Author Archive

Resolution Independence With SVG


  

In this article, we’ll look at Scalable Vector Graphics (SVG), one of the most underused technologies in website development today.

Before diving into an example, let’s consider the state of the Web at present and where it is going. Website design has found new vigor in recent years, with the evolving technique of responsive design. And for good reason: essentially, responsive website design moves us away from the fixed-width pages we’ve grown accustomed to, replacing them with shape-shifting layouts and intelligent reflowing of content. Add to that a thoughtful content strategy and mobile-first approach, and we’re starting to offer an experience that adapts across devices and browsers to suit the user’s context.

When we look at the breadth of Web-enabled devices, responsive design is sure to provide a better user experience. Scrolling horizontally, panning and zooming the viewport have their place in user interface design, but forcing the user to do these things just to navigate a website quickly becomes tedious. Fitting the website to the viewport is about more than just layout: it’s also about resolution. In this article, I’ll demonstrate why SVG is a perfect addition to future-friendly Web development.

Introducing SVG

SVG offers a truly resolution-independent technique for presenting graphics on the Web. SVG is a vector graphics format that uses XML to define basic properties such as paths, shapes, fonts and colors, and more advanced features such as gradients, filters, scripting and animation. Create the file once and use it anywhere, at any scale and resolution.

Consider the use cases: UI and navigation icons, vector-style illustrations, patterns and repeating backgrounds. For all of these, a scalable graphic is the perfect solution from a visual standpoint, and yet fixed-resolution images are still the norm. In the example below, we’ll show you how to expand on a common development technique to take advantage of SVG.

Resolution independence with SVG

A Case Study: CSS Sprites

We all know about the CSS sprites technique. (If you don’t, then have a quick read through Sven Lennartz’ article. And Louis Lazaris points out its pros and cons.) In the example below, we’ll show how seamlessly SVG replaces normal raster images. If this technique is not for you, you can certainly imagine a whole array of similar situations in which to use SVG.

Vector icons play a big role in user interface design. Pictures express concepts with vivid clarity, whereas their textual counterparts might carry ambiguity. In UI design, where space is scarce, a simple illustrated icon could be greatly welcome.

I’ve mocked up the following example:

An icon based UI menu

I’ll be first to admit that this row of icons won’t win any design awards, but it will suffice for the sake of this article! Let’s look at the HTML:

<div class="actions">
   <a class="a-share" href="#">Share</a>
   <a class="a-print" href="#">Print</a>
   <a class="a-tag" href="#">Tag</a>
   <a class="a-delete" href="#">Delete</a>
</div>

I’ve kept the HTML to a minimum for clarity, but in practice you’d probably want to mark it up with an unordered list. And you’ll almost certainly want to replace those hashes with real URLs (even if JavaScript provides the functionality, having a fallback is nice). Let’s look at the CSS:

.actions {
   display: block;
   overflow: auto;
}

.actions a {
   background-image: url('sprite.png');
   background-repeat: no-repeat;
   background-color: #ccc;
   border-radius: 5px;
   display: block;
   float: left;
   color: #444;
   font-size: 16px;
   font-weight: bold;
   line-height: 20px;
   text-decoration: none;
   text-shadow: 0 -1px 2px #fff;
   padding: 10px 20px 10px 40px;
   margin-right: 5px;
}

.a-share  { background-position: 10px 0; }
.a-print  { background-position: 10px -40px; }
.a-tag    { background-position: 10px -80px; }
.a-delete { background-position: 10px -120px; }

Note the fixed-pixel sizing and the PNG background, which we can see below framed in full Photoshop production glory:

A PNG sprite in Photoshop

This implementation of a CSS sprite is basic, and at today’s standard, it’s not good enough! How can we enhance this? First, let’s consider the following issues:

  1. We’ve rasterized the image at a very early stage. Even at full size, icons in which points sit between pixels, such as the one for “Print,� have blurred.
  2. If we zoom in, the image will blur or pixellate even more; there is no additional data to re-render the image at larger sizes.
  3. Everything has a fixed size, which is neither good for responsive design nor good for accessibility, because the browser’s default font size is ignored.

As you’ve probably guessed by now, we’ll show you how SVG solves these problems. But first, let’s reiterate each point thoroughly to understand the issues at large.

1. Rasterization

Devices such as modern smartphones have a very high pixel density; some already surpass the 300 pixels-per-inch (PPI) mark that is assumed to be the limit of the human eye’s ability to distinguish fine details. A pixel has no real-world equivalent in size until it sits on a screen of fixed dimension (say, 3.5 inches diagonally) and fixed resolution (say, 640 × 960 pixels). At this scale, text with a font size of 16 pixels would be incredibly small to the eye. For this reason, devices simply cannot translate 1 CSS pixel unit to 1 device pixel; instead, they double up. Thus, a 16-pixel font size actually takes over 32 pixels when rendered.

