Second, Hunt Griefers for Fun and Profit

When I chose the title “It’s Not Polite to Flash the Audience” for my discussion on photosensitivity, it was deliberately a bit flip to balance the seriousness of the topic. I had also thought about “First, Do No Harm” but it seemed a little too preachy at the time. Either way, I never imagined that I’d need to think about photosensitivity being an opportunity for twisted minds to physically assault users via the web as happened a few weeks ago. Some [pick any nasty epithet here] decided to post JavaScript and animated images designed to trigger migraines and seizures in users with photosensitive epilepsy. Worse, the message board was located at the Epilepsy Foundation (A full background story, including a description of the attack by an affected user is available at Wired). This goes beyond “normal” griefing—this is assault, plain and simple. Since the attack, there’s been a lot of speculation about who was responsible for the assault and whether they can be caught and, while I’m one of many who would love to have a few minutes with the perpetrator, I’m not very hopeful that the investigation will lead very far. There’s something important that can be done, however, and that’s to get information out there to help prevent things like this from happening wherever possible.

I’ve gotten several requests for more information about photosensitivity since this happened, so I spoke with Andy Hunt at Pragmatic Bookshelf about the issue. Andy reacted similarly to the problem and we’ve decided that, as a public service, we’re going to release Tip 27: It’s Not Polite to Flash the Audience from Design Accessible Web Sites free of charge. Reading back through the tip, however, I wish I had covered the issue more deeply than I did—the tip introduces the idea of photosensitivity and a couple of tools for testing video, but I didn’t go into other kinds of content like I should have. So let’s look at the issues of photosensitivity and user-submitted content like message forums.

The first route of defense for the site developer or administrator is to NEVER allow <script> or <object> content in user posts. This, of course, is a good idea anyway because of the security risks of allowing your users access to these tags. That simple filtering takes care of rogue Flash, Java, and JavaScript, but we still need to deal with with animated GIFs, and here lies the problem. For whatever reason, animated GIFs still seem to be popular in the “still thinking digital watches are a pretty neat idea” parts of the web (with all due apologies to Douglas Adams)—so there is still significant demand for browsers to default to supporting repeated GIF animation. Blocking animated GIFs in user submitted content is difficult at best. The only real options are:

1. Block <img> entirely: This isn’t appropriate to many forums because it unnecessarily limits discourse.
2. Filter the src= attribute for *.gif: This doesn’t really work either. An off-site url to a GIF file can easily leave out the file extension but send a correct GIF mime type.
3. Only allow uploaded images and src= references to your site: This isn’t feasible for technical (do we want to store a ton of graphics for our message boards?) and liability (they uploaded a picture of a giraffe doing what??) reasons.
4. Moderate all image submissions: If you have enough moderators to handle it, this might be possible, but most of us don't and it’s still an impractical approach.

At the end of the day, only the last solution addresses non-animated images with potentially seizure-inducing patterns. As developers, there are some things that we can’t easily address, and it may be that the best we can do is to provide a notice reminding our users that the forums contain user-submitted content which has not been fully vetted for accessibility—this is generally a nice thing to do when you don't have absolute control over the content anyway.

This means that site administrators need to be aware of problem images that appear on their sites and remove them as quickly as possible and users with photosensitivity will need to be careful, as in public spaces, to be aware that certain patterns may show up that could be a potential threat to them.

For users with photosensitivity concerns, there are also ways for you to configure your web browser to minimize your personal risk from animated content:

• Firefox: The Content tab preferences has checkboxes for enabling or disabling Java and JavaScript. The turns off Flash while leaving placeholders that allow you to start the content if you wish. Changing the animated GIF settings in Firefox, however, is unnecessarily painful, requiring you to alter the value of image.animation_mode to none or once under about:config. If you’ve never done this sort of thing in Firefox, more detailed instructions are available at mozillaZine.
• Opera: Altering your preferences for potentially flashing content in Opera is about as easy as it gets. Settings for animated GIF, Java, and JavaScript are easily available in the quick preferences. For Flash, FlashBlock for Opera 9 is available.
• Safari: Java and JavaScript are easily turned off under the Security tab in Preferences by unchecking Enable Java and Enable JavaScript. To eliminate Flash or Animated GIF, you can use SafariStand (OSX Only)
• OmniWeb [OSX Only]: Setting your preferences in Omniweb isn't as easy as in Opera, but it makes up for it with improved customization for your settings. Animated images can be set to animate fewer times or not at all In the Ad Blocking preferences tab, and Java and JavaScript can be controlled from the Security Preferences tab. Flash content can be controlled via the Blocked URLs button under Ad Blocking preferences. OmniWeb Help has detailed information on blocking flash content under the URL omniweb:/Help/reference/preferences/AdBlocking.html. One particularly nice feature of OmniWeb is that preferences can be set on a per-site basis, so you don’t have to turn off functionality for all of your web browsing just to accommodate jerks with technology at some sites. [Thanks to Mike Hostetler for pointing out how advanced OmniWeb’s treatment of preferences is]
• Internet Explorer: The No Flash! tool allows you to easily turn off Flash, Script, and GIF animations. Turning off Java in IE is somewhat more involved but Microsoft provides directions at their support site.

I've been feeling bad for missing a prenatal appointment with Kate this week—today was the first one that I've missed in either pregnancy due to being at the AERA conference in New York. So, of course, something had to be weird. For some reason the baby's heart rate was overly high and was measuring unusually small, so Kate was off (again!) for an unexpected ultrasound. Long story short, the numbers were an anomaly, everything is just fine, and as a bonus, we found out that our little koala is going to be a baby girl!

View the rest of this gallery

Earlier this week, I did an interview for the usability zone at DZone with Schalk Neethling. Schalk had several great questions about Design Accessible Web Sites, principles of web accessibility, not getting WET, and the future of web accessibility.

Over lunch yesterday, I joined Dr. Kathy King and Paige Eissinger to record episode twelve of their Transformation Education Live! podcast. Somehow I'd missed the “Live” part, which was a little scary for the first 5 minutes, but we ended up with a great discussion about Design Accessible Web Sites, tools for getting started with web accessibility, and some basic accessibility tools on the desktop.

Kate tagged me with a meme (how could she?! ;) Ah well, fair enough.

The rules are:

1. Link to the person that tagged you, and post the rules on your blog.
2. Share seven facts about yourself.
3. Tag seven people at the end of you post, and include links to their blogs.

So, seven facts...

1. If you're ever around me, you'll hear me go on about wanting life to finally calm down. While that's changed a lot since I became a father, that's still a little bit of a lie—I feel too strongly about the things I involve myself in to stop caring and keep my head down—that draws me into chaos like a moth to flame. To paraphrase Chuck Jones, Bugs Bunny is my goal, but Wile E. Coyote is my reality.
2. I'm a huge fan of the sandwich. Not just any sandwich, mind you, but a truly well thought out Sandwich. For example, today's lunch was homemade chipotle-garlic mayo, bacon, and fresh roasted turkey crisped on the pan after the bacon was finished grilled off on fresh local wheat. I'm convinced that the reason the panini took off is that it was the first real sandwich many people have had.
3. I'm generally what political bobbleheads would call a middle-liberal but, in reality, I'm more strongly a social progressive which makes me come off as a little conservative on rare occasions—I often get wary of promoting changes that look like they'll harm large segments of society in the long term.
4. I have an extreme aversion to dealing with fax machines. While most electronic toys bend readily to my will, some embedded evil magic of the fax seems to consistently thwart me. I'm certainly not the only technical type I know that has this problem, but I often wonder what the issue is.
5. I was born to a Catholic family but didn't identify with it until my late 20s. During my teens and early 20's I looked at many religions (and the non-religions as well). In the end, I found that the Catholic church, particularly as it is experienced by the Franciscans was a better fit for me than I had thought when I was younger
6. I've made it through umpteen years of education and written a book without being able to completely overcome the “its/it’s” issue. It's not that I don't know the rule, I just have to stop and think about it. If I do it at the time, I often have the flow of my writing break, so I've learned to to a global search on " it[']?s " to check everything before my writing goes out.
7. If you've followed the blog, you've probably noticed that I have a lot of interests, like film, textile art, psychology, technology, fashion, cooking, etc. While I'd love to believe this makes me a bit “renaissance&rdquo, odds are much greater that I'm just an over-amped information packrat ;)

So much for me, I'm tagging these seven:

1. Jason
2. Peter
3. Blaine
4. Craig
5. Ant
6. Dan B
7. Dan T

So, it's no secret that I'm not a big fan of captchas—they're a major accessibility issue, they're a royal pain for users that don't have a disability that impacts their web usage, and they don't work very well at establishing security. Even so, I still hear a lot of comments about how we need captchas to protect our web sites. Tell that to Microsoft and Google.

