Theodicius

Good. Evil. Bratwurst.

Hello, old friend.

Filed under: General,Web Design— arlen@ 4:55 pm

<Deep Sigh> Ran in to an old familiar-but-forgotten bug today. Caused by tables, currently inserted into the design unnecessarily by the OSCMS I was using. It has been so long since I’d worked with table-based designs I’d completely forgotten that when you style a table as width: 100% IE/Win decides that you mean more than just 100% of the available content area if you have a floated box. (Technical description for the curious: within a screen-width box a box 275px wide is floated left. The screen-width box also contains another box with a left margin set at 300px. A table within this second box, styled at width:100%, will wait until the floated box has ended before displaying, even though there is no overlap between the display areas of the floated box and the table and even though other content in the box before the table will display correctly.)

So I wasted time trying to figure out what was happening. It wasn’t until I stopped looking at the code I was writing and started looking at the code the CMS was writing that I realized what was happening.

The default in IE for a table is to take all the room it needs, up to the limit prescribed by the bounds of the box it’s in. Dropping the width attribute and settling for the default fixed the problem.

That’s the problem with the argument that claims table-based design is simpler. It’s simpler only because we already know the bugs and workarounds for it. When we don’t know (or when we’ve forgotten) it’s at least as difficult as standards-compliant design.

He’s at it again

Filed under: General,Technology— arlen@ 8:25 am

My favorite oversimplifier, Jakob Nielsen is At It Again. This time it’s computer security.

As usual, there’s some meat in the soup. Computer security should be easier for normal people to set up. He uses the analogy of locking a car. That level of security for a computer should be trivially easy for a user to set up. And while it’s not enough to keep out a crack team of agents, neither is locking your car. He should carry the analogy further.

Why is it that simply locking the car door is considered sufficient security, when any determined thief can still steal the car if it’s locked? Because insurance will replace what’s lost, and because your loss is limited to the car itself and what was in it.

So, following the analogy through to the end, if we want lock-the-car-door security on our computers, we should so arrange our computers that anyone breaking in to them will only be able to damage the computer itself, and we should be insured against the loss of whatever can be gained by breaking in. If those two factors hold, then computer security on the level of a locked car door is a realistic step to take.

On the other hand, if what you’re wanting to do is store the minutia of your life in the box, you should treat the box as if that is indeed what it’s holding. If you’re the type who would leave every dolloar you possess in an open shopping bag sitting on the seat of the car in plain sight, then yes, I suppose once again you should use the locked car door level of security. If you wouldn’t, then why are you doing even less than that to protect it simply because it’s on your computer?

And user education does factor into the equation. If a man walked up to you on the street and said he needed your banking information in order to transfer 85 gazillion dollars from point A to point B, how many of you would instantly hand over the information? I thought not. Yet a surprising number of people do so in the computer equivalent; they have this knee-jerk reaction to believe every single thing that floats into their mailbox.

If you received a letter that had the return address of someone you knew, yet contained an ad for viagra and breast enhancing pills, would you automatically assume your friend had sent the information to you? Or would you check the postmark to see if it came from a place your friend would be sending from? Yet how many people always believe the “From” field on an email, which is no harder to fake than the return address on a letter?

Ordinary people with loads of common sense suddenly lose touch with all that sense when reading an email or a web page. They wouldn’t believe it if someone said it to their face, but This Is On A Computer, So It Must Be True?

Computer security should be easier, at least for moderate levels of security. It can’t be made simple to lock a computer down to the point of impenetrability; the only computer impossible to break into is turned off, unplugged, encased in concrete and buried at the bottom of the Marianas Trench. And even then I’m not 100% sure it’s safe.

Following all of Nielsen’s suggestions doesn’t get you to safe, either. Encryption can be broken, and is being broken every day. Digital signatures can be faked or fooled (remember the company that obtained a specious MS signature?) so are not foolproof. It’s not possible to open a hole to get trusted things done without at the same time opening a hole for exploits. If you let one kind of traffic through, anyone who successfully pretends to be that sort of traffic can also come through. And let’s face it, fooling computers really isn’t hard; fooling people is much harder. A human shop clerk would never accept that this 6’8″ 300-lb body building he-man in front of her is actually Hermoine Havealot; a computer would, and does every day.

And automatic updating? Yep, that’s really a foolproof system. All an attacker needs to do is compromise one domain resolver, and you’re automatically downloading and installing a fake update. A simple redirection of your access. Oh, you thought the Internet’s domain system was foolproof?

Sure I’m paranoid. But am I paranoid enough?

Bottom line: you, not Bill Gates, not Steve Jobs, not even Linus Torvalds, are responsible for what is happening in your own computer. Act like it. Stop believing that everything you see on a computer is true. No computer ever created is better at knowing how much you want to risk, and what you want to protect, than the one between your ears. Turn it on, feed it good information, and use it. Those silicon counterfeits laying around on desks can’t hold a candle to it.