The same applies to images; but they are already rasterized, so doubling up the pixels has no benefit. In our example, each icon has been rasterized at around 25 × 25 pixels (the whole sprite being 30 × 160), so they cannot take advantage of the double pixel ratio. One solution is to use CSS media queries to detect the pixel ratio. This is already implemented in Webkit- and Gecko-based browsers.

To improve our example, we can add the following CSS declaration:

@media only screen and (-webkit-min-device-pixel-ratio: 2)  {
   .actions a {
      background-image: url('sprite@2x.png');
      background-size: 30px 160px;
   }
}

The alternate background image supplied in the code above has been saved at 60 × 320 pixels (i.e. double the original dimensions). The background-size property tells CSS to treat it smaller. Significantly, now the device has the additional data to render a better image (if capable).

This solution isn’t bad, but it doesn’t solve the problems we’ll run into in points 2 and 3 below. It also requires that we maintain multiple files of increasing size: a potential burden on bandwidth and a real hassle. For non-vector images, such as photography in JPG format, we can’t do much more than that.

2. Zooming

At their default size, our rasterized icons look acceptable, at least on low-pixel-density screens. However, should the user zoom in on the Web page, these little UI delights will degrade very quickly.

A PNG sprite zoomed in and blurred.

Zooming is a common action when users find a website too small for comfortable viewing. Or, to put it another way, websites that are designed too small are very common. There is really no “perfect� size, because almost everyone has at least some level of visual impairment, since our eyes inevitably deteriorate with age. Secondly, with the rapid increase in touchscreen devices, pinch-to-zoom has become the standard way to enlarge fixed-sized content designed for larger screens (i.e. much of the Web today).

We should develop websites in a way that minimizes the need for user input — that’s where responsive design comes in (see point 3 below) — but zooming is here to stay. There’s simply no way to provide pre-rasterized images for every level of zoom (in theory, an infinite scale). Scalable graphics are the solution, and we’ll show you how to enhance our example. But first, a related word on fixed sizing.

3. Fixed Sizes

Presenting page elements at fixed sizes forces many users to zoom, but it also disables a very useful browser feature. Users can set their preferred font size (the default in browsers is 16 pixels). By sizing everything in pixels, we override this preference. Sizing elements based on this default is much better, so that, if the text is bigger, everything adjusts to match. This essentially mimics the zooming effect but happens without the user having to manually do it on every visit. Ethan Marcotte has written a great article that explains relative font sizes.

Let’s re-implement our sprite example with a solution to these three issues.

A Scalable Implementation

Here is the HTML again. We don’t need to change anything here.

<div class="actions">
   <a class="a-share" href="#">Share</a>
   <a class="a-print" href="#">Print</a>
   <a class="a-tag" href="#">Tag</a>
   <a class="a-delete" href="#">Delete</a>
</div>

The updated CSS is where the magic happens:

body { font-size: 100%; }

.actions {
   display: block;
   overflow: auto;
}

.actions a {
   font-size: 1em;
   line-height: 1.25em;
   padding: 0.625em 1.25em 0.625em 2.5em;
   margin-right: 0.3125em;
   border-radius: 0.3125em;
   background-image: url('sprite.svg');
   -webkit-background-size: 1.875em 10em;
   -o-background-size: 1.875em 10em;
   -moz-background-size: 1.875em 10em;
   background-size: 1.875em 10em;
   /* styles carried over from the original implementation */
   background-repeat: no-repeat;
   background-color: #ccc;
   color: #444;
   display: block;
   float: left;
   text-decoration: none;
   text-shadow: 0 -1px 2px #fff;
}

.actions-em .a-share { background-position: 0.625em 0; }
.actions-em .a-print { background-position: 0.625em -2.5em;  }
.actions-em .a-tag { background-position: 0.625em -5.0em;  }
.actions-em .a-delete { background-position: 0.625em -7.5em;  }

In this version, we’ve made the following changes:

  • The background-image is now an SVG file.
  • All sizes are based on the default of 16 pixels, or 1 em. If the user’s default is larger or smaller, then everything will scale relatively. (If you multiple each em size by 16, you’ll get the number of pixels used in our initial fixed-size example.)
  • The background-size is very important. By setting this in em units, we’re telling the browser to scale the sprite relative to everything else. You’ll notice that 1.875 × 10 em multiplied by 16 becomes 30 × 160 — the base size at which we produced the sprite in pixels.
  • The background-position of each sprited icon is also based on relative units.

Now that we’re using SVG and relative sizes, we have solved the three big issues highlighted above. A scalable graphic can be rasterized on demand to perfectly suit any device resolution and any zoom level. By using relative sizes, we can continue implementing a responsive design, minimizing as much as possible the need for the user to zoom. We’re also respecting the browser’s default font size, and enabling our design to adapt accordingly.

