Friday, January 16, 2009

Internet Explorer 8

Microsoft disables automatic IE 8 downloads | The Register
Microsoft will cushion you from the Internet Explorer 8 standards mess with software to prevent automatic download of its next browser to your machine.

Ask any web designer what their least favourite browser is and it's a good bet that Internet Explorer will be their reply. It isn't because of some anti-Microsoft sentiment, or because it isn't as cool or as customisable as other browsers, nor even anything to do with page loading speed, but quite simply because it doesn't follow the official W3C web standards. Microsoft acknowledges this problem and since Internet Explorer 6 (IE6) has been working to bring its browser into line with W3C specifications.

The Browser Wars

The browser wars of the 1990s between the now defunct Netscape Navigator and Internet Explorer started off this problem, as each browser began following only some standards, or worse, only following their own standards.

Surprisingly, back then it was Microsoft's browser that was the most standards compliant, and Netscape that used its own 'standards'. By the time that IE had won the browser war and was used by 96% of web surfers, it too had moved onto supporting its own proprietary standards. At this point it wasn't too much of a problem, as web designers could simply design for IE, as it was a fairly safe bet that most of the viewers of a website would be using it.

It wasn't all rosy however, the browser war had meant there had been a stagnation in bug fixes and actual development, web designers were stuck designing in lengthy, bloated code as the slicker design method of HTML and CSS didn't work properly with Internet Explorer.

CSS

Cascading Style Sheets (CSS) were meant to make the design process far, far easier and also make the viewing of web pages faster and more aesthetically pleasing. Web pages using CSS load faster, are easier to alter and allow more complicated layouts, but for years after CSS was accepted as a standard, web designers were stuck using the older, more troublesome table based designs.

With the decline of Netscape that preceded its eventual demise, it was clear that Microsoft were in the driving seat of website design. From 2002 many web designers created websites aimed only at IE5.5 and IE6,  by this point IE had become mostly CSS compliant. Anyone attempting to design to official W3C standards, was asking for trouble and many headaches.

Then the second browser war started.

Firefox

Firefox was more standards compliant than IE, which meant that website designers had another browser to consider when designing a website, especially as Firefox became instantly popular and standards compliant websites were back in vogue.

Many designers were therefore creating W3C compliant websites, and uncovering the power of CSS. But upon viewing them in IE, they'd discover things like the double margin bug, three pixel bug, float drop problems and also the fact that IE6 doesn't handle transparent PNGs.

More than a few of them were scratching their heads and wishing 'If only IE were like Firefox!' With the popularity of Firefox soaring, accounting for 21% of the browser market by the end of 2008, it seemed that Microsoft heard.

IE7

There are workarounds and so called hacks to get websites to look in IE6 as they do in Firefox but they were a hassle and meant much fiddling on the part of the designer. Firefox and Apple's Safari were far more forgiving and getting more and more popular with users, in response Microsoft released IE7.

Although still not fully standards complaint, IE7 was the most compliant browser yet and Microsoft promised to go even further with IE8.

IE8

IE8 is fully standards compliant, but after a decade of IE only designs, that may not be a good thing. If your website is fully standards compliant, or was aimed primarily at Firefox but with a few IE hacks, you should be OK, but if it was aimed mainly at IE6, you may have problems. It is certainly worth checking out IE8 to see what your website looks like as you may find, particularly if it is a few years old, that is doesn't look as good as it did.

It seems that Microsoft have delayed IE8 to allow businesses to do precisely this. Microsoft did see this problem coming and have added two viewing modes for IE8, the default mode which is the standards compliant viewing mode and compatibility mode, which allows the user to view the website as if viewing with an older version of IE. Sadly though, few people are switching modes, meaning a lot of websites are not displaying correctly in IE8.

Although this may not be too much of a problem at the moment, especially with Microsoft's delaying the release of the browser, it could become a problem very quickly. Although it was released only two years ago, IE7 accounts for 50% of the browser market,  the previous version, IE6 just 20%.

