Web Manager Tipsheet

Today is Global Accessibility Awareness Day

TKM — Thu, 09 May 2013 18:08:53 +0000

Hooyah!

OK. Maybe this is an issue that gets short shrift among flash and dazzle types, but usability and accessibility are pretty important. If people can’t use your website, if they can’t figure out how to navigate it because of nonstandard, unintuitive, ‘creative’ navigation, if they can’t read it because of presumably ultra-cool, but illegible graphic presentation, or if it simply breaks in their not quite up to the minute browser (nearly 40% of some web traffic is still from the abandoned and unsafe IE8 browser, which Microsoft now refuses to provide security updates for).

More on accessibility from .Net Magazine…

http://www.netmagazine.com/news/gaad-2013-wants-accessibility-web-devs-minds-132742

Senate approves Internet sales tax bill, House fight to come

TKM — Tue, 07 May 2013 15:51:30 +0000

In a strikingly anti-green move, the US Senate passed a version of an Internet sales tax bill that will allow states to tax businesses outside the state for selling to customers inside the state, even though the companies have no physical presence in the state, and businesses associated with the delivery of the products already pay a great variety of local taxes.

Open Source collaboration tools coming from Mozilla’s TowTruck

TKM — Mon, 06 May 2013 23:40:42 +0000

.NET Magazine tells us about an interesting, new Open Source project, currently in beta, from Mozilla, the Firefox folks. Mozilla’s Ian Bicking, who was on the team that created the TowTruck tool tries to describe it:

If you’ve thought about building real-time collaboration into your product, check out TowTruck. Even in its alpha stage, it will boost your own development. Another use case is for developers who want to support (or allow peer-to-peer support) for application back-ends — all the admin screens and configuration that can be complicated for a customer to handle. [...] And, of course, TowTruck is open source, which is really important.

MORE: http://www.netmagazine.com/news/behind-mozilla-s-towtruck-collaboration-tool-132708

FB Home app — loved by pop tech writers — dogs it big with users

TKM — Mon, 22 Apr 2013 16:10:37 +0000

According to the self-styled digerati, the new FB Home Android app was going to set the soshmedia world afire, blowing everything else out of the way. They all loved it. They predicted huge success and overnight adoption.

Suppose they gave a marketing phenomenon and nobody came?

According to the tech media, FB Home has had a punky half-million initial DLs — but there’s strong evidence many of those who tried it removed it shortly thereafter.

And based on over 11,000 user reviews, it has an average of only two stars. More than half — 5,800 — of those reviews gave it one star.

But the tech-writers all LOVED it to death.

Venture Beat: Facebook Home over a week later: only 500K installs with a two-star user rating - Read more at http://venturebeat.com/2013/04/22/facebook-home-over-a-week-later-only-500k-installs-with-a-two-star-user-rating/#XYYm02HKjaZYbQey.99

Widespread hacking attack on poorly secured WordPress blogs underway

TKM — Sat, 13 Apr 2013 17:16:19 +0000

According to an article in Ars Technica, security experts at several companies are warning of a widespread attempt to compromise and take over WordPress administration accounts. The bad guys are using a separate botnet (presumably one comprised of compromised home machines) to run brute force attacks on WordPress installations across the web.

According to CloudFlare’s Prince, the distributed attacks are attempting to brute force the administrative portals of WordPress servers, employing the username “admin” and 1,000 or so common passwords. He said the attacks are coming from tens of thousands of unique IP addresses, an assessment that squares with the finding of more than 90,000 IP addresses hitting WordPress machines hosted by HostGator.

Because of the relatively basic nature of the attack, those who change the admin name from the default (“admin”) and use secure passwords. (It’s best to follow WordPress’s suggestions on password security, or to use some other relatively rigorus system for deriving your password.*)

And, obviously, this hacking attempt exploits human weakness — not an exploitable weakness in the WordPress content management system, itself.

Still, it’s never too late to check your own password. Hackers halfway around the world probably won’t know your dog’s name or the name of your high school team, but your ex-spouse, co-workers and many more folks just might. And if they want to play a ‘little trick’ on you, if you have obvious user names and passwords, you make that easy.

(Don’t forget the fellow who got federal time for ‘hacking’ Sarah Palin’s email account simply found her email address and then guessed her password, which, if we recall correctly, was something really obvious like a pet or kid name. That it was easy didn’t keep him out of federal prison, though.)

You can be assured that TKM WebWorks will be monitoring this situation and, as always, working to keep your sites working and uncompromised, whether they use the WordPerfect CMS or not.

Ars Technica: Huge attack on WordPress sites could spawn never-before-seen super botnet

* A good, hard to crack, all-but-impossible-to-guess password doesn’t have to be hard to remember. You can use random combinations of letters, numbers, and symbols, but that means you’ll probably have to cut and paste it — unless, perhaps you create a ‘mnemonic’ acronym — a password that ‘stands’ for a phrase. For instance, you could use nitt4agm2c2taotc — almost impossible to guess (or remember) unless you know it stands for now is the time for all good men to come to the aid of the country. (Obviously, you don’t want to use such a phrase that will pop to the lips of the many. You want one that you can remember but that isn’t ‘obvious.’)

Another system for creating quite secure passwords is to simply create a phrase of four or more unrelated words. (Of course you can also stick numbers or other characters in such a phrase, making it even harder to guess.) Such pass phrases may not be quite as secure as random strings of characters, numbers, and symbols, but they nonetheless require long periods of dictionary attack to crack. (So-called dictionary attacks, which take valuable resources and considerable processing time and so are typically the province of targeted attacks — not the sort of random, low-hanging fruit collection of the above-referenced WP attack.

Companies should start planning now for the end of Windows XP support in April 2014

TKM — Tue, 09 Apr 2013 16:43:57 +0000

This article from the UK’s Telegraph highlights the problem many businesses will face a year from now when Microsoft finally pulls remaining support from Windows XP — which still dominates the computer OS scene almost a dozen years since its release and five years since its intended successor, Windows Vista, was released. (To the sound of one hand clapping.)

Microsoft learned the Vista lesson, delivered a solid, well-liked OS with Windows 7, but came down with a case of institutional amnesia and repeated the Vista fiasco with Windows 8, which has alienated both consumers and, particularly enterprise users, not to mention computer usability experts, who were aghast at its grafting of a simplistic and crippled tablet interface over the top of Windows, obscuring the familiar aspects of the operating system and hobbling multitasking users with a one-thing-at-a-time approach that bizarrely turns its back on the reason Windows was created. (Determined users can find their way to the more familiar legacy aspects of the OS, and, can, indeed, engage in the sort of multitasking, multi-document work that put Windows on the map in the first place — but many users are totally flummoxed by their experiences with Windows 8.)

Microsoft had announced earlier support cut-offs, but was forced to push them back when enterprise and consumer customers stayed away from Vista in droves. Windows 7 went over considerably better — power users and geeks loved it — but the onus of the disastrous Vista release lingered. And then, with the MS board of directors obviously demanding more “Apple-like” customer lock-in and exploitation, MS dove headfirst into the sea of self-destruction that is Windows 8.

So where does that leave you?

Good question.

The Telepgraph: Windows XP putting businesses at risk

CNET: How to make Windows 8 look like Windows 7

ZDNet: Where can you find a PC running Windows 7?

ZDNet: How to skip Windows 8 and continue using Windows 7

ZDNet: From Windows 8 to Windows 7: why I downgraded

Don’t rely on Internet Explorer ‘compatibility modes’ for testing, says Typekit

TKM — Fri, 22 Mar 2013 19:51:35 +0000

Comatibility modes designed into Microsoft’s Internet Explorer versions 9 and 10, intended, on some level, to help developers deal with the mind-numbing mess that is IE ‘standards compliance’ may well prove to be more trouble than they’re worth.

