Sure, I could combine a bunch of boxes to do all of these things on one, but then I'd let that Pentium II powerhouse go to waste.
Thank you, sir, for inspiring me to seek out additional French curses. Oddly coincidental, but my wife was just teaching me some of these the other night (no, not like that).
If anyone is still looking for a way to let someone skirt the blocks:
This looks like a typical proxy method, but NPR was running a story this morning on Circumventor - a way to gain access to blocked content by using an outside proxy.
I wish this were a "solution" but it's just another bathtub distillery.
My biggest complaint about prototype is the lack of clear documentation. I have the same problem with script.aculo.us, which has a wiki that is often useless to me.
For a really lightweight effects library, check out moo.fx.
The goal of an educational game isn't necessarily the same as traditional, commercial games. For instance, many game publishers strive for long-term playability, others for re-playability, and finally others for spin-off generation. An educational game doesn't need to hold the player's interest for 90+ hours to be useful - some concepts you could learn in just a few hours of playing.
I "played" a Japanese kanji game in high school that taught you recognition skills. You'd play for 15 minutes and your brain felt fried, but the result was that I became quite good at picking out kanji based on their individual characteristics (radicals, for anyone familiar with kanji).
We've seen studies where kids who play video games have increased motor skills, analytical thinking, etc. What if that were the goal of the game, and it was just worked into the gameplay?
There are studies being done to evaluate treatments for ADD/ADHD that use video games. They're like mental puzzles, but they've been shown to be very effective so far. You play the game for less than an hour a day and do it for about 25 sessions. It's not teaching skills or intended for long-term entertainment - it's simply working out a part of the brain that ADD/ADHD deals with the things patients struggle with. Like working out a normal muscle, the end result of this constant flexing is an improvement.
There are two kinds of audiences for books like these (my wild speculation to follow):
1. Developers switching languages who need to know how to implement these security practices in a new language - when I moved from ASP to PHP and others (thank God!) I had to rebuild much of my code library in a new language. Obvious things (to me) like input validation were just a little more difficult without a resource. I've had formal programming education and plenty of real-world experience - now it's just a matter of porting the concepts from one technology to another.
2. New developers that don't have any idea about secure programming practices - many web developers become programmers to meet their clients' needs. These developers often go from designing and building static websites to building database-driven apps. Whereas your brochure site usually doesn't need to validate input, your web app does - from SQL injection to cross-site scripting, these concepts are foreign to someone.
Slashdot Mirror
The key is the unpopular site - small businesses, for instance - that want to compete in search engines but will never have thousands of visitors a day.
Standards-compliant websites do not necessarily make for better SEO. But the practices and culture around them do.
Accessibility generally results in improved SEO simply by 1) increasing the placement of relevant text within a page and 2) making the site more accessible to search engines. Things like alt text go a long way.
As for download speed, you're absolutely right. It's a matter of data size. But standards-based design lends itself toward smaller pages simply by removing the need for repetitive code likeIt's not the standards that make it work well, but the benefits that come along with the journey towards those standards.
Nowadays, if a client isn't willing to let my company develop an accessible, standards-based solution, he isn't going to be my client. I just won't waste my time on them.
It's important to note the difference between increased revenue and ROI. Just because more people can access your site and become customers doesn't mean that the business will make more than they spent making the site compliant.
That's the end of my devil's advocacy.
Standards-based, accessible websites have a bigger ROI than is necessarily measurable. These sites tend to produce better search engine results, be faster to download, use less bandwidth, and improved usability. And if you have an altruistic bone in your body, such a site improves the overall quality of the web.
So the ROI is definitely there, if you know how to make the case for it.
Firefox stores plugin information in memory long after the plugin is closed and done being used. Whether this problem can be attributed to Adobe's work or Mozilla's, it's still a problem.
Firefox keeps downloaded items in the download list, even when they're completed. Unfortunately, this can add up quick - so you should make sure you clear out that list frequently. I heard about this and discovered my list was hundreds of items long. It took nearly thirty seconds just to register the download.
There are also memory problems with using a lot of tabs. I used to restart Firefox five or six times a day because it was either crashing or moving so slowly that it wasn't usable.
Finally, I removed most of the extensions I had. The stuff I didn't use on a regular basis or that were further sources of my headaches (FoxyTunes is great except that it caused iTunes to open [and lock FF up)]any time I hit certain key combos).
My solution?