I actually produced the SVG sprite first and the PNG version from that. (I imported the SVG in Photoshop before exporting it as a PNG — Illustrator’s PNG export had very poor rasterization.) Below is the header in my SVG file. Notice the same 30 × 160 initial size.

<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
   width="30px" height="160px" viewBox="0 0 30 160" enable-background="new 0 0 30 160" xml:space="preserve">

You can see that the attributes for width and height are set in pixels (width="30px" height="160px") in the opening svg tag (as generated by Adobe Illustrator). This actually causes it to render early in Firefox, before the graphic has scaled to match the em sizes in background-size. Webkit-based browsers seem to scale the SVG perfectly, regardless. I’ve found that editing the SVG file to use em units in these two attributes fixes any rendering issues in Firefox.

<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
   width="30em" height="160em" viewBox="0 0 30 160" enable-background="new 0 0 30 160" xml:space="preserve">

I don’t know which browser actually implements this scaling correctly, but let it be noted that extra care is needed to ensure cross-browser perfection. Mozilla MDN has an excellent in-depth article, “Scaling of SVG Backgrounds,� which explores more practical examples. For more ideas, see Alex Walker’s article “A Farewell to CSS3 Gradients.�

Here’s a super-close screenshot showing the SVG sprite:

A close-up of a SVG sprite.

The sprite scales beautifully. (Sadly, the same can’t be said for my tacky text-shadow effect.)

It’s best to experience the joys of scalable graphics and relative sizing firsthand. I’ve uploaded a side-by-side live demo demonstrating a combination of all the techniques mentioned above.

Browser Support

At the start of this article, I said that SVG was underused. I believe that has generally been the case due to poor browser support. But things are different now! Browser support for SVG has blossomed over the last year to the point where implementing it is a viable use of development time.

According to the website When Can I Use?, support for SVG across multiple implementations is as follows (I’ve combined support for both CSS’ background-image and HTML’s img source — the most useful attributes):

  • Internet Explorer 9+
  • Firefox 4+
  • Chrome 4+
  • Safari 4+
  • Opera 9.5+

Mobile browser support is also pretty much across the board. If a workable fallback exists for older browsers, then SVG is a very viable solution.

For some of the new additions to Web standards, we can implement them safe in the knowledge that old browsers will simply ignore them and that they aren’t even required. We call this “progressive enhancement�: better browsers get a progressively better experience. SVG is slightly different, because for most practical purposes, it simply replaces other images in CSS backgrounds and HTML elements. The image format — be it SVG, PNG, JPG or GIF — is either supported or it isn’t. We can’t simply follow the practice of progressive enhancement here, because an image failing to render is not an acceptable experience.

Browser Sniffing or Feature Detection?

We could make an educated guess and say that we need to worry only about users of Internet Explorer 6 to 8. In this case, the conditional comments technique for IE-only styles enable us to re-apply a second CSS background-image of a supported format such as PNG, instead of the default SVG background.

Browsing sniffing is always a dangerous game. While Internet Explorer tends to be the main offender, we can never assume it is the only one.

The safer and highly recommended option is to detect SVG support and use it only if it’s found. I suggest using Modernizr if you need to detect multiple features. Modernizr applies a class of svg to your root html element if detected (to which you can apply SVG as a background-image). If you’re using SVG as the source of an image element in HTML, then implementation is a little harder. You’ll have to write more JavaScript to find and replace all sources once support has been established.

The problem with these methods is that the browser will download the fallback image before SVG is detected — the only exception being the conditional comments technique for IE. Users will also likely see a flash of re-styled content when the source image changes. This shouldn’t be the case for long; but at least for now, these problems may be enough to hold you off on SVG usage.

File Size

In our sprite example, the raw SVG file was 2445 bytes. The PNG version was only 1064 bytes, and the double-sized PNG for double-pixel ratio devices was 1932 bytes. On first appearance, the vector file loses on all accounts, but for larger images, the raster version more quickly escalates in size.

SVG files are also human-readable due to being in XML format. They generally comprise a very limited range of characters, which means they can be heavily Gzip-compressed when sent over HTTP. This means that the actual download size is many times smaller than the raw file — easily beyond 30%, probably a lot more. Raster image formats such as PNG and JPG are already compressed to their fullest extent.

Performance

Rendering performance is a concern with SVG, especially on mobile devices, whose hardware is limited. Raster images can be rendered pixel for pixel after decompression and de-encoding. Vector graphics need to be rasterized at a specific resolution every time they’re viewed.

SVG has consistently proved slower than Canvas as a platform for animating vector graphics; but our concern here is basic rendering, not manipulation a thousand times per second, and if that is possible, then simple rendering shouldn’t be a concern. The more intensive SVG features are things like clipping masks and filter effects. These are unnecessary for many practical purposes (like our sprite example), but, if required, the best way to check performance is by testing. A lot of Web development is supported in theory, but in practice results are far from perfect.

Alternative Methods

Hopefully you agree that SVG is extremely useful but not always the ideal solution to resolution independence. Ultimately, the trick is to avoid raster images while maintaining the scalability of visual styles. Below are a few more ideas to think about.

CSS3

You’ve probably already started combining CSS3 properties such as linear-gradient, text-shadow and box-shadow to create more complex styles. Web developer Lea Verou curates a CSS3 pattern gallery that shows off the impressive potential of gradients alone.

CSS3 gradient patterns

In his article “Mobile Web in High Resolution,� Brad Birdsall introduces a technique to maintain pixel perfection for high-resolution displays using the pixel-ratio property.

Then there are pure CSS “icons,� which Faruk Ateş rightly points out as being absolute “madness� — certainly so if you’re using CSS to create a logo! But you could argue the benefits of a small handful of very specific techniques, such as CSS triangles, as demoed by Chris Coyier.

Web Fonts

Dingbat Web fonts and look-a-like Unicode glyphs are two interesting alternatives for vector icons, both with accessibility and semantic challenges. Jon Hicks has a write-up of perhaps the best practice for this. SVG seems a more appropriate technique for icons, but both have an immediate visual impact at high resolutions — and we’ll be paying increasing attention to that in coming years.

Looking Forward

As you can see, SVG usage is very much a possibility, and browser support and performance will only improve in future. What’s important to note from this article is that we really should be building websites that are as resolution-independent as possible.

Consider the “one Web� philosophy and the vast range of devices we use to access it — there is no single user experience. The more we can do to stay device-agnostic, the better. Responsive website design addresses many of these needs and certainly provides many benefits. Using vector graphics may not be as apparent, but its little improvements really do make a difference.

With today’s level of support, many users can experience the beauty of crisp scalable graphics… or perhaps that’s the wrong way to think about it. Most users won’t say “Wow! Kudos on the vectors.� To our dismay, they probably wouldn’t even consider them (and certainly wouldn’t recognize the effort required to craft them). And that’s a good thing; each time we improve the user’s experience, we don’t necessarily need to make a song and dance about it. Letting things continue to grind away under-appreciated is OK. It’s the lack of such things that gets recognized and sniffed at. Raise the user’s expectations in visual aesthetics, and they’ll start to notice the websites that do look shoddy. If you don’t do it, others will.

(al)


© dbushell for Smashing Magazine, 2012.


Understanding Copyright And Licenses

Advertisement in Understanding Copyright And Licenses
 in Understanding Copyright And Licenses  in Understanding Copyright And Licenses  in Understanding Copyright And Licenses

The Web is full of creative and practical resources that we can use to improve our projects. Photography, fonts, music and code are perfect examples. Finding stock objects and existing implementations is often quicker, cheaper and more practical than producing your own.

Whether free or not, these resources normally come with a license to ensure fair use. For professionals, understanding the limitations of a license is critical; with this knowledge, you’d be surprised by what’s available. Understanding copyright and licenses allows us to do what we do best: be creative.

Copyright in Understanding Copyright And Licenses

In this article, we’ll cover the basic principles that govern copyright and licenses. We’ll then explore common licenses in our industry, with examples. We’ll cover the following:

Quick disclaimer: I am not a lawyer! This is not legal advice, only the results of my own research. Please always read the entire license of any resource you use.

Copyright And Licensing

When we create something — let’s say a photograph — we own the copyright, which is our exclusive right as the author to own that work. We control who else can use our work and in what manner. For example, I could allow someone to print my photograph or adapt it in a piece of art. Rather than establishing verbal agreements, I can distribute my work with a license that sets the guidelines for use. The things that are copyrighted are sometimes referred to as “intellectual property.â€�

Licenses are granted by an authority to allow a usage; in my case, the use and distribution of resources by the copyright owner (i.e. me). I may decide to offer my photograph for free or charge a price; either way, I can include a license to limit usage, and I maintain the copyright. Just because someone pays money doesn’t mean they have full control or rights to what they’re buying. Licenses can dictate the number or uses, the bounds of use and even the length of time until the license expires.

Moreover, under “work for hire,� the employer holds the copyright, not the author or creative; in many cases, this is a company (such as a creative agency) or its client (by contractual agreement). In such cases, the creator retains “moral rights� to their work, including the right of attribution. This is partly why published articles refer to the author, although moral rights can include anonymity.

Copyright laws are incredibly complex, but this should be a good start.

What Is “Fair Use�

“Fair use� is an exception to the exclusive rights held by the copyright owner. It exists in some countries such as the US and UK. Under it, in certain cases, using work without permission is possible. If someone’s usage is defined as fair use, then they don’t need to obtain a license. Essentially, using copyrighted material is a legal right. Examples of fair use might include:

  • Educational purposes, such as teaching and student research;
  • Making commentary and criticism as part of a news report or published article.

