The inital target of $10,000 has been reached, but don’t let that deter you from contributing – it means Yoav can work for longer, and maybe even have a break for a coffee and a piss now and then. (Coders, eh?)
Confessions of a CSS Expert – “Before long, I’d gotten into the hard stuff. I was putting multiple classes on any one element… Soon enough, sites in production were using <div>s for everything: buttons, headings, checkboxes, whatever. It was like Drupal, but even more obsolete.”
A Proposal for Credential-based Login – “There is a growing need for digitally verifiable credentials on the Web. Being able to prove that you are who you say you are is important when paying or receiving payment.”
CSS Aliases (Draft) – “This specification defines methods of defining “aliases” for long or commonly-used values in several CSS features, reducing repetition in the stylesheet.”
‘Censor my internet please!’ – a Pakistani blogger writes “The Government in Pakistan does not censor the web – rather it follows a strategic covert control model… When a stance for the opening up of a video portal is equated with blasphemy, how many can be expected to speak up?”
At Edge Conference on Friday, Peter Gasston unmasked me as a secret accessibility wanker by saying “For a proper in-depth look at a11y in web components, see @brucel – he’s just spent weeks researching it for a talk next week.”
“Real” HTML elements have built-in behaviours. Something like a <button>, for example, can be focussed; it can be activated by the keyboard, and when it’s activated it does something. Developers don’t need to add anything to the button element to get these behaviours; they’re given to us.
You can also make your own custom elements with no fallback, too. But whichever way you choose, you need to add all the ARIA information and tabindex yourself. I don’t think this is misuse of ARIA; the ARIA spec says
WAI-ARIA is intended to augment semantics in supporting languages like HTML and SVG… It clarifies semantics to assistive technologies when authors create new types of objects, via style and script, that are not yet directly supported by the language of the page, because the invention of new types of objects is faster than standardized support for them appears in web languages.
Given that the whole point of Web Components is to add “new types of objects, via style and script, that are not yet directly supported by the language of the page”, this seems to me a pretty good fit.
But enough theorising – how well are Web Components supported in assistive technology?
That’s actually not too surprising; although Web Components and Shadow DOM can hide things from the “real” DOM of the page (by design), the browser mashes them all together to render them, and assistive technologies sit on top of browsers. Of course, if the developer couldn’t be bothered to add ARIA information etcetera, they may not be accessible – but the fact they’re encapsulated in a component doesn’t make it better or worse than if they’re in the page in the traditional way.
The primary impediment to accessibility on the Web isn’t technical, it’s social. It’s that many (most?) developers don’t give a toss. One aspect of Web Components is that they can be shared and imported into the HTML – think of server-side includes, but client-side.
I had a vision of a big CDN (like Google’s Web Fonts or hosting of jQuery) but Addy Osmani told me that including from third party CDNs could be a performance problem. Nevertheless, we can expect lots of Web Component libraries to spring up, and people saving them locally, using their build processes to check they have the latest versions in their directories for inclusion at run time.
I don’t think it’s necessary for me to urge developers to put the source code of the Web Components they write onto Github for forking and collaboration. Please do that, and make it easy for people to contribute, so that people who notice accessibility holes can send pull requests.
A while ago, on this blog, I got an email from a screenreader user telling me that the live comment preview below the comments box needed an ARIA live region to be accessible. It was a WordPress plugin, with the source code on Github. I sent a pull request and, a couple of days later, the developer merged my one-line change latest version of the plugin. That’s my site, and 43,410 others, made more accessible through one pull request.
I disagree. If passionate evangelism were enough, the web would be perfectly accessible now. My message to accessibility advocates is “passion – great. But with pull requests, please.”
Web Components and the Three Unsexy Pillars by Paul “it’s not my round” Lewis. “I believe we need some open and community-driven way of vetting and ensuring Web Components are accessible, secure and performant. While we figure out what that means, let’s not be fooled into thinking that Web Components can fix bad development”
The HTML Landscape – “This document captures the differences between various HTML specifications.”
Peer5 Downloader – a JS-only embeddable peer-to-peer downloader that uses WebRTC Data Channels, Filesystem API, IndexedDB and other fancy stuff. Caveat emptor: I haven’t tried this – I just think the tech is interesting.
Separate is Not Equal – “Safeway used to have a separate text-only site. The site was designed to help blind people but it did not have all the information on it that Safeway’s main site had. Now Safeway has one website that everyone can use.”
Welcome to the first in an occasional series called “Monday meh”, in which I briefly fulminate about something that made me a bit grumpy.
Occasionally, web pundits complain about Android fragmentation. “Fragmentation” is Punditese for “oh dear me, I hate diversity because it makes my job so hard”.
If there were only iPhones, the job of web developers would be much easier. But, of course, most people in the world would then have no access to the Web. Call me “Captain Priority of Constituencies” if you want, but denying most of the world access to the Web in order to make a few people’s lives easier is what computer scientists term “getting it wrong” and “missing the point”.
It’s like being a bartender and complaining that your job would be so much easier if no customers ever bothered you while you’re polishing glasses and reading your Mixology books.
Installable web apps by PPK: “The mobile browser “bookmark” function should become “install” and place an icon on the home screen. This icon starts up the web page or web app; likely from local memory.” Good article, though I disagree with the idea that the web app is a local copy – that’s re-inventing Widgets. It should be the live, instantly-updatable web site, “offlinerificated” with Service Workers.
The state of standalone apps on iOS – “we examined 360 web applications that claim to be capable of running “standalone” in iOS (i.e., the web application asserts that it’s usable outside the context of iOS’s default browser). We put those claims to the test by manually checking if the apps could, in fact, be used as standalone.”
Service Worker + Push API – “outlines an API which integrates with the Service Worker to enable delivery of push messages to applications which do not have visible tabs”
Media playback restrictions in Blink – “Blink and WebKit have a setting for requiring a “user gesture” to play or pause an audio or video element … this gets in the way of reasonable use cases like games or playlists, and developers are not impressed … as an experiment we’ve removed the restrictions in Opera beta for Android. However, I’ve also found a workaround for current browsers.”
CSS Regions Considered Harmful by Opera CTO Håkon Wium Lie. I don’t share all his concerns, although I find the CSS Regions spec “smells funny” (I can’t articulate it any more coherently than this) although I completely agree that the need to be able to fragment text across separate boxes is something that needs solving.
HTML is too complex – “unless there is an immediate visual or behavioural benefit to using an element, most people will ignore it”. Some real food for thought in this sentence.
A World Managed By Apps Is Closed For Those Without A Smartphone – “Every time you make a service or device that can only be managed from an app, you are basically adding to a systematic poor tax. You make it easier for those comfortable, with great smartphones in their hand, to get shit done, while not spreading that benefit to those without the magic box. You deepen economic entrenchment.”
[HTML Imports]: Sync, async, -ish?. If you’re importing a web component (you hypercool ninja, you) should the whole render be blocked until the component can be drawn? Of course not, argues Jank Archibald persuasively. Elsewhere he writes, “Instead, we should follow the default behaviour of <img>. An <img> doesn’t block parsing or rendering, the image appears when it is loaded. The developer can reserve an area for the image to change the reflowing behaviour.” Not as daft as he looks, that Jake.
will-change: a CSS hint to browser that you know its appearance will change, so it can make any optimisations, eg paint it to another layer immediately for faster animation. Replaces hacks like translateZ(0) and -webkit-backface-visibility: hidden.
As Mike Taylr points out, “Scampi Bug Yeti” is an anagram of “Spec Ambiguity”. Sometimes, people moan that the specification process of web standards is grindingly slow and laborious with too much detail etc. But the reality is that specs that are amibiguous or not tightly defined cause problems with interoperability. For example,
Articles that I’ve tweeted this week. Not necessarily fact-checked, or endorsed.
CSS Books “defines features often used when printing books or magazines. Using this functionality, documents written in HTML can be presented in a book-like manner, either on screen or on paper”. Includes footnotes, running headers, baseline rhythms, leaders, page groups and floating images into named page areas.
