Web Site Validation

Over the last few days I’ve got this blog and my documents blog to conform to valid XHTML according to the W3C validation service [1].

One significant change that I made was to use lower-case for HTML tags. For about 15 years I’ve been using capitals for tags to make them stand out from content and my blogs are the latest in a long line of web sites with that. Naturally I wasn’t going to correct 900 posts manually so I ran a series of SQL commands such as the following on my database server (where X is the Wordpress table prefix):

update X_wp_posts set post_content = replace(post_content,'<PRE>','<pre>');

But make sure you have a good backup of your database before running SQL search and replace commands on your blog data.

After running such commands about 90% of my blog posts conformed, so I only needed to edit about 90 posts to correct things. This process gave some real benefits. One issue is that an apostrophe in a URL must be quoted, otherwise some browsers will link to the desired URL and some will link to a truncated URL. Fixing a couple of variations of this problem resulted in some broken links being fixed. Another issue is that you can’t have paragraphs (<p> tags) within list items, fixing this made some of my posts align correctly – it was a tricky fix, in some cases I had to use <br/> to break up text in a list item and sometimes I replaced lists with different sections delimited by <h3> headings (which apparently is rumored to give better SEO).

It would make a really nice Wordpress feature to be able to do W3C validation as part of the publishing process, ideally an attempt to publish or schedule a post would result in a message saying “saved as a draft because it’s not valid XHTML” if the checks failed. The source to the W3C validation software is significantly larger than Wordpress [2], but it seems to me that there are two main types of Wordpress installations, small ones for personal use (which tend to be on fairly idle servers) and big ones that have so much traffic that the resource usage of validation would be nothing compared to the ongoing load.

As there seems to be no way of validating my posts before publication my best option is the W3C button I now have on my blog. This allows me to validate the page at a click so while I can’t entirely avoid the risk of publishing a post with invalid XHTML I can at least fix it rapidly enough that hardly anyone will notice.

It also seems like a useful feature to have aggregators like Venus [3] check for valid HTML and not display posts unless they are valid. It’s not a feature that could be enabled immediately (I’m sure that if you click on this link to the W3C validation service [1] from a Planet feed you will see lots of errors and warnings), but once bloggers have time to fix their installation it would allow preventing some of the common annoyances of Planet installations. It’s not uncommon on popular Planets to have unmatched tags in a post which results in significant amounts of the content being bold, underlined, in italics, or for the greatest annoyance struck-out. I know that this may be a controversial suggestion, but please consider why you are blogging – if you are blogging for the benefit of your readers (which seems to be the case for everyone other than sploggers) then it seems that the readers will benefit more by not having a broken post syndicated than they would benefit from having it syndicated and thus messing up the display of many following posts.

The next thing on my todo list in this regard is to do some tests of accessibility. The work that I have done to pass the XHTML validation tests has helped to some degree – if nothing else the images now all have alt= descriptions, but I expect that it will be a lot of work. The Wordpress Codex has a page about accessibility, I haven’t read all of it yet [4].

Does anyone have any recommendations for free automated systems that check web sites for accessibility? What would be ideal is a service that allows different levels of warnings, so instead of trying to fix all problems at once I could start by quickly fixing the most serious problems on the most popular posts and finish the job at some later date.

• [1] http://validator.w3.org/
• [2] http://validator.w3.org/source/
• [3] http://intertwingly.net/code/venus/
• [4] http://codex.wordpress.org/Accessibility

Syndicated 2010-02-09 11:13:07 from etbe - Russell Coker

Security and Hiring

The main sources of information used when hiring someone are their CV, the interview, and references. <h3>CV</h3>

The CV is written by the applicant or sometimes for the applicant. Naturally it says only good things, if a CV notes no skill in a particular area then it may be used to exclude an employee from consideration. But the trend is towards including a reference to anything that you touch, so someone who lists DBA experience may merely have done a couple of CREATE TABLE operations. <h3>Interview</h3>

The interview is a good test of people skills but is often of little value in assessing technical skills. The interviewer asks questions such as “do you know technology X” and the applicant says “I know that really well“. If the company is hiring another person with similar skills to current employees then they can have their current employees sit in on the interview and ask difficult technical questions, but for unknown reasons managers often don’t take that option and get no advice from their technical people. Also if the company is hiring someone with specialised skills (EG they are about to implement a new application and want to hire their first employee to work on it) then it may be impossible for them to assess the technical merit of answers. Probably the best use of the interview is to match answers with the CV, if the applicant doesn’t appear to know the contents of their own CV then they should be rejected.

