practices   3821

« earlier    

Monday’s Musings: What’s Top Of Mind From SAP Customers - by @rwang0
"Consequently, customers remain cautious and reserved in working with SAP sales reps to resolve this issue for fear of nullifying previous agreements and resulting in accidentally raising their overall total account value. Customers should work with their user groups such as the UK and Ireland SAP User Group have created a SAP Licensing Transparency Centre and other influencers familiar with the process."
#techoptimization  2017  amazon  web  services  apps  strategy  best  practices  blockchain  technology  boardroom  priorities  c-suite  c3  iot  cdo 
8 days ago by jonerp
Java Practices -> Home offers concise presentations of Java practices, tasks, and designs, illustrated with syntax-highlighted code examples.
Java  practices  development  code 
9 days ago by insertrealname
Heydon/inclusive-design-checklist: Aims to be the biggest checklist of inclusive design considerations ever
Aims to be the biggest checklist of inclusive design considerations for the web ever. Includes items for accessibility, performance, device support, interoperability, and language. Pull requests welcome!

Minify CSS and JS, and remove unused/redundant code
Maintain terse HTML, without over-reliance on <div> scaffolding
Use screen reader and keyboard accessible HTML
Compress raster images
Optimize SVG path data
Make sure heading levels describe a logical section/subsection structure
Only include heading elements where they introduce sections of content
Remove potentially insensitive or uninclusive language (use 'singular they')
Give video content captions and transcripts
Provide transcripts for audio content
Make sure main body (paragraph) text is no smaller than the default (user agent) size
Support 'pinch zoom' (remove user-scalable=no if present)
Use relative units (em, rem, and ch), especially for font metrics
Make sure styles and scripts are not render blocking
Install a service worker and cache all applicable assets
Use content-based, not device-specific, media queries
Provide alternatives and/or descriptions for complex visualizations
Include only clear, meaningful animations
Honor requests to remove animation via the prefers-reduced-motion media query
Make sure controls do not elicit unexpected or jarring behavior
Do not include third parties that compromise user privacy
Do not recreate supported and expected browser behaviors with bespoke scripts
Support Windows high contrast mode (use images, not background images)
Provide alternative text for salient images
Apply alt="" or aria-hidden="true" to decorative images
Make sure text and background colors contrast sufficiently
Provide <title>s that name the site and the specific page
Provide large touch 'targets' for interactive elements
Use data tables (<table>) for data only, not visual layout purposes
Make scrollable elements focusable for keyboard users
Do not rely on color for differentiation of visual elements
Use the same design patterns to solve the same problems
Ensure keyboard focus order is logical regarding visual layout
Lazy load large image assets
Honour DNT (Do Not Track) header
Translate / spell out acronyms the first time you use them
Do not hijack standard scrolling behavior
Move focus between dialogs and the controls that invoked them
Give all form elements permanently visible labels
Give grouped form elements group labels
Place labels above form elements
Provide status and error messages as WAI-ARIA live regions
Provide clear, unambiguous focus styles
Employ well-balanced, highly legible fonts (not too complex or elaborate)
Do not use very thin font faces
Ensure states (pressed, expanded, invalid, etc) are communicated to assistive software
Match semantics to behavior for assistive technology users
Provide a default language and use lang="[ISO code]" for subsections in different languages
Make controls look like controls; give them strong perceived affordance
Underline links — at least in body copy
Make sure all content belongs to a landmark element (<header>, <footer>, <nav>, <main>, etc)
Avoid pure white or pure black shades
Mark invalid fields clearly and provide associated error messages
Ensure content is not obscured through zooming (no fixed widths)
Provide a manifest.json file for identifiable homescreen entries
Indicate swipe gesture support clearly, and provide simple tap-based alternatives
Make sure data tables wider than their container can be scrolled horizontally
Avoid time constraints where possible; provide a clear warning and option to extend where not possible
Label and describe the same things with the same terminology
Ensure disabled controls are not focusable
Do not instate 'infinite scroll' by default; provide buttons to load more items
Avoid justified body text
Provide enough spacing between lines of text (line-height)
Ensure PDF content is accessible (include tags)
Provide a skip link if necessary
Avoid all-caps text
Ensure that content is written as clearly and simply as possible
Provide descriptive captions for figures
Warn users of links that have unusual behaviors, like linking off-site, or loading a new tab
Make content easier to find and improve search results with structured data
Use textual labels to make voice activation cues obvious
Do not mark up subheadings/straplines with separate heading elements
Ensure primary calls to action are easy to recognize and reach
Avoid images of text — text that cannot be translated, selected, or understood by assistive tech
Provide a print stylesheet (single column, with interactive content hidden)
Use well-established, therefore recognizable, icons and symbols
Subset fonts to just the characters needed
Instead of obstructing users with CAPTCHAs, use honeypots
Begin long, multi-section documents with a table of contents
Don't make users perform actions to reveal content unless completely necessary
If content is meant to be hidden, ensure it is properly hidden to all users
Make sure controls within hidden content are not focusable
Use srcset to tailor images to devices and reduce bandwidth costs
Do not auto focus form fields, on page load
Break up long and complex forms into discrete sections and/or screens
Make forms as short as possible; offer shortcuts like autocompleting the address using the postcode
Ensure the same content is available across different devices and platforms
Inform the user when there are important changes to the application state
Make sure the purpose of a link is clearly described — "read more" vs. "read more about accessibility"
inclusive  design  checklist  webdev  webdesign  accessibility  best  practices 
12 days ago by 44sunsets
(54) One Bite At A Time: Partitioning Complexity
A recent programming project of my own reminded me that just because I can’t handle lots of complexity at once, it doesn’t mean I can’t program. I can program, but because of my weakness I use a style that partitions complexity instead of consuming it whole. Here are the elements of that style.
practices  programming 
13 days ago by nicolashery
XSS (Cross Site Scripting) Prevention Cheat Sheet - OWASP
This article provides a simple positive model for preventing XSS using output escaping/encoding properly. While there are a huge number of XSS attack vectors, following a few simple rules can completely defend against this serious attack. This article does not explore the technical or business impact of XSS. Suffice it to say that it can lead to an attacker gaining the ability to do anything a victim can do through their browser.

