(I don't believe in) Web Standards (no more... but I wish I still had faith!)

"Web Standards"... that definitely sounds cooler than it really is...

At first we had HTML and Mosaic... Then came Netscape and Microsoft with their proprietary extensions... and so came the need for standards. We got several versions of standardized HTML, but still varying implementations (IMG align anyone?).

Then came some "really really" standard method to iron out rendering differences: Cascading Style Sheets! Well... another failed attempt: people tweak them even more than standard HTML and the rendering differences get even worse. So now, we have a collection of dirty tricks to apply different CSS to different browsers.

Okay, forget that; we have an even newer standard now: XSL. You just send pure and clean XML to the browser. Then you let the browser reformat it with an XSLT template. PLEASE! XSLT implementation differences are just as problematic as with CSS... and finally no more than with plain HTML! And regarding IE, it's definitely too slow to be really useful! >:XX

So today, I really wonder why we go through all this pain... Sending different presentations in plain HTML (okay, let's say XHTML+CSS for bandwidth and maintainability optimization) was faster than desperately trying to find the "compatibility spot" in a single "standard compliant version"! :|

Not to mention there are still old browsers that do not support a lot of standards out there... and there are more and more alternative browsers (on either desktops, appliances or mobile devices...) that all support standards in their very own way! :(

What can we do? I mean pragmatically! Apart from condemning everyone that doesn't comply 100% to the standards (just a few millions anyway...).

I think we need to remember those "best practices" we had a few years ago and get back to something like this:

  1. Identify most common targets (browsers/devices) and provide them with a specific+optimized presentation (CSS/Flash/whatever). The more targets you can handle with compatible web standards, the better. But don't forget to test all those targets! You'll undoubtly encounter nasty surprises on some of them... Note: contrary to popular belief, most common targets and their "market share" largely depend on your audience!
  2. Provide at least one "safe" presentation. One that is guaranteed to be readable by almost anyone. Alternatives would be good here: maybe one text only (HTML 2.0) and one with basic CSS and images that makes it just a little more attractive (but still avoiding any CSS/Flash showing off!)
  3. Provide a manual switch between version for the times when the user uses a browser that can do more or less than we had expected. (It would be wise to always bet on less, but you'll inevitably make false assumptions at some point.)

Okay, so what's new here? Those of you running corporate sites might think they already do that. You may want to check again: are you sure you didn't stop at step 1? :?:

Now, for personal sites... I completely realize that providing multiple versions will sound like crazy to many of you. How can I expect you to update content concurrently in several files? Well... I don't! Any hosting provider nowadays will let you use dynamic page generation (one content, several presentations). I'll get back to this topic later...

File sync

Just got myself a new laptop. I had managed to live without for a couple of years but lately, I've been moving accross country too often and for long enough periods that I can't stand the ~`webdesktop'~ solution no longer. My PalmV doesn't quite cut it either... :-/


So here I am, learning to cope with duplicate filesystems again... trying to find the best ways to synchronize all kinds of things between my laptop and desktop. Email, documents, mp3 collection...


Synchronizing can be a pain in the ass, that's for sure, but on the other hand, it also serves as a pretty efficient backup strategy.


Actually, the only new challenge since my previous laptop is my 15 GB mp3 collection. (It took me weeks to rip all my CDs and tag the files... and I actually gave up halfway :P) I am of course not backing these up on CDs... (I already have the original CDs). But I surely wouldn't want to loose the rips and have to go through the whole process again! U-(


I pulled a few utilities from download.com and so far the best one I installed seems to be "Advanced Directory Comparison and Synchronization". First advantage: it is *not* written in VB. Second: it does not rely on the windows shell to copy the files... and thus it doesn't pathetically hang after a few minutes of copying thousands of files...


It did a relatively fast analysis of differences between the "music" directory structures of the laptop and the desktop, found the already matching files (copied by previous tests) and is now proceeding with the sync. There is a real progress indicator (current file and overall).

Sync in progress...

This is all running over WiFi (that's another story :-/) and the best thing is that if I break the connection (which always happens sometimes when a sync lasts for hours), the software asks me to retry, skip, skip all etc... The nice thing is: "retry" actually works! ;)


Maybe the interface is a little bit complicated, but I guess I'll learn to appreciate it when I start to add and remove mp3s on both sides before I sync again!


However, if you guys know of an absolute kick-ass tool for that kind of sync, I'll sure want to give it a try! :D

Sendo X unveiled

Sendo X

Sendo has unveiled more of its Sendo X in a press conference today. Let's tell it as it is: that smartphone totally rocks! It's even better than what we could expect from previous announcements.

Of course, in this industry, product cycles are very short, so it's only going to be a matter of months before someone (Nokia?) comes out with something better (I mean a better smartphone, not an experimental device like the 7700! :>>).

The Sendo X should be priced around 500 € (unsubsidized) and actually includes pretty much everything you could wish from a smarphone: compact, true phone form factor, normal keyboard, color display (176*220*16), integrated camera with flash, recording and playback of video (15 fps), sound, music, support of standard formats (mp3, mpeg...)

And of course, it runs on Symbian + Series 60 with Java/MIDP support.

One thing I was pretty unsure of until now, was if it was possible to connect a stereo headset for mp3 playback as an alternative to the built in accoustic system. Not only is it possible, but the headset is provided in the box! B)

The other good news is that the device supports SD cards up to a 1GB capacity and beyond. That's exactly what you need to store the mp3s you want to listen to and all those sound/video recordings you're going to make. Even better: the SD cards are hot swappable! B)

Actually, the only drawback I could find so far is the lack of support for SD/IO.

Also, I had written before that many pocket devices were going to converge soon and this time has definitely arrived (it only lacks an emebedded GPS! :> ) However, I stated that we'd still want PDAs with larger screens and a pen interface to take notes.