The biggest problem with interviews is when the questions are all of the form “do you know X“. Someone who really knows it will say “yes” as will someone who doesn’t know enough to realise the limits of their knowledge – and such ignorant people vastly outnumber the skillful people. The real problem is that the people who are moderately skillful will lose out. If someone asks me about my MySQL skills I will tell them that I’m not really good at it. Sure I’ve run replicated servers with tens of thousands of users running 24*7, but that doesn’t mean I’m really good at it – probably most people who will claim to be great at MySQL without qualification would have less experience than me. <h3>References</h3>

Reference checks rely on an unknown person saying good things about the applicant. For starters there is the issue of the number of references which may not be representative of their employment history – EG the applicant could use as a reference the one manager who didn’t sack them.

The next issue is that there is little incentive for the referee to be honest, most people are aware of instances where someone once worked for a friend and can rely on good references for the rest of their career. If a reference is inaccurate then there is no realistic opportunity for redress.

Finally every reference check that I am aware of (checks where I have been the referee or the applicant) has involved the applicant giving the phone number of the referee to the hiring manager! The phone could be owned by a friend or relative of the applicant, so logically a good reference that is based on trusting the applicant to supply the phone number only proves that the applicant is either good or really bad. To make a reference check prove something the recruiter would at a minimum have to phone the number listed in the white-pages for the corporation that used to employ the applicant, asks to speak to the manager of the relevant department, and then gets a reference. Calling a mobile phone number that is supplied by the applicant (which seems to be the standard practice) is essentially trusting the applicant – and trust is the root cause of most security problems!

Really most of this ends up as trusting the applicant to provide honest evidence that they are trustworthy and believing that the applicant’s technical knowledge is good enough to be correct when they say that their technical knowledge is good. It can fail spectacularly when someone isn’t trustworthy enough to provide honest evidence of their integrity or when someone doesn’t have the skills needed to know that their skills are lacking.

As an aside, even if the reference is given accurately and in good faith it may still be misinterpreted. The fact that telephone references are exclusively relied on exacerbates this problem. Ideally references would be in writing with some way of proving their authenticity (maybe using phone verification of the accuracy of the written document). <h3>Solutions</h3>

So how can we solve this? Some people believe that career based social networking software will solve the problems, but as usual I think that software doesn’t magically solve human problems. The first challenge when trying to use social networking to solve the problem is to find someone on your friends list who has relevant knowledge, this may be viable in a small industry (EG when someone from bank A applies for work as bank B in the same city). The next issue is that of false “friends“. I’m sure that I’m not the only person who has been pressured to add people as friends on social networking sites, the non-computer social interactions really don’t prepare people for saying “no you are not my friend” (apart from high-school I guess). With professional social networking sites there are further issues, if you are working on a client site and a manager demands that they be listed as one of your friends then what are you going to do?

So it seems to me that the social networking sites are at best a helper for the gossip network. If you think that a friend of a friend from a social networking site might be able to help you then you first ask your friend if the person in question is really a friend, and if so are they one of the shifty pseudo-friends you only hang out with because their company pays good money. But the problem with the gossip network is that it’s mostly secret and is therefore subject to settling vendettas, I’ve heard of senior managers going out of their way to spread false stories about former employees to settle scores.

The best solution I can think of is for someone who has a reputation to publicly stake it on the accuracy of their references. If I’m going to give a reference then I would be happy to do so via a GPG signed email or a blog post. This doesn’t mean that my references will always be correct, but it would show that I try to give good references.

Syndicated 2010-02-08 00:08:51 from etbe - Russell Coker

Michael Atkinson Lies

The South Australian government wanted to force bloggers to disclose their name and post-code when commenting on an election [1]. According to Adelaide Now this included posts on Twitter and Facebook [2].