The problem with captchas is that they have the same underlying weakness as strong DRM. Even if you don't consider the idea of teams of outsourcers being paid to enter captchas or clever sites that use a bait to get regular users to break a captcha for them, the simple fact is that a captcha is, by its nature, machine readable. Not only is it machine readable, but it also has to be (more or less) human readable. By remaining readable in this way, it is always going to be a matter of time before someone develops software that can circumvent the system.

Considering the amount of resources that go into upgrading captcha technology, and the relative ease with which they fall, perhaps it's time to stop building bigger mousetraps and devote our resources to attempting to build a better mousetrap.

Over the last couple of months, I've been rebuilding CommonPlace in Chicken Scheme, in part as an exercise, in part to repair some design flaws in the original CommonPlace, but especially in part to eliminate some of the inefficiencies that have plagued the Rails version. While I was at it, I decided to play around with a little bit different layout. With my history, we'll see how long I stay satisfied with a light-colored site.

Daniel Spiewak over at Code Commit poses the question Should ORMs Insulate Developers from SQL? My initial answer before reading the article is a resounding NO, which seems to agree with Daniel's assessment. The problem is, ORMs work really really well for the things that their designers kept in mind. Don't get me wrong, I've happily used ActiveRecord SQLObject as well as written a few “Micro-ORMs” for internal projects. The problem is when you drink the “You should never have to write SQL” kool-aid.

The thing I don't want out of my ORM is to have to learn a new relational language (like Hibernate's HQL) when I need to go beyond the assumptions of the ORM authors. Similarly, I despise leaky abstractions and I want my ORM to get out of the way and let me drop a query when the wrappers don't work. “But”, the converted say, “wouldn't you like to use a DSL to write your database queries?” Why yes, yes I would. In fact I'd like to use a well-tested and robust DSL for my relational queries—I call that DSL SQL, and it works pretty darned well.

I've been blown away by the reviews that the book has been giving. It's not that I'm entirely surprised—I mean I know it's a good book, but it's very humbling to hear that others feel the same way.

• SDTimes listed DAWS as one of ten titles “to expand one's view of IT”
• Cyber Aspect's Julie Smyth says “I'm happy to give this book a double thumbs up. It is well written, enjoyable to read and contains so much helpful information, it's hard to list it all here.”
• Ask Felgall's Stephen Chapman says “This Book provides both an ideal introduction to accessibility as well as a central reference to all of the different aspects of accessibility that you need to take into account when designing a web site.”
• Weblabor's Török Gábor gives DAWS a 9/10, but I can't tell you much more than that because I can't read Hungarian— If you can, and would be willing to translate, please let me know!
• Roger Johannsson at 456 Berea St gives DAWS a high recommendation, saying “There is not a lot of pedantery and preaching and ‘you must follow these guidelines exactly, or else’. Instead, the author focuses on the end result - if doing this or that actually makes the site more accessible. And in the end that is a lot more important than ticking boxes in a checklist.”
• NosillaCast #135 is a full half hour discussion between Allison Sheridan and Paige Eissinger about DAWS. I don't know where to start with this one—Paige and Allison's praise of the book was enough to make me turn pink for most of the afternoon!
• Paige also discusses the book briefly with Dr. Kathleen King in Transformation Ed Episode 11 I didn't know about this podcast until recently, but it syncs up with a few of my major interest areas and I want to listen in on the old episodes and keep up with the new ones.

Thanks to each one of you for your wonderful comments about DAWS!

One of my jealous moments during both pregnancies has been the time frame where Kate can feel the movements and small kicks while I have to wait and hear about it ;) We've finally gotten out of that for this pregnancy. I have to be more on-point to catch this one kicking since the activity doesn't seem to be quite as constant and intense as it was with Aidan was but, considering Aidan rolled himself in the delivery room and did his first crib crawl at one week, odds are pretty good that this one won't be quite as active.