afongen

My laptop’s frelled, so I was stuck over the weekend with the only working computer in the house being an older iMac running a minimal installation of OS 9. This was liberating in a way, as I was not often tempted to fill my spare time by using the computer. Still, by Sunday night I really wanted to check my email, but the email that I cared about is on Gmail. The only browser on that machine is IE5, and last I’d tried Gmail didn’t support IE5/Mac, since they generate page content with JavaScript remote scripting techniques that aren’t supported in older browsers (i.e. XMLHttpRequest).

But I gave it a shot anyway, and it worked! If it needs to, Gmail now functions like a traditional web app, reloading the entire page as necessary. If you want to read a message, the whole page gets rebuilt. You can use Gmail with JavaScript disabled. It even works in Netscape 4.8!

Excellent. This is the way I generally prefer to use JavaScript: to enhance application functionality rather than serve as its core. There are all sorts of reasons for this: accessibility comes to mind early on, as well as the general principle of graceful degradation and not leaving your users behind. In some situations this is arguably less true for web applications as the content on web sites — I can imagine any number of cases where you can assume and demand a certain level of capability in your users’ browsers — but it’s still a good principle.

I normally go about this through a process of progressive enhancement: designing first for less capable user agents, then adding functionality for modern browsers. I’m doing this in a project right now: at first I’m breaking out a function into several pages, then once I’ve worked out the process I plan to incorporate remote scripting to simplify the user interface and reduce the number of page calls. If a user’s browser can handle it, and most will be able to, their experience should be improved. If the browser isn’t up to it, users can still do what they need to.

Google turned this around, releasing early Gmail betas as JavaScript-only and with their share accessibility problems. Then they did the graceful degradation work and made the service available to older browsers, and presumably more accessible. That makes perfect sense: Google made a big splash and showed the world the sort of thing that can be done inside a browser interface. This isn’t actually “turning it around,” per se: it’s quite a normal way to go about things. Still, glad to see it happening.

Update: Jeremy Keith weighs in on progressive enhancement.

First, a full episode of Battlestar Galactica streamed off SciFi.com. Cool. Now, they’re podcasting commentary to listen to while you watch each episode. Fantastic.

Battlestar Galactica is the one thing that makes me regret dropping cable. Well, that and the Daily Show.

Roger Johansson writes about his experiences with Plone, reaching conclusions not dissimilar from my own. Basically, Plone is a great tool for a lot of reasons, with drawbacks that include a steep learning curve and lack of thorough documentation.

I have to congratulate Mr. Johansson on the site he built: it succeeds most admirably at looking nothing like a typical Plone site. Many sites built with Plone look the same, probably because of the difficulty of figuring out how to do anything else. But once you do, just look what can be done.

I am asked about content management systems quite a bit, unsurprisingly most often by people in higher education, and I keep coming back to Plone and Lenya as my primary recommendations. Plone has the advantage of being a cinch to get running: it ships with an installer that gets you going in minutes, even if it then takes a massive “eureka!” moment to grok well enough to use effectively. Lenya has no such advantage: first you need to get a servlet container like Tomcat running, then Cocoon, then at last Lenya. Not too bad if you’re a Java developer or familiar with Unix, but otherwise not exactly point-and-click. Still, as I am a Cocoon fan (and AxKit as well, which is kind of like Cocoon for mod_perl) and already convinced of what it can do for you, I do like Lenya.

Tim Bray writes about transition from Mac OS X and Linux to Solaris. This will be useful. We use Solaris on our servers at work and I daily encounter lots of little differences that add up very quickly. A month or two ago I spent a very frustrating day compiling Subversion on Solaris, something that takes practically no thought at all on OS X or Linux, but doing so as an unprivileged user on Solaris took me far, far to long to figure out. All sorts of GNU tools that I’ve come to rely upon just aren’t there by default (say, autoconf). Despite the jubilant dancing that marked my success, I still think I would rather have run my head through several panes of plate glass. Repeatedly.

Otherwise, Solaris is just fine.

This is just insane. Several newspapers, including the Chicago Tribune and apparently (though I have not confirmed) our own Minneapolis StarTribune, chose not to run today’s Boondoggle because it “presents inaccurate information as fact.”

“Bush got recorded admitting that he smoked weed.” one character says in the comic’s single panel. “Maybe he smoked it to take the edge off the coke,” comes the reply.

Admit it. Funny. And more to the point, a comic strip! I do hope that the editors of these papers hold their news reporters to a higher standard than the comics artists and take care when printing inaccurate statements from the Bush administration.

We’ve been using Netflix to watch Farscape from beginning to end. We’re in the middle of the fourth season, which did not much impress me when it was aired, mostly because they went off the deep end with that old woman character (whose name I never catch and have no intention of looking for). It’s much, much better the second time through.