There’s a misconception that noncommercial or nonprofit use is always acceptable. It isn’t. Fair use is a legal term and is judged case by case. Always research thoroughly if you think your use of copyrighted material is legal.

What Is “Public Domain�

Work that falls in the “public domain� basically has no copyright owner. You can use, modify and redistribute it to your heart’s content. An author can forfeit their copyright and, thus, put their work in the public domain (although it’s not quite that easy, as we’ll see later). Copyright ownership expires after the author’s death (generally 50 to 70 years after death in most countries).

Every country has its own interpretation of copyright law, but there are many agreements between nations. Licenses are enforced under copyright law, which is different than contract law. The distinction here is questionable within certain jurisdictions, each of which applies the law differently.

The Berne Convention (for the Protection of Literary and Artistic Works) was established in 1886 and is an international agreement that governs copyright. It states that each member state must recognize the copyright of work from other countries, and it must extend the same rights to foreign work that it gives to those of its own citizens. It also makes clear a minium standard of protection for copyright owners. To date, 164 countries have signed this agreement.

Licenses can be limited to certain jurisdictions. So, while something may be free in one country, the copyright owner could reserve all rights in other countries.

If you’re reading this, I can guess pretty confidently that you work on the Web and that you are, or will be, purchasing licenses from copyright owners in different countries. These licenses are bound by the laws of those countries, and you must respect them.

We’re getting into political and legal territory here. Remember: if in doubt, get legal advice.

License Terminology

A license can be written from scratch, but most people choose a well-known one. We’ll cover the common licenses that relate to our industry of website design and development, specifically those that allow for free usage — “free,â€� meaning that no money is required. Generally, licenses that govern paid resources are written individually, but all licenses have commonalities.

There is obviously a fundamental difference between, say, development code and stock photography. So, it should come as no surprise that a range of licenses exist. Each is tailored to the usage. Before we dive into them, let’s go over some common terminology:

  • “Copyâ€�
    A simple copy of the original work.
  • “Modifyâ€�
    To alter copyrighted work in some way before using it.
  • “Derivative workâ€�
    The result of modifying copyrighted work to produce new work.
  • “Distributeâ€�
    The act of giving someone your work under a license.
  • “Redistributeâ€�
    The act of distributing work and its license after obtaining it under license from the original copyright owner.
  • “Share alikeâ€�
    Permission to distribute derivative work under the same or a similar license.
  • “Creditâ€� or “attributionâ€�
    The act of identifying the original copyright owner.
  • “Copyright noticeâ€�
    A written phrase or symbol (©) informing of copyright ownership (not necessarily required by law).
  • “All rights reservedâ€�
    A common copyright notice declaring that no usage rights exist (again, not necessarily required).
  • “Warrantyâ€�
    A written guarantee included with the license (or, usually, not).

With this in mind, let’s start with the creative licenses.

Creative Commons

Lawrence Lessig founded Creative Commons (CC) in 2001 to create a series of easy-to-understand copyright licenses for online creative work. These licenses established the notion of “some rights reserved.�

The Creative Commons license has six variations. It’s really a collection of licenses that cover particular uses. These include whether the licensed work can be used commercially, whether it can be modified, and whether derivative work can be redistributed under the same (or a compatible) license. A Creative Commons license can be restricted to certain jurisdictions or apply internationally.

Creative-commons-license in Understanding Copyright And Licenses

The basic Creative Commons license is CC Attribution. It allows for all copying, modification and redistribution (even commercially), provided that the original author is attributed (with no implication of endorsement). Work under CC Attribution is essentially free to use.

The CC Attribution license can be extended to CC Attribution-ShareAlike. The same rules apply, except that all derivative work must be licensed the same way. This distinction ensures that all resulting work remains free. Wikipedia uses this license for its text.

Here are the four other Creative Commons licenses:

  • CC Attribution-NoDerivs
    Redistribution is allowed, provided that attribution is given and no modifications are made.
  • CC Attribution-NonCommercial
    Everything is allowed with attribution, provided that it is not done commercially.
  • CC Attribution-NonCommercial-ShareAlike
    The same as above, but derivative work must be under the same license.
  • CC Attribution-NonCommercial-NoDerivs
    Redistribution is allowed for noncommercial use and without any modification.

As you can see, the Creative Commons licence has six separate versions, all of which at least require attribution to the copyright owner.

You should attribute by citing the title of the work, the copyright notice, the author’s name and the license name. For example:

This work includes the photo “Photo’s Title,â€� available under a Creative Commons Attribution license, © Author’s Name.

If the original work includes a copyright notice, it must be left intact. Otherwise, you are free to attribute appropriately. Also, link to the work and license if possible. Informing the author is courteous but not required.

CC0 also exists. It enables copyright owners to waive all of their rights. It’s essentially a way of saying that the work is in the public domain and that there are “no rights reserved.� The concept exists because many jurisdictions don’t have a clear process for putting work in the public domain, and many legal systems actually prohibit the surrendering of lawful rights such as copyright ownership.

The Creative Commons licenses are clear and readable. As mentioned, Wikipedia uses the Attribution-ShareAlike. Flickr makes it easy for users to select one of the CC licenses, and it’s a great source of photography for your projects. You can even search Google for Creative Commons content.

Software Licenses

Written code is copyrighted: you own what you write. Of course, the simplest line of code, like print('Hello World!');, can be rewritten totally independently, without knowledge of the original author, and both parties will own the copyright of their own version (however worthless it may be). But beyond a few lines, code does become valuable, and distributing it with a license is important.

Other intellectual property laws, such as patents, can also protect software. Software patent laws are hotly debated in the US, where they are granted. In many other countries, such as the UK and New Zealand, software cannot be patented. While copyright is a right, patents must be granted.

Software licenses cover the use of programming code. If you’re using a third-party library or elements from an open-source project, your usage must respect the relevant license.

Development licenses generally cover the following points:

  • How the work and modifications of it can be distributed,
  • Whether any derivative work must be made open source,
  • What copyright and other notices are required for redistribution.

Software licenses can be defined as “permissive� or “copyleft.� The latter removes the right to add further license restrictions upon redistribution.

Below is a quick rundown of common software licenses and how they’ve evolved over the decades.

MIT License

The MIT license is perhaps the most open of all. It effectively puts the work in the public domain. It explicitly gives permission, “without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sub license, and/or sell copies of the Software.� The only condition is that the full copyright notice (which declares no warranty or liability) be included. Work released under the MIT license can be used for anything, including commercial and proprietary software.

BSD License

The BSD license is similar to the MIT license.

The original version, published in 1990, had four clauses, the last being an “advertising clause� stating that all promotional material for derivative work had to refer to the original source. This was later removed in 1999 in the “New BSD� or “Modified BSD� license.

What separates the newer three-clause BSD license from the MIT license is a clause stating that the name of the original copyright owner cannot be used to endorse any derivative work without prior permission. This eliminates any doubt about the right to use the person or organization’s name. Whether this clause is even required is debatable, because copyright and trademark laws are separate issues. Even though the MIT license does not declare this, we cannot assume permission of endorsement.

An additional two-clause “FreeBSD� or “Simplified BSD� license exists, which omits this endorsement clause and instead includes a disclaimer to disassociate any views made in derivative work from the original copyright owner. This can be seen as explicitly stating the opposite of an endorsement.

Both the MIT and BSD licenses give us complete freedom to copy, distribute and modify work for any purpose, provided that the original license and copyright notice are included. Derivative work can be released under another license or as proprietary software.

The Apache License

You can see from the BSD example just how difficult it is to word a license. There are so many ambiguities and connections to other laws that getting the point across is nearly impossible. Many more essentially “free� licenses have appeared in an attempt to make such intention clear.

The Apache License is a free software license that does not require the same license of derivative work. This means that code under the license can be used in open, free and proprietary software (like the MIT and BSD licenses).

Apache Logo-screenshot1 in Understanding Copyright And Licenses

It imposes the conditions that in any licensed file, all original copyright, attribution and trademark notices must be preserved. Additionally, with any modified work, a notice of change must be included. Any existing notices of change must also be kept. All of these notices must be distributed in a text file and in the source code or documentation.

This requirement to preserve modification notices makes the Apache license different from the MIT and BSD licenses. It also includes many more legal terms and conditions that (among other purposes) dissolves any liability of the original copyright owner.

The Apache license (version 2) is said to be GPL-compatible, meaning that a project containing code licensed under both must also be licensed under GPL version 3.

GNU General Public License

First written by Richard Stallman in 1989, the General Public License (GPL) is now at version 3 as of 2007. It was founded on the principle that we should be free to use, change, share and share changes to free software. No matter how the software is distributed, it remains free. This concept is called “copyleft.�

The basic principles of the GPL mean that, unlike the MIT, BSD and Apache licenses, work under GPL must remain under this license. GPL code can be sold, but no proprietary software can be derived from it. If you distribute any derivative work, then your source code must be made available under the same license. Essentially, once a work is released under the GPL, it remains GPL and no further restrictions can be applied.

Version 3 of the GPL specifically states that while code under the GPL can be used to implement digital rights management (DRM), using GPL code does not count as effective “protection,� and as such, anyone who breaks it cannot be help accountable under digital rights law.

Where Licenses Are Used

We already know that Wikipedia uses the Creative Commons Attribute-ShareAlike license and that Flickr allows users to choose a Creative Commons license. What else should we know?

Most JavaScript libraries are available under license by nature. jQuery, for example, is available under dual license: either MIT or GPL v2. Other libraries are available under MIT, such as Modernizr (which is also under BSD), Raphaël and Respond.js (also under GPL v2). You can use all of these libraries while reserving rights for your own derivative work, provided that you include the relevant copyright notices for these libraries.

Plug-Ins and Themes

WordPress and Drupal are important ones to note because they’re available only under GPL v2. This means that any derivative work must also be licensed under GPL; and according to the WordPress license page, this includes all plug-ins and themes:

Part of this license outlines requirements for derivative works, such as plugins or themes. Derivatives of WordPress code inherit the GPL license. […] There is some legal grey area regarding what is considered a derivative work, but we feel strongly that plugins and themes are derivative work and thus inherit the GPL license. If you disagree, you might want to consider a non-GPL platform…

Drupal’s licensing FAQ is more specific about this:

The GPL requires that if you make a derivative work of Drupal and distribute it to someone else, you must provide that person with the source code under the terms of the GPL so that they may modify and redistribute it under the terms of the GPL as well. However, you are under no obligation to distribute the code to anyone else. If you do not distribute the code but use it only within your organization, then you are not required to distribute it to anyone at all.

What does this mean? If you’re developing a WordPress or Drupal theme, it must be under GPL. You can distribute your work, should you choose.

If you’re developing a theme for personal use or for a client, you have little to worry about because you are not technically “distributing� it.

Selling themes on the open market is a gray area, because distribution must be under the GPL. The GPL allows you to sell this work, but it also allows others to redistribute and sell it, too; you can’t do much about that. However, theoretically, the only derivative work that falls under GPL is the PHP code; any images, CSS and other content in your project remain yours. On top of that, you are free to charge extra for technical support and so on.

Remember that while WordPress is open source and free under the GPL, it is still copyrighted. You have to respect its chosen license.

Does My Work Need A License?

If you’re publishing content online — be it design work, photography, blog articles, audio or video — then the default is “all rights reservedâ€�. Unless you publish it under a license (or through a Web service that reserves some rights for itself — and most do), then only you hold copyright. That’s great, but what do you gain by giving others permission?

In his article “Pick a License, Any License,� Jeff Atwood highlights the interesting example of developers who publish code on their blogs. Unless the developer states otherwise, no one has permission to use that code in their project. Always consider the benefits of others using and attributing your work: it could be great self-promotion!

It’s worth noting that you do not need to issue a license in order to give permission for someone to use your work. Some areas of the law favor verbal and contractual agreements over copyright.

Additionally, when using services such as Twitter and Flickr, you are probably giving those websites full rights to your work as part of their terms of service. These websites couldn’t operate without your content, but they do take every advantage of reserving full rights over the content you publish. This allows them to develop their service in different ways on the strength of your content.

Take this excerpt from Yahoo’s terms of service, which Flickr uses:

[…] you grant Yahoo! the royalty-free, perpetual, irrevocable, non-exclusive and fully sub-licensable right and license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform and display such Content (in whole or part) worldwide and/or to incorporate it in other works in any form, media, or technology now known or later developed […]

That covers just about everything!

While Flickr allows you to upload photos under a Creative Commons license for others to use, you also grant Yahoo permission to do anything it likes with them. I’m not condemning Yahoo for this practice because it’s common to all Web services. I’m just highlight the importance of reading the terms and conditions and understanding where you publish work and what rights you’re giving away.

Final Thoughts

With this information, you should have a strong understanding of how copyright and licenses work, why they exist and what they achieve. Ignorance of copyright — as of any law — is no excuse. By understanding it, we can take advantage of the wealth of creative content across the Web. If you’re publishing work online, consider sharing it under a license. You never know what interesting things people will do with it.

As mentioned, this article is the result of my own research and is not legal advice. You’ll need the latter if you’re unsure about copyright licenses.

Further Reading

(al)


© dbushell for Smashing Magazine, 2011. | Permalink | Post a comment | Smashing Shop | Smashing Network | About Us
Post tags: ,


In Search Of The Perfect CAPTCHA

Advertisement in In Search Of The Perfect CAPTCHA
 in In Search Of The Perfect CAPTCHA  in In Search Of The Perfect CAPTCHA  in In Search Of The Perfect CAPTCHA

CAPTCHAs, or Completely Automated Public Turing Tests to Tell Computers and Humans Apart, exist to ensure that user input has not been generated by a computer. These peculiar puzzles are commonly used on the Web to protect registration and comment forms from spam. To be honest, I have mixed feelings about CAPTCHAs. They have annoyed me on many occasions, but I’ve also implemented them as quick fixes on websites.

This article follows the search for the perfect solution to the problem of increasing amounts of human-generated spam. We’ll look at how and why CAPTCHAs are used and their effect on usability in order to answer key questions: what is the perfect CAPTCHA, and are they even desirable?