Two events this year are likely to push the uptake of IE8 to be faster than that of IE7.

The release of Windows 7 later this year, which will most likely ship with IE8 as standard and also the fact that mainstream support for Windows XP ends in April 2009. Those buying a new PC will have the choice of Vista, or Windows 7, both of which will likely have IE8 as their default browser.

If you're not sure what your website will look like, you can use this website to preview your website in IE8 (and other versions of IE) for free. Needless to say the Horizon Web Development website and the Horizon Flash Memory website display perfectly.

Others, aren't so lucky.   



Labels: , , , , , ,

Sunday, September 14, 2008

Why Flash isn't always good

Many people ask for flash based websites, believing them to be the best way of impressing visitors, having a professional and modern looking website and also giving visitors an interactive, and easy to use, browsing experience.

Whilst some of the above may be true, there are two areas in which Flash based websites lose out - accessibility and rankings.

Search engines

The importance of search engine rankings should not be understated, after all, what use is a website if no one can find it.

This extract from an email from Google explains:

"While our spidering practices may change in the future, we find that Flash is not a very user-friendly experience in a lot of ways. It is wholly inaccessible to the sight-impaired, not renderable on many devices (such as phones, PDAs), and so on. In particular, we hugely frown upon navigation done exclusively in Flash."

I have seen many sites fall into the trap of using flash completely, some do have a HTML site too, most do not. Using flash for the site navigation not only means that Google may not like your website as much non-Flash sites, but it may also mean that Google is unable to find and index anything other than your homepage.

It also means that those using mobile phones, PDAs and screen readers will be unable to view your website, let alone navigate through it. This wasn't much of a concern in the past, but with most mobile phones been web enabled, you could be cutting out a large portion of visitors.

While things have improved regarding search engines, notably Google, since this email was sent, the fact remains that if two exact sites were made, one in flash, the other in CSS and HTML, the CSS and HTML site would be ranked higher.

Small businesses

This is an important point to consider, particularly for small and medium sized businesses. These businesses don't have the kind of income to spend on teams of SEO specialists to get the best rankings, unlike the big companies that they may be competing with.

SMBs are going to be paying quite a bit of money just to get decent rankings, so anything that could count against them should be avoided, and whilst non-Flash website may not look as attractive or as flashy; SMBs need to get the best possible rankings from their content.

The bigger picture

It is probably best to think of Flash like pictures, they may look great but you really wouldn't want a site made up entirely of pictures, unless you're comedian Jerry Sadowitz.

Apart from taking far longer than text to load, even if a picture contains text, it can't be read by the search engines. Jerry Sadowitz's site for instance has only these words associated with it: Jerry Sadowitz - Comedy, Magic and More, and only those words as they are the title to every page. The search engines don't see pictures, they only see text, so an all picture site such as that of Jerry Sadowitz is virtually blank.

Pictures should be used to complement the site content (text), not replace it. The same goes for Flash, it should have a place on a website but should be used sparingly and not as a replacement to a website.

It is possible to get a great looking site through CSS and HTML alone, and then of course any amount of pictures and Flash can be added to complement that.

Although it may change in the future, CSS and HTML is still the best way to tick all the relevant boxes when it comes to your website.

Labels: , , , , , ,

Tuesday, July 10, 2007

How to stop spam bots with FormMail and CSS

Most people who run their own websites have some kind of online form for getting information from a potential client or site visitor, unfortunately there is little to stop spammers or spam bots from using these forms too. Which means you'll receive an endless stream of information about cheap holidays, medication and porn sites, rather than the enquiries about your products and services that you hoped you'd get.

The more popular and better ranked your site is, the more of these spammers use your contact form, if you're lucky it could just be 20-30 a day, if not it will be upwards of 100 a day. One of the major causes for so much spam coming through your online form, is the form itself. Most people use a ready made form, and why not? Why pay someone else, or spend the time writing thousands of lines of code for a script youself, when you can download one for free? Not to mention that custom written scripts, particularly those that will be the target of countless spammers, have to be very secure. With the free scripts available on line you are assured that thousands, if not millions of people are testing that script and any holes are quickly discovered.