Life changes

Filed under: General— arlen@ 10:53 am

…when you have a child. Jeff Zeldman is finding that out.

I remember well the first day I met my oldest child. I was prepared, I’d had more than 9 months to think about the idea, get used to it, plan for it — but it didn’t matter. The man who picked up those seven pounds 12 ounces of wiggle disappeared never to be heard from again after one look into her wondrous clear eyes. I am not him. That man could not do, and would not have done, what I have done voluntarily, even cheerfully, in the last 26 years.

And I would not have missed it for the world. Welcome to the club, Mr Z. You may have your doubts now, especially in the dead of night, at the Hour Of The Wolf, but you’ll do. It’s the men who don’t change we have to worry about.

CMS, part II

Filed under: General,Technology,Web Design— arlen@ 1:28 pm

OK, so you already know I’m not extremely happy with the state of the CMS arena currently, and I promised you an update.

Andrew Eddie of the Mambo team and I have been exchanging some emails, each of us educating the other. I find that part of my previous rant was being addressed almost as I was ranting. There’s a style code that will load modules without the table wrappers. It wasn’t in the version of the docs that I was working from but the lastest set has it (dated mid-September).

So that solves everything, right? Wrong. I’m moving along towards being able to do what I wanted to do, but it’s still more often done over the tool’s objections than supported by it.

Part of the problem is philosophical, and part of it is technical. I’ve been head down in technical details too long (but I have managed to convince Mambo to let me place a “module” — Mambo-ese for a logical chunk of the web page, remember — floated to the right edge of a main content item, so it wasn’t a total loss) so as a break let me wax philosophical about it.

Each of the chunks of the web page are self-contained. The main content doesn’t wander around through the navigation, the ad banners keep to themselves, and the list of recent changes is way too snobby to be caught dead mixing with the synication links. That’s as it should be.

But where do the “lines of demarcation” get drawn? If I ask my CMS to upchuck some content, should it hand it to me packaged neatly with a bow, or should it just fill my waiting arms with a string of loose text? I would prefer the latter, but even while preferring it I can see why others would prefer the other.

Where do you want the work to be done? Most of today’s templating systems act like they’re working a loading dock. Boxes arrive, they check the manifest and stack the boxes in the appropriate piles. All neat and tidy. What could be better?

But what if you want a stack in a shape other than rectilinear? What if you want to “readjust” the contents of some of the boxes, so that what was in 5 boxes now fits in two slightly larger ones? As someone else remarked, why should a website have columns?

Are we approaching the idea with blinders? In one sense we’re used to the idea of stackable blocks, in terms both of programming and design. Programmers think about chunks of code as “objects,” they break tasks down into increments, and they view code that doesn’t respect boundaries as sloppy. And the grid model has been hanging around design studios for more years than I can count. It gave birth to the table-based design model, and current CSS-based design, while a step forward, still cannot handle grid design logic as well as I’d like.

As I was speculating, I considered what it was, precisely, I was asking for. A piece of content should know everything about what support functions it will be needing when it arrives on the page, but nothing at all about the location of those functions. A template shouldn’t know if any particular piece of content exists, but it should know precisely what to do with it when it comes knocking.

I idly wondered: create the page structure in xml. Each page could have a unique structure, each logical content chunk identified and given attributes identifying what support functions it would require. There would be no required order in which the chunks would be listed. Then the output engine takes those chunks and assembles them based on a set of rules provided by the designer: if this chunk is present, put it here, if not, let the space be filled by this other chunk. Somehow this output processor sounded familiar.

And shortly after that, it struck me. Am I describing XSLT?

Hickory Dickory Death

Filed under: Books,General— arlen@ 9:26 am

The next stop on my journey through Dame Agatha’s land was Hickory Dickory Death.

Another of the “nursery rhyme” mysteries, this one is not one of her best. Oh, its a good puzzle (when does she not make one?) but in this book her palming of the critical clues is not quite up to her usual standards. You can see her hands move, and her misdirection isn’t as good as usual. An astute reader should arrive at the correct conclusion before All Is Revealed.

The book begins when the incomparable Miss Lemon makes three (count ’em 3!) errors in a letter she is typing for Poirot. The plot revolves around some silly thefts at a youth hostel, which is managed by her sister and so family feeling is the cause of her mental lapses, and builds from there through three murders to a conclusion. It builds well, Poirot is, well, Poirot. If you’re coming here from the TV series, be aware that the TV writers have rewritten a lot of Dame Agatha’s work in order to include the supporting characters of Inspector Japp and Captain Hastings, neither of whom appear in this.

December 2025
M T W T F S S
« Aug    
1234567
891011121314
15161718192021
22232425262728
293031