As expected there was a strong public reaction to this and Michael Atkinson (state Attorney General) stated that the law was not going to be enforced and that it would be retrospectively repealed after the election [3]. Which might have been the end of the issue, but he also said “All MPs and all parties voted for Electoral law. Hope Libs, Greens, Family First, Independents etc will join us to support repeal” which seems to be a clear claim that the Greens supported that legislation.

The Greens are pretty good about freedom of speech issues so I immediately enquired as to what was going on. The following is from a Greens media brief issued yesterday by the office of Mark Parnell MLC (the Greens MLC in SA) which was issued before the new law was retracted:

Attorney General Michael Atkinson must urgently clarify the scope of new electoral laws covering public comment on the internet, in the wake of concerns that the impact will be much wider than expected.

“With only weeks to go before the election kicks off, there is an urgent need for the Attorney General to explain exactly what his laws are
intended to capture,” said Greens MLC Mark Parnell.

“When this was debated in Parliament last year, we were told that the law change would only affect ‘electronic versions of a journal’. Now there is
concern that the laws could extend further, restricting public commentary on media sites like AdelaideNow and ABC Online,” he said.

When the Bill was debated in the Lower House, Michael Atkinson originally wanted to include ALL material on the web. However, the Government
backed down on this by the time it got to the Upper House, with Minister Holloway saying:
“The intention is to limit the coverage of section 116 as it applies to the internet to electronic versions of a journal rather than any electronic publication on the internet.”

A ‘journal’ was narrowly defined as ‘a newspaper, magazine or other periodical’.

Now I don’t have a great objection to a law that demands that journalists identify themselves when commenting on an election, and I think that most people would not care about that. It seems that Michael Atkinson is repeatedly changing his claims to try and match popular sentiment.

He has got form for this sort of thing, his past “achievements” include censoring the censorship debate about an R18+ rating for computer games [4].

• [1] http://etbe.coker.com.au/2010/02/02/precision-vs-accuracy-in-identifying-people/
• [2] http://www.adelaidenow.com.au/news/in-depth/labor-gags-internet-debate/story-fn2sdwup-1225825708827
• [3] http://www.adelaidenow.com.au/victory-atkinson-loosens-gag/story-e6frea6u-1225826104175
• [4] http://blogs.theage.com.au/screenplay/archives//010915.html

Syndicated 2010-02-03 02:28:22 from etbe - Russell Coker

Michael Atkinson Lies

The South Australian government wanted to force bloggers to disclose their name and post-code when commenting on an election [1]. According to Adelaide Now this included posts on Twitter and Facebook [2].

As expected there was a strong public reaction to this and Michael Atkinson (state Attorney General) stated that the law was not going to be enforced and that it would be retrospectively repealed after the election [3]. Which might have been the end of the issue, but he also said “All MPs and all parties voted for Electoral law. Hope Libs, Greens, Family First, Independents etc will join us to support repeal” which seems to be a clear claim that the Greens supported that legislation.

The Greens are pretty good about freedom of speech issues so I immediately enquired as to what was going on. The following is from a Greens media brief issued yesterday by the office of Mark Parnell MLC (the Greens MLC in SA) which was issued before the new law was retracted:

Attorney General Michael Atkinson must urgently clarify the scope of new electoral laws covering public comment on the internet, in the wake of concerns that the impact will be much wider than expected.

“With only weeks to go before the election kicks off, there is an urgent need for the Attorney General to explain exactly what his laws are
intended to capture,” said Greens MLC Mark Parnell.

“When this was debated in Parliament last year, we were told that the law change would only affect ‘electronic versions of a journal’. Now there is
concern that the laws could extend further, restricting public commentary on media sites like AdelaideNow and ABC Online,” he said.

When the Bill was debated in the Lower House, Michael Atkinson originally wanted to include ALL material on the web. However, the Government
backed down on this by the time it got to the Upper House, with Minister Holloway saying:
“The intention is to limit the coverage of section 116 as it applies to the internet to electronic versions of a journal rather than any electronic publication on the internet.”

A ‘journal’ was narrowly defined as ‘a newspaper, magazine or other periodical’.

