--- Original Message ----- From: "Rich Kulawiec" <rsk@xxxxxxx> Sent: Saturday, January 13, 2018 1:51 PM > On Fri, Jan 12, 2018 at 03:31:54PM +0100, Martin Rex wrote: > > About the silly background monster photo -- could you *AT*LEAST* > > use a picture name that is going to be eternally constant [...] > > A better course of action would be to remove it entirely. It serves > no functional purpose. We all know what a meeting room full of > people looks like and do not require a photo to remind us. Agreed; it makes us look like social media. On the other hand, I always thought that what I was assisting was the development of standards, that the IETF was a Standards Development Organisation; I find it strange that there is no mention of doing this. Yes I know that there is verbiage about making the Internet work better but that always seem like management speak, designed to create a warm and fuzzy feeling as opposed to providing something concrete. If someone lands there with no prior knowledge, they will probably expect us to speeding up the rendering of their web pages - after all, to most people, the web and Internet/internet are indistinguishable Tom Petch > As long as I'm writing, let me note that one of the baseline > requirements for a web site like this [1] is that it should pass HTML > validation. There are 10 errors and 67 warnings on the main page alone. > (Of course that number will vary a bit based on which validator is used. > Useful resources include "tidy", the W3C's validator > at https://validator.w3.org/ the "WAVE" accessibility tool at > http://wave.webaim.org/, and the WDG (Web Design Group)'s validator > at http://www.htmlhelp.com/tools/validator/ -- among others.) > > Validating HTML is one of the best ways to minimize the problems with > different browsers on different operating systems on different platforms. > It's not a panacea of course, but it's part of core competency > for even minimally professional web designers. I don't necessarily > expect that from people who dabble or volunteer, but I certainly do > expect it from anyone who's getting paid to do this kind of work: > every page should validate cleanly or darn close. (Yes, I know > that there are edge cases/nebulous standards, and I have no problem > giving everyone a pass on those.) > > There's also Javascript from third parties, which raises security > issues because it means that the security/integrity of this site is > dependent on the security/integrity of another site that's not under > the IETF's control. It would be best to kill Javascript entirely, > given that it's the vector for a myriad of attacks and therefore that > it's become a best practice to disable it in browsers. If there's a > need for it, and it's not clear that there is, then it should be > deployed on a strictly limited basis and any functionality requiring > it should explicitly say so on the page(s) which do so that visitors > are alerted to that requirement. > > I still think the right course of action is to abandon this entirely > and revert to the old site, regroup, learn the appropriate lessons, > and try again. > > ---rsk > > [1] That is: one with a global audience. One which needs to prioritize > function over everything else. One which needs to be minimized (in terms > of bytes) for efficiency and usefulness. One which needs to work in > any web browser AND in any HTML-cognizant utility (e.g., wget, curl). > One which needs to be readily indexable by search engine spiders. > And so on. This is not a web site promoting a product or showcasing > an artist or anything like that; this is a web site which provides > important information to the entire world, not all of which enjoys > the luxuries of cheap high-speed connections, high-powered computing devices, > perfect (or any) vision, etc. Every byte must justify its presence. >