A Rational Web Platform by Dimitri Glazkov (Google’s Mr Web Components) on blink-dev list. H e writes, “HTML is a UI toolkit, written on top of DOM”. Maybe, if the Web were only browsers. Ruminating. May be some time.
CSS Object Model (CSSOM) Editor’s draft. “The core features of the CSSOM are oriented towards providing basic capabilities to author-defined scripts to permit access to and manipulation of style related state information and processes.” (Co-edited by my Opera collague, Simon Pieters). Also CSSOM View Module “provide authors with a way to inspect and manipulate the visual view of a document. This includes getting the position of element layout boxes, obtaining the width of the viewport through script, and also scrolling an element.”
VP9 codec demo clip in WebM format. VP9 gives “video quality that is slightly better than HEVC (H.265) and is 50% better than VP8 and the best implementations of H.264 high profile” says Google. Compatible with Chrome, Opera 16+ and Firefox 28+.
Aral Balkan asked me to “cut to the chase, Bruce: do you find anything wrong with the business models of Facebook & Google (monetising data)?”
It’s something I’ve been thinking a lot about, but it needs more than 140 characters, so here goes. Note that these are my personal opinions. I work for Opera, which has business relationships with Google, Facebook, and its own advertising arm of the business.
But I also use Google and Facebook services privately so have my own views as a user; again, these are my opinions, not those of my employers.
I work on the web, but at home on my own, so I use Facebook and Twitter a lot. Not only is it useful for discussing work, but it’s my “watercooler”. I don’t mind that the personal stuff I write is publicly available, although I keep my location secret and no longer put the names of my kids online. (Facebook stuff isn’t public. I only really use it as it’s where non-geek real-life friends are.)
I don’t much mind that Google tracks my searching habits around the Web (although I would pay money not to have to watch Treehouse Woman again on YouTube, because she’s too shinyhappy, and puts her coffee down on a wooden surface without using a coaster).
The annoyance I find is offset by the fact that I understand why they do this; it’s how they make money to support the services I use for free, which are primarily Search, Gmail and YouTube. (I get no benefit from Google+.)
In short – I understand that “I am the product being sold”, and am OK with that. Similarly, I’m fine with getting tailored money-off vouchers for products that I use, sent to me by supermarkets who know what I use because they monitor it. I opt in, because I see value in that. You may not; that’s fine.
As long as the companys’ privacy settings are both clear, and honoured by the company, I don’t see this data gathering and data mining as inherently intrusive. I’m not sure that all companies privacy settings are sufficiently clear, however; I read a case study some years ago in which a good-sized sample of people were asked what privacy settings they had on their social networking, and it was compared with the actual setting – very few matched. The Facebook Android app permissions are certainly opaque.
Perhaps companies that do monetize data could make their privacy settings more transparent, and be even more obvious that the price of free is your data. But I think the latter is pretty obvious to those who give it a little thought; we can’t always handhold stupid people. There should certainly be a simple method to delete all one’s data and history from public view, and which will be removed from the company’s server/ archive within a defined period of time.
What annoys me most is when people or organisations use my data without my permission. For example, a few years ago, my wife had a minor car accident. Somewhere in the chain of insurance company, loss adjusters and repairs garage, our phone number was given to an unauthorised third party and occasionally I receive a phone call from a call centre trying to sell me “no win, no fee” ambulance-chasing legal services.
But beyond annoyance, what alarms me is secretive State intrusion into my life through my digital tracks. I assume that all companies – whether a supermarket loyalty scheme or a social network – regularly comply with warrants from law-enforcement agencies going about their legitimate work.
Let’s assume that the social networks and search engines, as they claim, don’t just hand over all their data to the governmental snoops. It then seems to me that, unless they’ve been fantastically lax with their security – which is certainly possible, but unlikely, given that it’s their core cash-generating asset – they can’t be blamed for the actions of the government.
