afongen
Sam Buchanan's weblog.

SFSKIDS

Break out your broadband connection and your Flash plugin. The San Francisco Symphony Kids web site makes it all worthwhile.

I clearly haven't been paying enough attention to web sites built for kids. Until now, the only one I ever looked at was Webmonkey for Kids. Sites like SFS Kids and the BBC's CBeebies are just great fun! A whole world that I haven't explored. I wonder if Google will come up with a kids version, like Yahoo! did with Yahooligans!

Thanks, Sun!

I like to read stories like this. Sun donated some hardware to search.cpan.org. A big thank you to Sun!

On a similar token, Pair, the hosting service that I use for this very site, donated hosting to The Perl Review. One of the reasons that I like to use Pair.

PKE revisited

An interesting thread on the NANOG list: 1024-bit RSA keys in danger of compromise (the message that kicked it off was first posted in Bugtraq). This may be a good time to point to a little something I wrote a year or so ago, a "Brief Introduction to Digital Signatures." Just cuz you may find it a useful introduction. I keep finding people who look at me funny when I ask if they use PGP.

Digest authentication broken in IE & IIS

Great. Just frelling great. IE's digest authentication mechanism is incompatible with Apache's. By the same token, IIS's is incompatible with any browser but IE. I am not normally one for Microsoft conspiracy theories, but considering Microsoft's lukewarm response ("the nature of this particular issue does not put customer data at risk or pose a known security threat, so the fix will be prioritized accordingly"), I have to wonder whether this is a mistake or a strategy. I'm sorry, but passing passwords in the clear does indeed "put customer data at risk"!!

A while back I spent an evening digging through the Apache source code to figure out how they implement digest authentication. I've read the RFC. It is not so hard that it should confound the crack programmers at Microsoft.

Since Mozilla finally supports digest authentication (since 0.9.7, which you may recall surprised me since I had assumed Mozilla already did support something this basic), I was all set to start using it as a matter of course. I already do use it in certain circumstances, with Apache and Mozilla. But now...what? How many more years do we have to wait before we can expect even this rudimentary security?

moving

OK, this time I mean it. I'm moving this weekend, no weblogging for me for a few days. Enjoy the weekend, folks.

disturbing search requests

I'm always amused by the search requests that turn up in my referrer logs. Today's odd one, "What do you do if dog scratches all the time," although neither disturbing nor a bad question to ask, somehow reminded me of Disturbing Search Requests, which I hadn't visited in a while. Pity that so many of those have to do with sex. How dull. I really like this one:

"A person decides to shake hands with six different people on a certain day. The next day, each of the six people will shake hands with six different people . The process continues until every person in the United States has shaken someone's hand. How many days will it take until everyone in the United States has shaken hands once? Assume that once a person shakes hands with six different people, he or she does not shake hands again%2"

motd

<motd>Don't think you're special just because you're the only one left out.</motd>

You go, Tim!

Tim O'Reilly weighs in again: Disingenuous Comments from Michael Eisner.

"These entertainment and publishing industry executives are either being disingenuous or are ignorant of both technology and history. The software industry faces exactly the same conditions that the entertainment industry fears will destroy its markets. Software is digital, easily and perfectly copyable, and pirated copies are in fact available through a variety of illicit channels, but that hasn't kept companies like Microsoft from going on to become among the largest and most successful in the world. What's more, copy protection was widely explored by software companies in the 1980's, and what they learned was that consumers avoided copy-protected products."

JavaScript links

If all my dire warnings the other day didn't scare you off, and after careful consideration you've found yourself with a compelling enough reason to open a new window — compelling enough that your users will expect a window to open, which I think is quite a rare situation — please don't use the old HTML target="_blank" attribute. Use JavaScript.

For one thing, the target attribute is not available in XHTML (you are using XHTML, right?) because it is not structural: it is behavioral. Page behavior should be controlled (or influenced, at least) with means other than markup, e.g. JavaScript or CSS. The one exception is framesets, where target does have a structural meaning and so is included in the XHTML 1.0 Frameset DTD. But you're not using frames, are you?

If you find yourself in a position where you have no choice but to open a new window, please don't do this:

<a href="javascript:openWindow('new.html')">DO NOT DO THIS</a>

do this instead:

<a href="new.html" onclick="openWindow(this.href); return false;">new window</a>

(This assumes that you've defined an openWindow() function.)

The second way, even those user agents with JavaScript disabled or unavailable can still access the page to which you're sending them. Too, those of us who follow links by dragging them to another window or using contextual menus to open new windows or tabs can follow the link using our preferred method.

Thank you. You've just made the Web a better place.

You'd make it an even better place if you never opened new windows in the first place.

Update: Paul Sowden wrote to point out although Mozilla allows the blocking of target="_blank", it's harder to block links using the JavaScript technique that I suggest. Using JavaScript, he argues, reduces the user's control. Perhaps, but this is an issue that needs to be resolved by Mozilla's developers.