I use Flock and the only extensions I use are Web Developer, AdBlock, and IE View. There are plenty of others, but I decided I can afford to skip them. Also, I find it far prettier than Firefox and any of the skins I've tried.
Just my $0.02, of course, but it might work for you.
Many developers learn it the hard way - when someone exploits them. My eyes were opened to security when the client's parent company audited our work and found holes.
I was assigned the job of fixing the problems, leading me to become a ridiculously paranoid developer.
The point of these articles (heck, I've written articles just like this) is to reach those developers that may not have considered these problems.
Of course, you also have to convince the idiots out there that security is a concern...
It's often referred to as a buy/sell agreement, and can be used to prevent shareholders from selling off their portion for a quick buck.
In my company, I am given right of first refusal on my partner's shares. If I pass, the company can buy the shares (essentially the same effect, though it has other implications). If the company passes (if we didn't have the money and no insurance policy, for instance), the shares can be sold to a third party.
I tried to word that carefully because it's important to note that even things you enjoy make demands upon you. It's a demand upon my time simply to go out for a movie or cook a nice meal. It's a demand to include my wife's family - and even my own - in my life. I only have 24 hours in a day, and unfortunately some of that is spent sleeping. I used to post a lot on Slashdot, but recently I've been skimming headlines as I transition from one thing to another.
Don't get me wrong - I enjoy my life, but it's a very busy one. So my point, in all of this, was that finding time to release and relax (be it video games, Slashdot, playing pickup basketball, whatever) is important to a person's mental health.
Heck yeah. I play through my favorite levels in Jedi Academy with all the cheats enabled just to blow off steam.
Psychologically, (a geek who overanalyzes stuff?!) I think this helps me compensate for the lack of control I have in my life. The demands of work, home, marriage, etc. are all wiped away with a half an hour of tossing stormtroopers into the lava.
I agree that it's a case-by-case situation. But in some of those cases, it's clearly cheaper and faster to build a web app than desktop apps. Building to work with a wide range of browsers is very easy for me. I don't know how easy it is to build and support a similar range of OSes, but in my limited experience with developing for Windows, Mac, and Linux environments it was hell.
When I made that statement I was thinking of the apps my undergraduate University built/bought. At the time, most of these were desktop apps. You either supported Windows, Mac, Linux, and Unix - a total of maybe 15 variants, or you required everyone to use a certain platform. Both of these happened, and neither one was particularly successful. The speed with which the desktop development cycle moves is particularly at fault - even when you discover bugs, you can't just fix them overnight. Often, these problems would remain for years simply because the fix was too large an undertaking. I frequently build and roll out web apps in weeks or a couple of months. If there's a bug, the client lets me know and I usually have it fixed within a day or two.
You make a good point about people. Surrounding yourself with talented developers (in your office as co-workers or simply through friendships as colleagues) is an excellent way to push the limits of your skills.
As you learn more, they will benefit as well. It's a great system, provided people are open and willing to be helpful. If you work in a place that hoards information and your co-workers feel threatened by other talent, however, it's a dead end.
1. You shouldn't be testing for a UA, but for object support.
2. You can build accessibility into an AJAXified application, but it will take more work. I find that the people who care enough about accessibility on normal websites are the people who are also willing to put in the extra work making applications accessible.
3. Another attack vector? Sure, but introducing any technology introduces new risks. That doesn't mean you should dismiss it entirely. Bad code is bad code - no matter whether it's AJAX or PHP or Ruby.
4. This goes back to accessibility. If a client doesn't have Javascript at all, you need to account for that. If you're writing an app that absolutely requires Javascript, then you need to accept that some users won't be able to use the site.
5. This is the crux of your argument, I think. Some applications are dependent upon Javascript for a good reason - they aren't normal websites. The example I use is of a university that has thirty or so platform and browser combinations to support. Deploying an internal desktop app is expensive, difficult to support, etc. But a web app can be brought up on all of the supported environments - which means you can build for those and ignore anything that's unsupported (like Lynx). We're talking about interfaces which replace a desktop app - but still need comparable functionality, speed, and interfaces.
The web has always been a quickly changing landscape. AJAX is a feature on that landscape, not the future of it. Like anything else it has its valid uses and invalid uses, can be abused, and can be done poorly. But so far, none of this is a reason to dismiss it entirely.
For some of us, losing your Internet connection is the worst part of that. Unless I'm updating my accounting or writing a proposal that doesn't need any additional research, there's almost nothing I can do. I take advantage of those times to play around in Ruby on Rails or read a book.