Well... the fact is you don't need to take notes no more! Just record or picture the info! You'll process it later anyway. ;) Moreover, when you really need to enter text (for email for example) you can always use T9. (That is for western countries with limited alphabets... :>>) However, for massive emailing, you'll probably want to get the external keyboard accessory. Plus, stylus technologies aren't so reliable anyway!

I am glad I managed to wait that long to replace my aging PDA and phone, because the SendoX is definitely going to replace them both at the same time, with increased efficiency on all my previous plans! ;D

Can't wait! Gotta check availability in France. :)

Interop suite: wireless security

Corollaire du tout wireless évoqué avant hier, la securité des communications wireless est l'autre grand sujet de société (du moins dans le hangar n°2 du parc des expos de la pte de Versailles :P)


Disons le tout net: tout le monde s'accorde à dire qu'à ce jour, la seule solution est de fonctionner en VPN pour tous les terminaux Wi-Fi, même si celà est totalement surdimensionné. 8| Pas vraiment d'évolution sur ce point depuis l'année dernière donc...


A l'opposé de ce discours, l'idée la plus originale est celle avancée par Nicolas Pioch (AOL/CNAM) qui regrette qu'on se focalise autant sur le sans-fil radio alors que la technologie infrarouge a cet avantage intrinsèque de ne pas traverser les murs! Un moyen élégant de s'affranchir de la problématique du war driving... ;)


Maintenant, de manière pragmatique, le problème n°1 ce n'est pas la faiblesse du cryptage WEP/WiFi mais plutôt le fait que la plupart des produits réseaux sont aujourd'hui livrés avec toutes les options de sécurité désactivées par défaut. Ceci est vrai non seulement pour les matériels réseau mais aussi pour Windows... Microsoft a promis (une fois de plus :>> ) de faire des efforts...


Finalement, on peut noter que IPv6 est toujours aussi techniquement au point mais toujours aussi peu adopté en entreprise. Pourtant une meilleure sécurité intégrée fait partie des bénéfices apportés par IPv6.


En réalité, le problème n°1 c'est plutôt les utilisateurs, la plupart desquels ne se préoccuppant de sécurité qu'une fois qu'ils ont subit des dommages...

Industrialisation du web: un exemple

Pour bien fixer les esprits, je vais prendre un exemple proche de nos préoccupations quotidiennes de bloggeurs ;D : la vérification des referers.

Si vous enregistrez le referrer de chaque requête dans le but de l'afficher dans vos stats publiques, vous vous êtes sans nul doute déjà confronté au besoin de vérifier que le référant pointe bien vers votre site avant de le valider, ceci afin d'éviter le "referer spam". Il en est de même pour le comment spam.

Pour ce faire, vous devez déclencher une "contre requête" HTTP afin de récupérer et analyser la page référente. Cette opération est longue et ralentit d'autant le traitement de la requête d'affichage de votre page.

Certes, vous placerez judicieusement cette requête à la fin de votre page et déclencherez l'envoi de la page vers le client avant de commencer l'opération de vérification. Mais la connexion HTTP reste ouverte et le browser client indique qu'il continue de charger. A la limite, un utilisateur lambda pourra ne pas s'en rendre compte. En revanche, un robot d'indexation aura vite fait de classer votre site dans la catégorie des mammouths lents à la détente et donc à ne pas indexer trop fréquemment.

La chose se complique encore dans le cas d'un traitement plus évolué tel que l'enregistrement d'un nouvel article. Non seulement vous allez le stocker dans la base de données locale mais vous allez déclencher toute une série d'opérations en "cascade". Exemples:

  • Génération de pages statiques
  • Trackbakcs
  • Pingbacks
  • Pings de mise à jour d'annuaires
  • Envoi de mails aux abonnés
  • Syndication en mode PUSH

(Liste non exhaustive... :>>)

Avec une plateforme web basique (type PHP, ASP, etc...) vous laissez mouliner et vous partez boire un café (si vous êtes moins feignant, vous ouvrez une autre fenêtre). Bien évidemment, vous pouvez bidouiller. Qui a dit "pop-under"? Mais ce genre de solutions où l'on compte sur les capacités de scripting du client pour assurer la cohérence des traitements sur le serveur est vraiment tout sauf recommandable. >:XX Tout celà reste acceptable dans le cadre d'un site web perso (et à budget limité), pas dans un contexte professionnel, ni avec un minimum d'ambition.

Une plateforme telle que J2EE (à ne pas confondre avec un simple script Java) ou .NET (à ne pas confondre avec un simple script ASP) permet de traiter ce type de problème de manière tout à fait élégante.

Pour faire simple et parce que ce post commence à être long, tous les traitements énoncés ci-dessus vont être passés à une (ou plusieurs) file de messages. Cette "message queue" fera exécuter les traitements annexes et non "urgents dans la seconde afin de répondre à la reuqête" par un composant dédié à cette tâche et travaillant de manière asynchrone.

Un autre exemple est le déclenchement sans intervention de l'utilisateur de tâches telles que l'envoi d'emails de résumés quotidiens, la réindexation périodique ou encore la génération de snapshots statiques à intervalles réguliers.

Alors évidemment, les message queues et les traitements asynchrones peuvent parfaitement cohabiter à côté de technologies que j'ai qualifiées de "basiques" telles que PHP. Mais on est déjà là en train de construire une plateforme plus évoluée qui n'a plus rien à voir avec ce que l'on trouve chez un hébergeur low-cost par exemple. C'est le début d'une grosse machinerie... et on aura vite fait de préférer une machinerie standardisée, documentée et maitrisée par un certain nombre de personnes (J2EE, .NET) plutôt qu'une machinerie propriétaire, issue d'un individu isolé, aussi géniale soit-elle.