Feeds

Accessibility, jihad, spoofing

Lexicon of discontent

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Letters Website accessiblity has proven a contentious issue. El Reg's postbag has been straining under the load of your comments after we reported on the DRC study that gave Net-bank Egg the thumbs up.

In your story 'Website's Fail Disabled' I was horrified to see how poorly the online community was doing in supporting the needs of disabled people, especially as the internet potentially offers easy access to shops and info that otherwise may prove physically difficult to reach.

Out of interest I ran www.theregister.co.uk through the Bobby Online Free Portal (http://bobby.watchfire.com/bobby/html/en/index.jsp), the results were far from perfect. I've no problem with the register being a part of the problems it reports on but I'd like to see you take a lead and tackle this issue on your own site, top web sites should be part of solution not the problem.

Cheers

Dan


Dear Reg

Using the online W3C validator, http://validator.w3.org/, only copac.ac.uk from the list below passed validation.

egg.com (Internet bank) oxfam.org.uk (charity) sisonline.org (spinal injuries voluntary organisation) copac.ac.uk (on-line catalogues of research libraries) whoohoo.co.uk (comedy dialect translator)

Also the drc.gov.uk website does not pass validation.

However, The Reg passes with flying colours!

Regards

A web developer


Also:

Interesting report about 'Egg decorated for site accessibility in DRC study' yesterday. The DRC seem to be a bit unhappy with general standards of accessibility, but there is an element of pot-calling-kettle-black here. Anyone tried running some of the standards and accessibility checks against the DRCs own website? The site claims a Bobby-AAA rating, but if you try 'Cynthia Says' it fails even on level 2. The HTML and CSS also fail to validate, which means potential problems for accesibility as well. The root of the problem, which is picked up by the W3C comments is that it is impossible to define 'accessible' - the best that any of us can do is make a 'reasonable attempt' to provide sites that are accessible to all.

Nigel A Callaghan


Well, we do take accessibility seriously here at Vulture Central. (As you know, talons make keyboards tricky to use, so the issue is close to our hearts.) The Register complies with the WC3 standards, which is more than can be said for most. As for compliance with the Bobby engine, try running Bobby's own page through it and see what comes up. See? We do try.

Really? Egg?

I ran their homepage through the bobby WAI validator. Whilst not a perfect system, it sure as hell gives you an idea.

Guess what the report said:

"This page does not meet the requirements for Bobby A Approved status. Below is a list of 1 Priority 1 accessibility error(s) found:

<http://bobby.watchfire.com/bobby/html/en/gls/g9.html>Provide alternative text for all images. (37 instances) Lines 431, 476, 488, 504, 505, 506, 532, 533, 542, 557, 559, 568, 611, 612, 613, 614, 615, 616, 625"

And then a host of other errors, for instance:

"<http://bobby.watchfire.com/bobby/html/en/gls/g269.html>Make sure event handlers do not require use of a mouse. (9 instances) "

I guess that must be the Javascript reliant visual "tooltip" on those three top main buttons: "Banking, Investing , Insuring" - I also notice that the text of those JS driven "tooltips" is not replicated in the ALT attributes for the image, or the TITLE attribute of the tag. At the very least an appropriate TITLE attribute is requisite, surely?

And something the validator didn't catch:

font-size : 12px;

There's an awful lot of absolute font sizes in the .css, and no relative ones whatsoever, which is another fail against the WAI.

Now, I know what you are going to say - DRC must have been talking about the online banking facility itself, or some other specific area of the site, but if the homepage can't even achieve "A" compliance, never mind "AAA" compliance, and Egg still gets a merit from DRC, then what's the point in the exercise?

So, after this revelation, I thought I'd have quick peek at http://www.oxfam.org - On the face of it, their layout looks like it should be accessible. Unfortunately, it once again fails to even achieve "A" status from the Bobby online validator. In fairness to them, it falls short of "A" standard by only a couple of minor errors, but still.

Of course, when I'm looking in the source code, I find an ENORMOUS row of transparent shim.gifs right at the top of the markup. All of these have empty ALT attributes. Is this friendly to screen reader software? I wouldn't have thought so.

I can see why DRC and W3C might not quite see eye to eye over this study conducted by DRC. Obviously, their user testing has revealed that the greater proportion of the tenets contained within WCAG 1.0 are at best redundant, at worst, completely innacurate.

Who are we to believe? I've now built several WAI "AAA" sites and it's time consuming, there's no denying it. Now DRC appears to be telling me they aren't worth bothering with. Tricky.

-- Matt Bradley


Tricky, it certainly is.

I quickly looked at the homepages of the 5 best sites listed in the accessibility article "Egg decorated for site accessibility in DRC study", and would like to point out that designers should not necessarily use these as examples.

The Egg and graphic Oxfam sites aren't liquid. Users (who, like my uncle, are visually impaired) with a 640×480 resolution have to scroll horizontally (for the liquid whoohoo also); and anyone using anything higher than 800×600 gets gobs of wasted space, making it needlessly hard not just for people with disabilities but for other users too.

Some of them don't use CSS, only one site uses a link element (and then only one), they all use scripts without any good reason...

COPAC is the best of the sites listed, but there are much, much better examples out there.

I've investigated web usability <http://www.useit.com/> and web accessibility <http://www.w3.org/WAI/>, and the important thing to note is that making your sites usable and accessible has tremendous advantages for *all* users.

Jeandré du Toit


Offshore outsourcing, an ever popular subject, popped up again this week. We published an article suggesting that free trade might not be quite as free as advertised, and that companies were less than 100 per cent transparent about the whole subject. Shocked? No, perhaps not.

So here's my problem with the last paragraph in your article; you make the comment that "the rights of less powerful nations to utilise free trade to their own advantages for once" but it isn't free trade.