I’m anxious to see “The Peacekeeper Wars,” a four-hour Farscape miniseries produced after the series was cancelled prematurely (if you ever saw the series finale, you know what I mean). It was aired a couple weeks after we moved to Saint Paul and decided not to get cable, so I have absolutely no idea what happens.

The MnSCU IT Conference takes place in a couple months, and I’m gearing up for my presentation. This is a conference for IT staff on our colleges and universities throughout the state, and in recent years has been the one time when we can get most of the campus web folk in one place. It’s also one of the few chances I get to make public presentations, so I jump at it: I’m arrogant enough to think that I have something worth saying. Still, every year when the call for proposals is announced, I wrestle with ideas for what talk about. In the past I’ve covered web accessibility, XML, regular expressions, and web application security. This year I considered doing what I did last year (two sessions, one on regex and one on web app security), but decided it was best if I just stick to one presentation and take the time to make it top-notch. Still, in case the opportunity arises, here are topics I considered proposing:

• Regular expressions. Probably two sessions: an introductory overview and an advanced session covering optimization, debugging, that sort of thing. Evangelizing regular expressions is a sort of mission of mine. I don’t understand why more people don’t know about them.
• Introduction to web standards. Some of our college webmasters are on top of recent developments, but take a look at the conference site and you’ll see why I still think we need to cover this at a very basic level.
• Overview of the OWASP Top Ten Most Critical Web Application Vulnerabilities.
• An hour on any one of the OWASP Top Ten. Each of them deserves at least that.
• Web application security testing. Not just penetration testing, but also working security into the software development process: design and code reviews, threat modeling, and so on. To my mind, that’s all part of the testing process.
• Introduction to version control.
• HTTP. I am regularly surprised by how long you can work as a web developer without understanding even the basics of HTTP. Boggles the mind.
• Unit testing & test-driven development. It’ll change your life.
• mod_rewrite.
• Ajax web applications. Using XMLHttpRequest.
• Unicode and character encoding.
• Unobtrusive JavaScript (all part of the standards evangelism).
• Threat modeling
• Cleaning up your (X)HTML. Using Tidy, regular expressions, that sort of thing. More standards propaganda.

In the end I went with web application security testing, because I really think we need to pay more attention to security and I want people to walk away with concrete skills. Testing seemed appropriate. We shall see.

I’ve noted before that Oracle has been getting into PHP, even including PHP in their application server. PHP’s a reference implementation in JSR 223 (“Scripting for the Java Platform”). And now it seems that IBM is backing PHP. Rockin’. The more I work with Java for the web front ends, the less I like it. I would be more than happy to use PHP to rapidly develop web software that talks to back-end services written in Java.

So we’ve got Zend working with Sun, Oracle, and IBM on enterprise support for PHP in one fashion or another. Hell, even Bruce Eckel is starting to use PHP and doesn’t hate it. :) Hm. Tell me again how it isn’t ready for the enterprise?

Mind you, I still have absolutely no use for PHP on the command line. It nicely fits a web niche for me, and that’s that. It’s enough.

Firefox 1.0.1 has been released, and you should upgrade now. This release addresses a few security holes and bugs, including the dreadfully irritating IDN homograph vulnerability. So if you aren’t already using a nightly build, go get FireFox.

I was in Dunn Bros. (the Grand Ave. store) last night buying some beans. As the barista was ringing me up, a guy in line asked how long my coffee would be good. “About a month,” the barista replied. I must have looked stunned, because she eyed me curiously: “I take it you disagree.”

Do I ever. There is a marked decline in coffee’s flavor over the course of a week after roasting. If memory serves me correctly, something like 70% of the compounds responsible for coffee’s flavor are gone in that time, transformed into something far less pleasant. The difference between a week and a month is obvious. Try it yourself. Granted, I’m a connoisseur snob about these things, but I don’t ever keep coffee more than two weeks, and by that time I’ve stopped drinking it because I can’t stand to — and because I forgot it was in the cupboard. Call me crazy, but I like my coffee to actually taste good.

At this point, she countered, “but my grandparents keep coffee for a month and they like it!” Good for them, glad they’re happy. You’ll note that they don’t work for one of the premier coffee roasters in the Midwest and that it’s not their job to know things like this.

Here’s my rule of thumb: buy only what you can drink in a week or so from a local roaster. I realize that in many corners of the world this isn’t possible, but if you can, do. (If you can’t, consider home roasting.) Store the whole beans in an airtight container at room temperature. Use them as soon as you can.

Enjoy.

When I was working at the Roastery, we had a report tucked away behind the counter, someone’s master’s thesis studying the chemical process of how coffee goes stale. They used beans that we roasted, which is why we had the thesis. I wonder if I could dig that up…