FormMail

The most popular on line form script is FormMail from Matt's Script Archive. Many web hosts offer this free with their hosting packages, some web designers offer this too and it is available to download in countless locations. The reason for the huge popularity (the site has a PageRank of 7/10) of this script is that it is free, it has been around since 1995 so almost everyone in the industry has heard of it, and it is very simple to use, even for those with little or no knowledge of HTML or Perl.

What isn't generally known is that the script was written by Matt when he was about 16 and still a high school student studying Perl (the programming language that the script is written in), so unfortunately the script was (and still is) full of holes. In fact even though it is still one of the most widely used form to email scripts the general consensus within the webmaster community is 'Don't Use It!'

A better and easier to use script was made by the nms project. This is generally regarded as a far more secure script by the webmaster community but works in a similar way, so no need to change all of your online forms. This is the script that is generally used by Horizon Web Development in their online forms but even though it is quite secure, it still isn't perfect, spammers can still get through by simply filling in your form or by creating an automated 'robot' or spam bot to do it for them.

This is very difficult to guard against as there is no real way for the form to be able to tell a spam bot from a real person, or is there?

The CSS trick

There is a trick to fool spam bots into filling the form out in a particular way so that they give themselves away, without annoying or asking for extra input from potential clients, as a word verification test would do.

It is actually amazingly simple, just add an extra text field and name it something that a spam bot would mostly likely be programmed to fill in automatically, such as 'Surname' or 'First Name' or some other variation of it that you haven't used in your real form and assign it to the class 'Surname'. Then in your Stylesheet simply add the following bit of code:



Surname {

visibility: hidden;

}

The 'Surname' field will then be hidden from legitimate users, so they can't accidentally fill it in, but not from spam bots who will see it as merely another field to fill in on your form and mostly likely just another space to insert countless porn links.

So simple and yet brilliant, except that that is as far as I managed to get. As I mentioned our web forms use nms FormMail, but unfortunately there aren't any Perl programmers in the Horizon Web Development Team. We tried and failed to guess at how to edit the FormMail script so that it would verify the 'Surname' field and automatically reject any forms that had that field filled in, our knowledge of HTML, CSS and PHP not really coming in handy.

Many, many hours were spent trawling the internet for a solution, but amazingly none of us were able to find one. Even though it is the most widely used FormMail script, there was no solution to be found for Matt's FormMail script either. It was as if the users of these scripts had never needed to verify fields in their forms.

NMS FormMail

Then I struck gold! This site:- http://codingforums.com/showthread.php?t=113863 in which 'rwedge' had revealed the answer. Again it was amazingly simple, using the nms FormMail script (and I advise anyone that is using Matt's Script to change to this one as it is far easier to set up and much more secure), add this piece of code into the user customisation section:



# USER CUSTOMISATION SECTION
# --------------------------
# Place any custom code here

use CGI;
sub spam {
my $q = new CGI;
my $spamcheck = $q->param('Surname') || '';
if ($spamcheck ne '') {
print "Location: http://www.farfaraway.com\n\n";
exit;
}
}
spam();


Then find the section below and comment it out by adding a # to the first line.


# use CGI;
use POSIX qw(locale_h strftime);
use CGI::NMS::Charset;

Surname of course being the name of the trick field that you want the spam bots to fill in and location where you want them to be directed after your FormMail script rejects them.

It was all so simple and yet amazingly effective. I felt that I had no choice but to write something about it so that anyone else searching for a solution won't have to devote hours and hours like we did to find the answer.

No more spam

Since adding that field to our forms and adding the above code to our script we've not had a single spam email via the contact form. If only all other spam could be dealt with so effectively.

Update: This article was written over a year ago and, as yet, still no spam via the contact form!



Labels: , , , ,