Remember, in XHTML, JavaScript is the only way to open a new window. I agree wholeheartedly that opening new windows is something that you should studiously avoid, but sometimes you just can't help it. Perhaps your boss or your kidnapper is staring over your shoulder until you comply with her demands. In that case, I humbly request that you write your JavaScript code in a way that allows for the greatest amount of freedom and control for the end user.

I've thrown together a quick demonstration of how it works. Disable JavaScript, play with your browser preferences, see how it all comes together. If you have improvements, please share.

It's possible to disable all window-opening behavior in Mozilla, by the way. Add this line to your user preferences file:

user_pref("capability.policy.default.Window.open","noAccess");

You'll still be able to open windows if you want to, but it won't happen without your permission.

This and other goodies are documented on or near the end-user documentation on the Mozilla site (Customizing Mozilla, Hidden Mozilla Prefs).

I hope that before long, disabling "Open a link in a new window" in the Mozilla GUI-defined preferences also applies to JavaScript-opened windows.

UI Design

The other day in a web accessibility training session, I admitted that I hate it when a link on a web page automatically opens a new window. I want to be the one who decides when a window's opened. At this point, a couple people in the group rolled their eyes, no doubt thinking "oh give me a break, you control freak!"

So I got to thinking: why do I care?

I used to browse with several windows open at a time, dragging links from one to another, reading one page while another one or two loaded. Even then, with five or six browser windows on my desktop, a new window popping open unexpectedly was a little irrititation. Just as irritating as pop-up or pop-under ads.

Then tabbed browsing appeared in Mozilla (hit control-T and you'll see what I mean), and my browsing habits changed: I still read several pages at a time, but now on different tabs within the same window. Now it annoys me even more when designers take it upon themselves to control my browsing habits. Thankfully, with every milestone release it gets easier to configure Mozilla to prohibit that sort of nastiness.

Still, though, why does it bother me so much? It's a relatively minor thing, right? The key, I think, is that a window popping open is an unexpected behavior. There are times when I expect a window to open: when I click a link to enter my ZIP/postal code to customize site content; when I click a link on a television program title, expecting to get a brief description of the episode. In those cases I expect a new window to open — to provide or allow me to input a short bit of information — so it's perfectly fine that it does. The web page behaves in a predictable way. No surprises.

Yesterday I read Joel Spolsky's User Interface Design for Programmers, and the reason for this became clear: it is an important principle of UI design that (I quote Joel here) "A user interface is well-designed when the program behaves exactly how the user thought it would." I'm irritated by windows popping open when I don't think they will, but don't give it a second thought when I expect them to.

If you're going to do something so unusual as to open a new window, you'd better have an extremely compelling reason. If your reason is compelling enough, the user should expect the window to open.

Back to the book. I highly recommend it. It's a quick read, it's entertaining, and it's packed with lots of good stuff. Through most of the book, I kept excitedly jabbing my finger at the page, exclaiming, "yes! yes! He's right on!" For every situation he describes, I can think of a real-world scenario that matches up. I learned a whole lot in just a couple hours. And now I feel ready for that next meeting about button text. <shudder />

CSS, accessibility

You may have read it. It's classic: Web Pages aren't Printed on Paper. Every now and then I come across an article that either shakes to the core my way of thinking, or that I think everyone should read because I hope it'll have that effect on them. Something that sums up so well what I've been trying to say for a long time. This is one of those.

One of the major issues in accessibility is also one of the broader topic of usability: you have to give up the idea of having control over the page, break down your assumptions about how your users are experiencing your page. Because I can guarantee you that someone's doing something that you didn't expect that will break your carefully constructed design. It may turn out that something that you've done is breaking their experience, making it impossible for them to access your content.

The Web accessibility training session that I helped lead today got me thinking about this.

The training went well, I think. We spent more time than I expected going over what I thought was some pretty basic stuff with CSS. Still, there was some good discussion. I am continually amazed/dismayed by the level of resistance from faculty that my campus-based cohorts face in attempting to address accessibility concerns in online instructional materials. Somehow making web pages accessible to students with disabilities becomes an issue of academic freedom. Disgusting.

Was the same argument raised with regard to wheelchair ramps? We've changed our physical architecture to ensure that the disabled/impaired have access, now we're turning our attention to our electronic, information architecture. It's the same damn thing.

If nothing else, MnSCU has a new set of accessibility guidelines. Right now I consider them in version 0.9. With some changes that I'll make over the next week, we'll get to version 1.0.

Fahrenheit to Celsius

My friend Jim pointed out to me that I'd incorrectly stated the other day that -30 degrees Fahrenheit is -1 Celsius. I should have known better, but foolishly trusted the online conversion tool that I used. I should have just done the math: -30F == -34.4C.

Moz 0.9.9

At long last, Mozilla 0.9.9 has been released. New stuff includes SOAP support.

Use a Mozilla mirror site to download.