We know from Edward Snowden that some companies’ data is just wholesale hacked by NSA, GCHQ and other state bodies. The legality of this is being debated in courts at the moment. The morality of this is clear (to me): it’s wrong. “If you’ve nothing to hide, you’ve nothing to fear” is the refrain of the KGB, the Gestapo and every despot across the globe.
Government intrusion isn’t new. When I was a teenager, I joined a communist party. My letters from them were always opened (and no others). Presumably, this was done actually by the UK Post Office on police orders – that is, complete collusion, even thought there was no warrant or reason to fear an idealistic but naive 17 year old. It’s also long been rumoured that the voting slips of all UK communist voters were cross-referenced against their counterfoils and the names of communist voters given to Special Branch and MI5.
In short, to answer Aral’s question: I don’t feel that commercial organisations using data that I’ve opted to provide them, for the purposes they said they’ll use if for, is wrong. It’s part of modern capitalism, which contains plenty I have to hold my nose about, but that’s a much longer blog post which I can’t be bothered to write.
The worrisome aspect is states illegally stealing our data from those companies, and putting us under constant surveillance, justified by keeping us safe from this year’s bogeymen.
But those same social networks and web companies allow us to share information on what they’re doing and organise in order to protest against it. The tension between individual liberty (I believe privacy is an integral part of liberty) and state control is not new. The threat may be greater because of technology, but the platform to fight it from is greater, too.
Last night I dragged my carcass down to London in order to meet the W3C Technical Architecture Group (TAG). This is the group that advises other W3C working groups on architectural matters – most notably (for Web developers) API design.
Co-chair Dan Appelquist blamed me for this event; after the inauguaral Meet the TAG last June, I suggested that follow-up events be more structured and have a public Q&A, if only so the TAG Team didn’t have to answer the same questions repeatedly as they mingled.
On stage, but not expecting the Spanish Inquisition, were Anne van Kesteren (Mozilla), Sir Tim Berners-Lee (W3C Director and Olympics opening ceremony eyecandy), Alex Russell (Google), Yehuda Katz (Ember.js, Ruby on Rails and jQuery Core Teams) and Dan Appelquist (Telefonica). Other taggers in the audience were Peter Linss, Dame Jeni Tennison, Henry Thompson and Sergey Konstantinov.
We have lots of high-level APIs but we need to get to what’s underneath. For example, every browser has image decoders (that turn PNG, JPG, GIFs into bitmaps) but how can we access them? We can’t. Where is the API that allows us to tell an <img> element to defer loading? There isn’t one.
So we need to do what Alex Russell called “archeology” – define each layer in terms of a lower layer. Yehuda used HTML5 appcache as an example; it does a whole bunch of things but, if those turn out not to be what you want, you’re stuffed. This is why Service Workers were invented, and it’s important to note that it’s possible to write AppCache’s higher-level functionality in ServiceWorkers. This layering is described in the Extensible Web Manifesto (which isn’t a TAG document, but which is signed by many TAG members as well as the glitterati of the standards world).
Tim BL pointed out that access to very low level was common in native app programming languages, and becoming so on the web but more parity is needed. The fact that we’re now calling it “Web Platform” is more than a marketing-led rebrand.
Then followed an unedifying discussion about DRM – Digital Rights Management – or Encrypted Media Extensions as the extension to HTML is delicately called. (Contrary to unpopular belief, it’s not part of Core HTML.)
I say it was unedifying because it has nothing to do with TAG. But as few people have opportunity to ask Tim BL questions, it was a chance for them to ask the director of W3C about it. Trouble is, it’s a discussion that goes nowhere. If TAG’s disapproval of EME could abolish DRM from the world, I’d be all for discussing it (although I’d prefer they focus their new superpowers of abolition on hunger and war). But whether TAG likes it or not, Big Hollywood will implement DRM anyway.
Then I went for a pee and missed a bit about making up your own tags with XML (and/ or RDFa) is evil, but making up your own elements with Web Components is great. Anyone else catch the detail of that part? (Update: Jeremy Keith did.)
One thing everyone agreed on was the we all love URLs (or URIs, as Tim called them; is there a difference?).