Now I don’t have a great objection to a law that demands that journalists identify themselves when commenting on an election, and I think that most people would not care about that. It seems that Michael Atkinson is repeatedly changing his claims to try and match popular sentiment.

He has got form for this sort of thing, his past “achievements” include censoring the censorship debate about an R18+ rating for computer games [4].

• [1] http://etbe.coker.com.au/2010/02/02/precision-vs-accuracy-in-identifying-people/
• [2] http://www.adelaidenow.com.au/news/in-depth/labor-gags-internet-debate/story-fn2sdwup-1225825708827
• [3] http://www.adelaidenow.com.au/victory-atkinson-loosens-gag/story-e6frea6u-1225826104175
• [4] http://blogs.theage.com.au/screenplay/archives//010915.html

Syndicated 2010-02-03 02:27:22 from etbe - Russell Coker

3G Broadband for Home Use

I have just installed an old Three mobile phone with 3G broadband for my parents home network access for the reasons described in my cheap net access in Australia post [1].

The first problem I had was that the pre-paid Three SIM just wouldn’t work at all. I ended up phoning the Three support line and had a guy guess at which version of Windows I was running, after guessing every version of Windows from the last 10 years and Mac OS/X he finally asked what OS I use and then told me that Linux isn’t supported. I said “I HAVE TWO SIMS FROM THREE, ONE WORKS AND THE OTHER DOESN’T, IT’S ON THE SAME PC WITH THE SAME 3G ACCESS DEVICE, THE PROBLEM IS WITH THE SIM OR THE SERVER NOT MY OS“. When the support guy discovered that one sim was pre-paid he said that there is a configuration difference, instead of an APN of “3netaccess” for post-paid (contract) you have to use “3services” for pre-paid.

There are a bunch of web pages describing how to get Three 3G broadband working on Linux in Australia, some say to use 3netaccess and some say 3services. None of the pages I read stated correctly that 3netaccess is for when you are on a contract and 3services is for pre-paid. I’ve submitted a suggestion for the Ross Barkman’s GPRS Info Page (which seems to be the best reference for such things) [2].

After getting the pre-paid 3G SIM working for net access from the Huawei E1553 USB 3G modem I was unable to get it working from my LG U890 mobile phone. I never figured out how to solve this problem, I left my parents with the SIM that is connected to my $15 per month contract plan for 3G net access and am now using the pre-paid SIM for my own use. Of course this means that as I’m using a SIM registered to my mother and she’s using one registered to me I’ll surely have some problems getting the support center to help me with problems in future.

I found that the 3G net access got better reception when the phone was higher than the computer, so I used a USB extension cable to allow it to be placed on a shelf above the computer. The extension cable also allows it to be easily unplugged and plugged in again – I’ve already seen one situation where Linux got confused about the state of the USB device and replugging it was necessary to solve the problem. I was using Debian/Lenny.

Here is my chatscript for connecting to Three with my 3G modem on a pre-paid SIM – which also allows roaming to Telstra (I haven’t tested whether pre-paid allows roaming, I’ve only tested Telstra roaming with a contract SIM):

ABORT 'BUSY'
ABORT 'NO CARRIER'
ABORT 'ERROR'
'' AT
OK ATQ0V1E1S0=0&C1&D2+FCLASS=0
OK 'AT+COPS=0,0,"3TELSTRA",2'
OK AT+CGATT=1
#OK AT+CGDCONT=1,"IP","3netaccess"
OK AT+CGDCONT=1,"IP","3services"
OK ATDT*99**3#

Here is the ppp configuration for connecting via the USB 3G modem. For use as a permanent connection you want to also include persist and “maxfail 0“:
/dev/ttyUSB0
230400
noauth
defaultroute
logfile /var/log/ppp.log
connect "/usr/sbin/chat -v -f /etc/chatscripts/three"

For connecting with an LG U890 mobile phone you need to use “ATDT*99***1#” as the dial command and the device is /dev/ttyACM0 .

• [1] http://etbe.coker.com.au/2010/01/15/cheap-net-access-australia/
• [2] http://www.taniwha.org.uk/gprs.html

Syndicated 2010-02-02 22:43:28 from etbe - Russell Coker