Both reflected and stored XSS can be addressed by performing the appropriate validation and escaping on the server-side. DOM Based XSS can be addressed with a special subset of rules described in the DOM based XSS Prevention Cheat Sheet.

For a cheatsheet on the attack vectors related to XSS, please refer to the XSS Filter Evasion Cheat Sheet. More background on browser security and the various browsers can be found in the Browser Security Handbook.

Before reading this cheatsheet, it is important to have a fundamental understanding of Injection Theory.
xss  web  webdev  js  javascript  security  cheatsheet  checklist  best  practice  practices  cross  site  scripting  css 
28 days ago by 44sunsets

« earlier    

related tags

#techoptimization  +  (iot)  -  2005  2017  8  accessibility  agile  amazon  and  android  ansible  api  applications  apps  architecture  async  bad  benefits  best-practices  best  bestpractice  bestpractices  blockchain  blog  blueprint  boardroom  book  boost  breakthroughs  brief  business  by  c-suite  c3  canonical  cdo  challenges  chatbots  cheatsheet  checklist  ci  cisco  cloud  code  coding  columbus'  commit  complexity  computing  concepts  config  continuousimprovement  conventions  conversation  core  cross  crosscutting  cryptography  css  culture  cux  danluu  data  database  debugging  deceptive  deployment  design  dev  developer  development  devops  distribution  django  docs  down  educating  elixir  email  engineering  error  examples  factors  featured  finance  finds  firm  fiscal  for  forecast  formalmethods  friday  gdpr  git  golang  good  google  guide  guideline  guidelines  hacks  heptioprotip  heroku  hhrr  hig  hiring  html  ico  ideas  ifttt  implement  inclusive  internet  iot  java  javascript  jobs  journalism  journey  js  key  kubernetes  lead  leadership  learning  length  libguides  linkmine  loading  local  logging  louis  management  manifesto  marketing  marketo  math  matrices  message  microservices  mobile  modern  movette  moz  naming  nasa  need  news  nist  not-actually-the-best  observabilkity  oculus  of  opensource  opinion  oracle  organic  overlooked  paper  papers  patterns  persistence  planning  policies  posts  practice  presto  priorities  private  procedures  productivity  programming  ranking  rbac  react  read  readers  recommendations  redhatnfv  redux  reference  regulators  rel=canonical  reporting  research  review  reviews  safe  sales  science  scripting  security  seo  services  shut  site  slides  socialnetworks  software  strategy  study  systems  tag  tdd  techdebt  technology  terraform  text  the  things  tips  tlaplus  to  tokens  trials  tribulations  tutorial  ui  uk  unix  urls  ux  validated  value:  video  visibility  vmware  vr  web  webdesign  webdev  whiteboard  wordpress  xss  you  youngsters 

Copy this bookmark: