The glib attitude that many web developers have to online security is worrying. In a discussion about the merits of using SSL on e-commerce sites, one designer said it wasn't worth it if payments are processed by a third-party using a secure certificate (such as WorldPay), and that
At best any potential hacker would get a list of names and addresses - big deal, I've got a whole book of them downstairs - it's called a telephone directory.
Difference is that a telephone directory lists those who have explicitly chosen to make their contact details, including name, address, and telephone number, freely available to the public (or at the very least, have chosen not to 'opt-out' of inclusion).
Customer databases are completely different. They include personal details including those which may not otherwise be publically available such as email addresses, mobile telephone numbers, delivery addresses (work addresses are often used for delivery), spending habits, and much more.
As a customer I expect companies I buy from to be good custodians of my personal data - i.e. limit access to it, store it only for as long as is needed and only use it for the purposes I sanction them for.
It is not acceptable to have such a glib attitude as to think hackers won't bother as they may as well just harvest yell.com or a telephone directory, either from the point of view of a customer or from a commercial point of view - customer lists are worth thousands, sometimes hundreds of thousands of pounds, an asset worth protecting.
A secure site is likely to instill confidence in a web site, especially when e-commerce transactions are taking place.
Of course there are risks involved with any CC transaction such as over the phone or handing your card to a waiter whilst he takes it away. However, online fraud (both ID and monetary) is an increasingly well-documented problem. Just because other channels have issues it shouldn't mean a store owner - assisted by the web professionals he hires - can neglect the some of the more preventable ways of data theft.
During a discussion on web standards, I cited an article on Mike Davidson's blog. Someone disagreeing with the points I raised retorted with:
You can't really refer to a 4 year old article on this.
Ha! What does the age of an article have to do with things? Are books written by Zeldman and Meyer irrelevant after a couple of years? Does all good practice change after a few years? Of course not - marquee and blink tags were a bad idea even back when popular, and anyone with a modicum of understanding about the web knew that. Table layouts and font tags were a good idea in the abscence of the more structured CSS model, and are only now bad practice because there is something far superior to replace them.
So the specific details of web design can evolve with time, as can design philosophies. However, it does not mean that every thought a designer (or anyone else, for that matter) had pre-2004 is invalid. To suggest otherwise is, quite frankly, idiotic and ignores the knowledge and wisdom gained through sticking with and evolving a craft over time.
Mike's post still raises some very valid points. By all means disagree with him (and me!) and put up a reasoned counter argument, but simply dismissing the views out of hand because of the age of a blog post is closed minded and will limit your understanding of the subject.
Review of http://life.eop.org.uk/
I wouldn't expect a web site aimed at giving people a platform to vent their feelings (presumably especially if depressed, given the helpful links section) to look into the dark abyss of space. I wouldn't expect sunshine and bunnies either but it's a bit, well, depressing.
You've explained the advantages of being a contributor. However, there is no mechanism to become a contributor - no register link, no contact page. That's a pretty fundamental mistake if you want people to contribute.
The 'Latest Articles' list is redundant as the very same posts are on the front page. All it does is take up screen space and push down the content you want people to read. Is the 'Contributors' list so important that it is right above the rest of the content?
Are you really so confident that visitors will read right to the bottom of the page - past the far-too-tall top navigation, six blog entries and the 'Thought Vault' - and then click the mouse just to find out what the site is about? If the site is going to be different from the average self indulgent ramblings that blogs tend to be, you're going to have to explain what it's about sooner, otherwise visitors won't read on.
Don't get me wrong - you've styled it all nicely enough. However, I think the whole architecture of the site needs a complete overhaul and you've given it an inappropriate style.
I'm sold on the idea of web standards. The continual tirade of rhetoric coming from standards evangelists doesn't help with the business case, though.
Do web sites which don't validate make less money, or inherently make them less usable or accessible? Not necessarily. A few examples:
These are some of the biggest web sites in the world, and are all worth millions, if not billions (with the exception of .net, of course). At some point they've taken a pragmatic look and decided that it was worth sacrificing the holy grail of fully validating code for something else - better support across browsers (CSS is unfortunatly flaky in many browsers, adding a development and testing overhead), ease of maintenance, integration with existing systems and so on.
The assumption that none-validating code is automatically "bad" is as short-sighted as the assumption that standards don't matter at all. As with most things, there's a middle ground and a good web professional will use discretion.
More Reading...