Busy, busy, busy

If I seem rather quiet here over the next week or two, it's because I'm crazy busy preparing to move, and writing a new set of web accessibility guidelines for work (modelled on the excellent State of Illinois Web Accessibility Standards). Mostly done with the latter, a ways to go for the former. Please forgive my silence.

Snow!

Minnesotans have a rather irritating tendency to pride themselves on being able to tolerate all sorts of winter weather. (I must admit at the outset that I've lived in Minnesota all my life and am hardly an exception.) We delight in warning newcomers of the harsh winters they will face, secretly hoping that if they can't handle the winters then maybe they'll leave. We grumble the first few snowfalls of the season, faced with people who suddenly can't remember how to drive. We mock those poor souls in warmer climes — you know, the ones who normally have to deal with things like hurricanes — who run for cover when the temperature dips below 40 (Fahrenheit) or a half-inch of snow falls. "You call that cold? Try 30 below!" (That's -34.4 for you sensible folks who think in Celsius).

This excessive pride is usually accompanied by an equally irritating tendency to complain about the weather. Yes, we pride ourselves on the weather we face, but we're not happy about it. If it's sunny too long, we gripe about our lawns not getting the water they need. If it snows, we bitch about having to shovel. If it rains, we can't wait for the sun. (By no means do I think that any of this is unique to Minnesotans. I'm just saying.)

I long ago tired of this meterological machismo and have tried to excise it from my behavior. I decided a few years back that things would be a whole lot easier and I'd be a more pleasant human being if I just plain liked weather. Doesn't matter whether it rains or shines, sleets or snows, I like it. I don't grit my teeth and bear it, I don't sneer disdainfully at those who can't handle it, I just like it. Or at least I try. Weather is a delightful reminder that I am alive in the world.

Nevertheless, I have to admit that I've felt somewhat cheated by the mild winter we've been having. It just doesn't seem right when it's hovering around 10F/-12C there's no snow on the ground. It goes against a lifetime of expectations. So boy oh boy, am I glad to see that we're finally getting some snow. Snow!

Nanoweb

Nanoweb: a web server written in PHP. Why? This is my favorite part: "I found the idea of using a language mostly aimed at web scripting to write a web server was quite funny."

Safari to the Rescue!

All of a sudden I need to know a whole lot about LDAP. I wasn't too impressed by what I was finding on the Web so was all prepared to buy a book. Not a big deal, really, since I dedicate a certain amount of income to technical books anyway. But then I remembered: I have a Safari subscription! And the book I wanted, Understanding and Deploying LDAP Directory Services, is available through Safari. Perfect. I may eventually buy the book, but here's a great way to familiarize myself with LDAP fast.

I'm quite impressed with Safari. It's the most sound idea for publishing electronic books that I've seen.

One True Color (revisited)

I reported back in January that scientists had identified the color of the cosmos. Turns out that the One True Color is actually more of a beige. No wonder setting my desktop to that greenish thing didn't give me superpowers.

Wireless UA strings

A list of user agent strings on allnetdevices.com. And Microsoft has a Mobile Developer site, including an article on "Designing Web Sites for the Internet Explorer for Pocket PC." I thought I'd mentioned that here, but it looks like I forgot.

Planning the changes.

While thinking about a redesign for this site, I've also been wrestling with the content management/updating side of things.

On the one hand, as Paul Sowden has pointed out about his own site, the site content is updated much less frequently than it's accessed, so static files make a whole lot of sense. I'd like a system in which each entry can stand alone as an XHTML file, be served up and make sense. Archive groupings can be built from these individual files.

On the other hand, I'm generally not comfortable with systems like GreyMatter and Movable Type, which edit static files but generally require those files to be world-writable. There are ways around that, of course, but I am still drawn by the notion of using an RDMBS instead.

If I store entries in a database, though, I want to be able to pull them out to static X(HT)ML files without a lot of hassle. As I've indicated before, I very much believe that for long-term flexibility, XML is the way to store content. It doesn't matter much to me whether the XML docs are stored on the filesystem or in a database somewhere. I'll likely end up writing my own rather basic system that stores individual entries as XHTML documents in an RDBMS. It's probably not necessary to roll my own, but I feel like it. Good for the soul and all that. As usual, it's just a matter of finding the time.

Then there's the matter of different page elements like navigation menus, the news feed, lists of links, and so on. I use a template system right now so that I don't need to update every page whenever I change or remove one of those sections. The most recent version of each page element is served up every time a page is requested. Each of those sections is actually an XML file that's parsed and converted to XHTML on the fly. Honestly, I'd like to do this with JavaScript instead of PHP/Perl but am concerned about accessibility: do I really want to prevent non-JavaScript-enabled user agents from access to that information? On the other hand, is it really essential content or is it just something extra that's available if you happen to have JavaScript? That's a coward's way out, though, using an argument more suited to effects like rollovers or hierarchical menus than actual content. The response is the same: I will use JavaScript to add those sections to the page but offer an alternative method to access the content, probably on a separate page.

First, though, I've got to push out a new design. Back with that soon.