SoylentNews is people
SoylentNews
Submitted via IRC for SoyCow3941
We think of our job as controlling the user's experience. But the reality is, we control far less than we imagine.
Last week, two events reminded us, yet again, of how right Douglas Crockford was when he declared the web "the most hostile software engineering environment imaginable." Both were serious enough to take down an entire site—actually hundreds of entire sites, as it turned out. And both were avoidable.
[...] The first of these incidents involved the launch of Chrome 66. With that release, Google implemented a security patch with serious implications for folks who weren't paying attention. You might recall that quite a few questionable SSL certificates issued by Symantec Corporation's PKI began to surface early last year. Apparently, Symantec had subcontracted the creation of certificates without providing a whole lot of oversight. Long story short, the Chrome team decided the best course of action with respect to these potentially bogus (and security-threatening) SSL certificates was to set an "end of life" for accepting them as secure. They set Chrome 66 as the cutoff.
So, when Chrome 66 rolled out (an automatic, transparent update for pretty much everyone), suddenly any site running HTTPS on one of these certificates would no longer be considered secure. That's a major problem if the certificate in question is for our primary domain, but it's also a problem it's for a CDN we're using. You see, my server may be running on a valid SSL certificate, but if I have my assets—images, CSS, JavaScript—hosted on a CDN that is not secure, browsers will block those resources. It's like CSS Naked Day all over again.
To be completely honest, I wasn't really paying attention to this until Michael Spellacy looped me in on Twitter. Two hundred of his employer's sites were instantly reduced to plain old semantic HTML. No CSS. No images. No JavaScript.
The second incident was actually quite similar in that it also involved SSL, and specifically the expiration of an SSL certificate being used by jQuery's CDN. If a site relied on that CDN to serve an HTTPS-hosted version of jQuery, their users wouldn't have received it. And if that site was dependent on jQuery to be usable ... well, ouch!
It can be easy to shrug off news like this. Surely we'd make smarter implementation decisions if we were in charge. We'd certainly have included a local copy of jQuery like the good Boilerplate tells us to. The thing is, even with that extra bit of protection in place, we're falling for one of the most attractive fallacies when it comes to building for the web: that we have control.
Source: http://alistapart.com/article/the-illusion-of-control-in-web-design
(Score: 2) by theluggage on Wednesday May 09 2018, @10:25AM (1 child)
The web has turned into something quite unlike the original concept - a way for scientists to share data and images online using a simple markup language. A large part of the purpose of the modern web is as a replacement for the commercial printing press; the shop window; an alternative to the TV commercial and a "thin client" computing platform. The early 1990s concept of the WWW as a distributed hypertext system is now a small subset of what the web has become.
Semantic web people have been banging on about the semantic web for years. Sorry, inconvenient truth: People and organisations who use the web to publish their own work or promote their own products want fine control over the presentation of their message - they don't give a flying fuck about the semantic web.
Now, the idea of a semantic web coupled with a powerful layout engine driven by optional stylesheets might have legs but, unfortunately, what we have is CSS, a system apparently devised by someone who had never seen a styles-based word-processor, a DTP package, a GUI layout manager or, for that matter, a website. Semantic web proponents were quick to declare frames and the use of tables for layout as "considered harmful" but provided no viable alternative - CSS simply wasn't fit to replace those things, let alone go beyond their limitations - even if you mastered its bizarre quirks, side-effects and rafts of browser incompatibilities. So people turned to things like Flash and (...because Javascript missed the obvious trick of using CSS selectors and DOM/XPath APIs were cumbersome to use) jQuery. One of the early appeals of jQuery was that it contained unified work-arounds for a bunch of browser incompatibilities.
I say this as someone who has always tried to do the Right Thing and ensure that my sites remain navigable and legible with CSS and scripting turned off - but it is a labour of love with little pay-off between personal satisfaction (and minimal compliance with accessibility guidelines - nice warm feeling but, in reality, if it hasn't been tested by a bone-fide blind person using a screen-reader then it probably won't work like that).
With HTML5 and the latest incarnations of CSS - plus the whole security thing which provides the perfect pretext to stop worrying about supporting older browsers - we finally have something almost fit for purpose, but its been a long time coming, and now we just need to completely re-work any website > 3 years old... just as lovingly hand-crafted HTML is being rendered uneconomical by CMSs.
(Score: 2) by FatPhil on Wednesday May 09 2018, @11:12AM
I remember those who were the strongest anti-"tag soup" campaigners (complainers?), are now the largest spewers of "div/class"-soup, where none of the content has any type that describes what it is at all, and only classes tell the browser how and where to render it so that it looks like a what it is, which is a <table>, for instance. When used for simply laying things out in columns, that's *worse* than using a <table>, one of the much-maligned traps of early webpage design, because at least in the tables the cells had an explicit before/after/above/below relation to each other in the structure of the document - now they are totally at the mercy of whatever stylesheet is active - you could reverse the order of the columns by dicking around with a stylesheet, for example.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves