Blog: December 2008

CSS 3 and and the Wonderful Wide Web Just Over the Horizon

December 23, 2008

One of the amazing things that CSS (Cascading Style Sheets) has brought to the web is expanding functionality. Many programs and languages add more and more features as time goes on, but for years HTML offered the same clunky, inbred family of tags and tools to create Web pages. The release of CSS1 by the W3C changed this radically. Aided by the release of “version 5” Web browsers that made CSS functionality standard, this mark-up language has revolutionized design on the web.

CSS allows designers to create one master style document that governs a site, control that has so many implications that it’s hard to trace all of the benefits. Its largest impact over-all is to reduce the code weight and complexity of HTML pages, making the web a faster, friendlier place.

CSS 1, the first iteration of style sheets on the web, was released in December 1996. CSS 2 followed as a recommendation in May of 1998. Most modern browsers, however, follow the CSS 2.1 specifications. These were briefly recommended by the W3C in 2005, and permanently in July of 2007.

CSS 3 specifications have been under development by the W3C since 1998 and are going to offer a bevy of new features and abilities. I have picked out a few of my favorites:

  • Multiple Backgrounds: CSS 3 will allow for multiple background images to be applied to one element. This is a huge benefit for creating unique shapes like boxes with rounded corners, unique titles and pages with dynamic content. With one div you could build a rounded corner box that could extend in every direction. However, up next is:
  • Border-radius: That’s right, rounded corners using only CSS. Each corner could be controlled independently much like borders are handled now.
  • Speech: Your computer can talk. Using the Aural media type designers will be able to style speech, with control over volume, balance, pitch and speed. Website visitors that need aural user agents will now get the attention that they deserve. This could expand the user experience of the web for the hearing impaired, and create fresh uses for new technology like your cell phone.
  • The Box Shadow: That ancient nemesis of modernists everywhere, the drop-shadow, will be controlled directly through CSS. With three properties, vertical offset, horizontal offset and blur radius, as well as support for the aforementioned border radius, it’s going to be a great day to be a bad designer (You are not a bad designer, we all have to do things we know are wrong to survive). We will also get:
  • Text Shadow: This is a drop-shadow effect that can be applied directly to text. It will have the same three properties as box shadows.
  • Opacity: At last we will see through it all. I’m imagining a glowing translucent web-future, where each page looks like a magnificent multi-colored x-ray. Or imagine a site where you could see the other pages through the one you are on! A library where opacity is based on relevancy! Web blog posts that literally fade away with time. Coupled with the new alpha property for RGB and HSL colors, we can have a more beautiful web ahead.
  • Word Wrap: Using the value break-word, long words, URLs and other character strings will be broken into two lines instead of overflowing their div. Perhaps, just perhaps, this is the first step towards hyphenation on the web. The possibility of lovely deckled rags on the web keeps me awake like a kid at Christmas.
  • Web Fonts: The ability to call a TrueType or OpenType Font file from your server. This means in the future the web could have unique type faces for every site.

These are by no means all the features that CSS 3 will offer, just the cream of the crop for Western web developers. For clearer explanations you can take a look here, and for incomprehensible techno-speak check the W3C’s CSS 3 progress report.

Here’s the best part: a few of these properties are already implemented on current browsers! FireFox, Opera, Safari and Konqueror are the most likely candidates to sport these features, so follow-up on your favorites.

Posted by Matt Gardner at 10:07 AM | Comments (6)

Would You Eat This? Well, How About That?

December 8, 2008

image The question behind our latest client site is, “what would you eat?”

Wouldyoueatit.net is a food sharing community site based on the same concepts as HotorNot.com, but instead of rating photos of cute guys or girls, people are asked to rate the desirability of food pictures on a scale of 1 to 10. Four students enrolled in the Master’s Program at the University of Southern California came to us to help them with their final thesis project.  They were tasked with building a community site to engage food lovers around the world to share photos of meals or food items and to comment about their best or worst dining experiences.

The site runs on ExpressionEngine with plenty of modules installed, such as favoriting, rating, and tagging to make the site interesting and interactive. Users have the ability to “Mobilize Your Eats” because the site is also set up to receive photos via email—so you can snap a shot with your cell phone before you chow down.  (We also looked at doing direct SMS / MMS submission, but shelved that for lack of time before the initial launch.)

Design inspiration was taken from the look of classic diners, and the site background features a popular pattern called “skylark” often used on formica countertops in diners of the 50’s and 60’s.

Hop Studios doesn’t often get an actual grade on the Web sites it does, but I’m told we did extremely well this time, passing with honors. The next step will be to further build the community and upload a wider variety of food photos. We’d love to see how other people feel about duck feet…

Posted by Rachael Ashe at 9:41 AM | Comments (1)

Good Questions About Upgrading to EE 1.6.6

December 1, 2008

We’ve had a number of questions about the upgrade to EE 1.6.6, and I’d like to share our answers.

1) The EE site says “As always, if you do not skip any steps in our simple step by step update instructions, it should be a breeze and take just a few moments of your time.” So why do you charge for an hour’s update or more?

Well, many of our clients have asked us to build sites that are more complicated than the average EE install.  If you have a site with 110 custom fields and 50,000 articles and 180,000 comments, the update script itself can certainly take longer to run than average.

In addition, many of our clients have integrated third-party extensions or special customizations to the core code which need to be tested on the new version and take time to add to the install. We also often take the time to upgrade those extensions to their latest version as well. We also make a careful backup of your database and your original files before we do anything, which takes time to run.

So yes, once the updated files are in place and you’re all backed up, an actual “upgrade” of EE takes just a few clicks and a few minutes.  But that’s like saying that flying to Chicago takes just a few hours—if you include the planning and the packing and getting to the airport, your trip is actually a lot more time than just that.

2) Are you able to shed some light as to why EE feels like their customers should have to pay extra for a software upgrade to correct a small but serious security hole with their product? Generally when you purchase a program or piece of software, the provider doesn’t charge additional fees for upgrades to fix the existing product.

The truth is, most software companies actually do have end-of-life dates for upgrades to their products, after which they no longer offer updates to that branch. At that point, they require you to pay for a new version. So you get upgrades for a while, and then no longer.  That’s pretty standard.

When you buy EE, you get free upgrades for a year. If you still covered by that, you won’t pay any more for the new secure version. If it’s been more than a year, in the update you’re getting not just the security fix, but more than a year’s worth of new features and other fixes.  For this, you pay at most $40.  That’s pretty decent, I’d say.

Some of our clients choose not to upgrade.  Some choose to.  It’s up to you.

3) Can EE not subsidize you guys for the work needed to be done to bring their product up to code?

That’s a valid point (and we wouldn’t mind getting subsidized), but there’s two issues here.  First, you didn’t get installation for free from EE in the first place, so why should EE pay for installation of the fix? They provide you with a replacement product, but it’s your responsibility to implement it, just like it was when you bought it the first time.

Secondly, their product isn’t “below code”—there is no warranty or legal requirement for them to provide safe code.  Whether there should be—that’s a separate issue, and in the future the legal necessity of providing security patches may change.  But for now, there’s no specific laws about software security, liability and updates, other than general liability law (as far as I know—I’m not a lawyer).

4) I’m running EE v 1.6.4, and considering that my site is barely up for a month I’m not thrilled to hear both about a major security issue AND an upgrade, installation for which I am expected to pay. This is exactly NOT what I wanted for our site. I wanted to contract you guys to get it built and running, I do not want to hear I’ll be expected to pay hundreds of dollars every couple of months just to keep my site going.

We understand your position.  The fact that there’s a security issue now—not major, but notable—just after your site launched, is simply a tragic co-incidence of timing.  It’s been about three years since the last EE security incident.  For comparison, many other Web tools have one every month or two.  I’m sorry it had to happen the month after your site launched, and not the month before, in which case, you’d (statistically) have three years of security-trouble-free living.

However, we never ever would have said you buy EE once and that’s that—any more than I’d tell you that you could buy a house and that’s that.  All complex things require maintenance.

We would have said that, when you pick EE, you do get free upgrades for a year, and you wouldn’t ever have to pay again after the initial license unless there was a new feature that you wanted, or if there was a security hole that needed fixing, and only then if you wanted to close that security hole.  In other words, once purchased, EE never stops running, and you can always keep using the same version you have, if that’s your choice.

As we said above, if you choose not to do it, your site will still keep running.  Some people ride bikes without a helmet—this is more like that.

5) What is the risk factor involved with this small but serious security hole? i.e. worst case scenario, could we lose the website altogether? Would a backup of the Web site suffice to protect us?

EE has not released the specifics of the security hole, so I can’t specifically answer that.  What I will say, is that none of our clients have had any problem traced directly to this issue so far.

A backup of the Web site would allow you to restore the site, but you’d have the same hole once the backup was restored.  Hop Studios can’t (and wouldn’t want to) assess the potential cost and other fallout to your business if your Web site was to suffer a particularly bad hack.  Hacks can involve subtle trickery or extremely graphic and awful destruction of your data and code.  They can be malicious or benign, professional or amateur, and they can certainly create situations that might incur additional liability or cost for you, even if you can restore your site quickly.

The decision to upgrade is up to you, but we’re ready to step in and help now if you’d like, or later if something should happen to your site.

Posted by Travis Smith at 12:52 PM | Comments (0)