Why?

Looks like even Microsoft themselves can’t keep track of all the divergences and exceptions to both the web standards they agree to follow, as well as their own internal standards.

Here’s some of what online font service Typekit had to say about the situation:

Typekit warns on IE Browser Modes

Google Keep… an industry arches an eyebrow… how long will THIS one be around?

TKM — Fri, 22 Mar 2013 16:38:50 +0000

All across the tech industry, tongues have been wagging about two recent and — for Google — unfortunatley almost simumultaneous corporate events: the shutting down of a not super-widely used but apparently deeply loved news reader program, Google Reader and the release of a rather unspectacular “notes” program intended to compete with Evernote and Microsoft OneNote.

The UK Guardian’s Charles Arthur, who some tech readers suggest has a distinct anti-Google bias, puts on his dour face and surveys reactions…

Google Keep? It’ll probably be with us until March 2017 – on average

UPDATE — a survey of (mostly similar) reactions from the web dev community from .Net Magazine…

Web industry: Google can keep Keep

Oracle finally releases a patch after months of inaction — but is it time to kill Java once and for all? Forbes Magazines says yes.

TKM — Mon, 14 Jan 2013 01:24:55 +0000

Oracle, the company that bought Java inventors Sun Computing in order to gain control of Java and other software developed in large part by the Open Source community, has been an exceptionally poor steward of those important franchises.

Last year, an unfixed vulnerability in the version of Java that Apple’s Mac operating system uses led to the deepest botnet penetration of any computer platform in history. After that, Apple wised up and found a way to quickly add Java to the blacklist of malware and insecure programs that the Mac OS won’t allow to run. And they needed it.

Unfortunately, while Apple was able to throw the kill switch on Java for the duration of the security problem, the rest of the computing world that uses Java has remained vulnerable for months since Oracle was notified of the latest zero-day vulnerability.

It’s become so bad the Department of Homeland Security has had to issue a warning to computer users around the world to not use Java because its unfixed vulnerabilities made their computers a knockover for a takeover.

Oracle had finally announced the fix would be available on Tuesday but rushed its release forward to today.

But many industry observers — including Forbes Magazine — think it’s one too many security lapses by Oracle. Their recommendation: nuke Java before it is used to nuke you.

Forbes Magazine: Forget Oracle’s Latest Java Patch. Just Kill The Program In Your Browser For Good

From Forbes: “Russian security firm Kaspersky reported in its third quarter analysis of security threats that Java was exploited in fully 56% of all known attacks that took advantage of vulnerabilities in software.”

That’s 56% of ALL known attacks from a software utility used by only a tiny, tiny minority of websites.

The rolling disaster of Windows 8

TKM — Sun, 13 Jan 2013 21:40:45 +0000

With disappointing sales of Windows 8 dominating computer biz news, perhaps it’s time to revisit this article from the Nielsen Norman Group and take a look at some of the biggest mistakes Microsoft made in the design of their latest OS — which appears increasingly likely to go down in history as the most consumer-hated release in the Windows series.

Windows 8 — Disappointing Usability for Both Novice and Power Users

Summary: Hidden features, reduced discoverability, cognitive overhead from dual environments, and reduced power from a single-window UI and low information density. Too bad.

With the recent launch of Windows 8 and the Surface tablets, Microsoft has reversed its user interface strategy. From a traditional Gates-driven GUI style that emphasized powerful commands to the point of featuritis, Microsoft has gone soft and now smothers usability with big colorful tiles while hiding needed features.

The new design is obviously optimized for touchscreen use (where big targets are helpful), but Microsoft is also imposing this style on its traditional PC users because all of Windows 8 is permeated by the tablet sensibility.

Read it all: http://www.nngroup.com/articles/windows-8-disappointing-usability/