I was a consultant in India for six months during 2002-2003 and I remember all of the protectionist tariffs and policies that they have in India, China, etc. If we were allowed to compete in India on an equal footing I think that argument might have more weight.

Additionally, shareholders have only themselves to blame when they ignore who is running the companies they invest in and how the boards and executives are compensated; for the vast majority of shareholders the only ethical standard the company is held to is the stock value.

Hells Bells, I can't save the world today, so maybe I'll just go floss my teeth.

Cheers, Bobby Pope

Good to know that your teeth are in good hands, Bobby.


Now, we know you lot can be sensitive, but we didn't know that the word jihad was on some kind of blacklist:

I am disgusted by the heading "Global P2P jihad stumbles"

What the hell you think you guys are doing? using islamic words everwhere now? "jihad" is known as (on dictionary.com) :

1. A Muslim holy war or spiritual struggle against infidels. 2. A crusade or struggle: “The war against smoking is turning into a jihad against people who smoke” (Fortune).

FOR SURE this is totally NOT the word you guys wanted to use.

What can you do? change the heading... that is what you can do....

Although I can't do anything I can still downgrade your site popularity by a trickle. Doesn't seem much but we will see about this...

-AMQ

It is too the word we wanted to use. You can tell, because we used it. If still confused, see your own definition two, above.


Lastly, an open letter from a pissed-off techie with a bag of darts and voodoo in mind. Be careful out there:

It is Monday morning ... and I'm really pissed off.

Why?

Well, our incoming email has been disrupted this weekend - this is the second time this year, and we're only up to April.

No it's not a server failure at our ISP, and no it's not a virus (not directly anyway) ...we've effectively had a denial of service on our incoming business email, because of all the auto-response emails kindly advising us that a message we never sent included a virus.

If you are a Sys-Admin, or Keeper-of-the-Mail-Server, I would ask you to read this very carefully - there's some important stuff further down that could affect you ...and if you happen to be feeling sharp pains about your person, this is because I'm busy throwing darts at your effigy.

Look - I'm genuinely pleased that you've managed to set up your mail servers so they automatically trap a live virus - excellent, well done!

In fact my pleasure is not unlike that of a proud father whose offspring has just managed his/her first poo into the potty instead of all over the floor. But my pleasure has waned as you continue to tell me about it - repeatedly.

So, let's establish a couple of facts...

1. Here at "Visible Form" we do NOT send out infected emails - ever. We have NEVER done so, and will do our utmost in the future to ensure that this remains the case. Like you, we run up-to-date virus checkers on incoming and outgoing, we have a hardware firewall, and our mail server ISP does NOT have an open relay - in fact we can only send email via this ISP if we connect directly to their system. The ISP we use for our day-to-day connection will only allow us to use their mail servers and 'spoof' our own FROM address if we've already asked for (and got) permission, which includes providing evidence that we own the domains in question.

2. Most viruses spoof the FROM email address.

Do I really need to explain to you that this means the virus-containing email DID NOT come from the FROM address? You do know this, don't you?

You do KNOW this?

DO YOU KNOW THIS??

These are facts - read them slowly and repeatedly until they sink in.

Write this in big letters and put it up on the wall: "most VIRUS emails SPOOF the FROM address".

I am pleased you've pooed in your potty - sorry, trapped a live virus - but it was not sent from here, and I do not need to know about it. I especially do not need to know about it several hundred, even thousand, times.

You see, what has happened here is that the virus is no longer the problem - we can all trap those if we have a mind to ...the real problem is YOU - for every virus your systems detect you automatically generate a reply to the email FROM address - unfortunately you've gone back to pooing on the floor and making a mess everywhere.

Your action in allowing this state of affairs to continue does absolutely nothing to resolve the real underlying issue of people with unprotected computers, and the virus-writers themselves - instead it is creating its own new problem which has every chance of bringing the internet to a grinding halt in the not-too-distant future.

If you do nothing else today, go now and switch off your auto-response to virus emails. Do it now - never mind Mrs Miggins in Accounts whose macros are not working - switch off the auto-response now ...do it ...NOW!

If all of this fails to move you, or causes a "whatever", let me put it another way...

Fact 1: You are causing me a denial of service with your thousands of auto-response emails.

Fact 2: I know who you are - your auto-response emails identify you.

Fact 3: If you do not fix it, I will talk to your Chairman, MD, Chief Officer and make it very clear that YOU are the cause of this problem.

Go switch it off NOW and I'll put my darts away!

Rob Kirkwood, owner Visible Form, Nottingham (UK)

Intelligent flash storage arrays

More from The Register

next story
MEN: For pity's sake SLEEP with LOTS of WOMEN - and avoid Prostate Cancer
And, um, don't sleep with other men. If that's what worries you
Jim Beam me up, Scotty! WHISKY from SPAAACE returns to Earth
They're insured for $1m, before you thirsty folks make plans
Now: The REAL APPLE NEWS you need to know
OMG! Gravity's totes amazeballs. Calm down, George Clooney, not your film
Boffins who stare at goats: I do believe they’re SHRINKING
Alpine chamois being squashed by global warming
Let's make an app that POSTS your POO to APPLE HQ
Plus: It's OPEN WARFARE in the Linux greybeard world
FedEx helps deliver THOUSANDS of spam messages DIRECT to its Blighty customers
Don't worry Wilson, I'll do all the paddling. You just hang on
Adorkable overshare of words like photobomb in this year's dictionaries
And hipsters are finally defined as self-loathing. Sort of
Not a loyal follower of @BritishMonarchy? You missed The QUEEN*'s first Tweet
Her Maj opens 'Information Age' at the Science Museum
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Business security measures using SSL
Examines the major types of threats to information security that businesses face today and the techniques for mitigating those threats.