Not all businesses are as dependent on Internet as mine (web development)... But many businesses still keep their cell phones around. And with some VoIP providers, you can have your calls forwarded to your cell phone.
"...as long as you're the only one using it you're safe..."
Or if you have information that someone else wants. Or you've made enemies with someone who wants to cause you harm. Or if your system has common vulnerabilities that might be exploited by bots, viruses, or worms. Or...
This is also a good way of becoming more unhappy. Blowing off steam once in a while isn't necessarily, bad, but it also doesn't solve problems. It just makes it easier to cope with them.
I suggest you talk to the boss - make sure he understands the atmosphere this is creating. Voice your concerns, but do it calmly and diplomatically. Also be ready to make constructive suggestions for improving the situation.
If this fails, then you can suck it up, you can endanger your job by going over his head, or you can look for a new job. You're going to spend a good chunk of your life working - you should try to enjoy it.
You forgot to insert the obligatory missing step...
3. Spread the article over the course of six pages requiring people to click Next in order to read the next paragraph.
4. Attach Google ads to your article (all six pages).
5. Profit!
See also: Subversion
I'd agree, except for the prevalance of fighter sequels, generic FPS, and Final Fantasy.
I read about this from a Digg post and noticed that these events weren't exactly new - but the recent exposure here in the US has brought it to our attention.
Li Datong, the author of the memo (I can't help but be reminded of Jerry Maguire), was basically fired for this.
"They are being transferred to work in the paper's news research department, which they jokingly referred to in their letter as 'the warehouse.'"
from "Radio Free Asia"
I think it comes from having extra machines. Note that the guy has four extra computers lying around waiting for a purpose. I have three or four unused machines in the basement. I hate to throw them away - so I might end up using them for some side project like setting up Asterisk or an extra development web server. Sure, I could combine a bunch of boxes to do all of these things on one, but then I'd let that Pentium II powerhouse go to waste.
Thank you, sir, for inspiring me to seek out additional French curses. Oddly coincidental, but my wife was just teaching me some of these the other night (no, not like that).
http://www.stim.com/Stim-x/9.1/curses/curses.html
If anyone is still looking for a way to let someone skirt the blocks:
This looks like a typical proxy method, but NPR was running a story this morning on Circumventor - a way to gain access to blocked content by using an outside proxy.
I wish this were a "solution" but it's just another bathtub distillery.
My biggest complaint about prototype is the lack of clear documentation. I have the same problem with script.aculo.us, which has a wiki that is often useless to me.
For a really lightweight effects library, check out moo.fx.
The goal of an educational game isn't necessarily the same as traditional, commercial games. For instance, many game publishers strive for long-term playability, others for re-playability, and finally others for spin-off generation. An educational game doesn't need to hold the player's interest for 90+ hours to be useful - some concepts you could learn in just a few hours of playing.
I "played" a Japanese kanji game in high school that taught you recognition skills. You'd play for 15 minutes and your brain felt fried, but the result was that I became quite good at picking out kanji based on their individual characteristics (radicals, for anyone familiar with kanji).
We've seen studies where kids who play video games have increased motor skills, analytical thinking, etc. What if that were the goal of the game, and it was just worked into the gameplay?
There are studies being done to evaluate treatments for ADD/ADHD that use video games. They're like mental puzzles, but they've been shown to be very effective so far. You play the game for less than an hour a day and do it for about 25 sessions. It's not teaching skills or intended for long-term entertainment - it's simply working out a part of the brain that ADD/ADHD deals with the things patients struggle with. Like working out a normal muscle, the end result of this constant flexing is an improvement.
There are two kinds of audiences for books like these (my wild speculation to follow):
1. Developers switching languages who need to know how to implement these security practices in a new language - when I moved from ASP to PHP and others (thank God!) I had to rebuild much of my code library in a new language. Obvious things (to me) like input validation were just a little more difficult without a resource. I've had formal programming education and plenty of real-world experience - now it's just a matter of porting the concepts from one technology to another.
2. New developers that don't have any idea about secure programming practices - many web developers become programmers to meet their clients' needs. These developers often go from designing and building static websites to building database-driven apps. Whereas your brochure site usually doesn't need to validate input, your web app does - from SQL injection to cross-site scripting, these concepts are foreign to someone.
I will now take bids on licensing my screenname.
You're not the only University that would like to adopt this. I know schools that are interested in Google's analytics, too.