The Incentive To Act Human

To understand the need for CAPTCHAs, we should understand spammers’ incentives for creating and using automated input systems. For the sake of this article, we’ll think of spam as of any unwarranted interaction or input on a website, whether malicious or for the benefit of the spammer (and that differ from the purpose of the website). Incentives to spam include:

  • Advertising on a massive scale;
  • Manipulating online voting systems;
  • Destabilizing a critical human equilibrium (i.e. creating an unfair advantage);
  • Vandalizing or destroying the integrity of a website;
  • Creating unnatural, unethical links to boost search engine rankings;
  • Accessing private information;
  • Spreading malicious code.

All of these incentives lead to profitable or otherwise gainful situations for spammers. Automating the process obviously allows for superhuman speed and efficiency.

Those who run websites know that this is a big business and a big problem. Akismet, the popular spam killer (commonly seen as a WordPress plug-in), catches over 18 million spam comments per day and has caught more than 20 billion in its history. Mollom, which provides a similar service, catches over half a million spam comments per day and estimates that more than 90% of all messages are spam.

No amount of asking nicely will stop the spammers, but their greed can be used against them; using automated systems to increase profit does have a weakness.

Enter the CAPTCHA

On one side of the coin is the spammer; on the other is the humble website owner, a pleasant sort, who experiences common problems:

  • Blogs and forums that sink under the weight of spam posts,
  • Accounts that are registered under false pretences for unlawful purposes,
  • Bots that ruin the dynamics of a website,
  • A dive in the quality of content and the user experience.

Automated spam plagues website owners to no end, so CAPTCHAs are appealing and compelling… initially. The time needed to moderate and review user-generated content versus the time needed to implement a CAPTCHA is what pushes most developers to do it.

In fact, CAPTCHAs are used a lot. The reCAPTCHA project estimates that over 200 million reCAPTCHAs are completed daily, and it takes an average of 10 seconds to complete one. The Drupal CAPTCHA project logs close to 100 thousand uses per week, and this is just a fraction of websites (those that choose to report back).

CAPTCHAs tackle a problem head-on: they focus purely on stopping spammers. Genuine users are, for the most part, overlooked. That is to say, an assumption is made that the normal behavior of users is not affected.

It’s not true, though. The issue of genuine usability is not new. The W3C released a report back in 2005 on the inaccessibility of CAPTCHAs, which suggested that some systems can be defeated with up to 90% accuracy. More recently (in 2009), Casey Henry looked at the effectiveness of CAPTCHAs on conversion rates and suggested a possible conversion loss of around 3%:

“Given the fact that many clients count on conversions to make money, not receiving 3.2% of those conversions could put a dent in sales. Personally, I would rather sort through a few spam conversions instead of losing out on possible income.”

— Casey Henry, CAPTCHAs’ Effect on Conversion Rates

In 2010, a team from Stanford University released a report entitled “How Good Are Humans at Solving CAPTCHAs? A Large Scale Evaluation� (PDF), which evaluates CAPTCHAs on the Internet’s biggest websites. Unsurprisingly, the results weren’t favourable, the most astounding being an average of 28.4 seconds to complete audio CAPTCHAs. The study also highlighted worrisome issues for non-native English speakers.

Web developers like Tim Kadlec have called for death to CAPTCHAs, and he makes a strong argument against their use:

“Spam is not the user’s problem; it is the problem of the business that is providing the website. It is arrogant and lazy to try and push the problem onto a website’s visitors.”

— Tim Kadlec, Death To CAPTCHAs

Completing a CAPTCHA may seem like a trivial task, but studies (like that of the W3C) have shown that that’s far from the reality. And as Kadlec mentions later in his article, what about users with visual impairments, dyslexia and other special needs? Providing an inaccessible wall doesn’t seem fair. Users are the ones who invest in and give purpose to websites.

The question is, are CAPTCHAs so unusable that they shouldn’t be used at all? Perhaps more importantly, does a usable CAPTCHA that cannot be cracked exist? If the answer is no, what is the real solution to online spam?

The World Of CAPTCHAs

The human brain is an amazing piece of work. Its ability to conceptualize, to find order in chaos and to adapt under extraordinary circumstances makes it highly useful, to say the least. For some tasks, it outshines a computer with great ease. In other tasks — mathematics, for example — it is laughably inferior.

Logic would dictate, therefore, that the most successful CAPTCHA would be:

  • A task that users excel at naturally but that computers can’t begin to comprehend,
  • A task that is incredibly quick for users to perform but arduous for computers,
  • A task that minimizes the need for additional user input,
  • A task that is relatively accessible to all users, even those with special needs (that is, the CAPTCHA should be no more difficult than general Web usage and the current task demand).

One of the greatest advantages that humans have over machines is our ability to visually recognize patterns. The most popular CAPTCHA technique derives from this.

Web developers have explored many options: simple recognition tests, interactive tasks, games of Tic Tac Toe and equations that even mathematicians would have struggled with. We’ll explore the more sensible ideas being implemented online today.

Text Recognition

The most popular type of CAPTCHA currently used is text recognition (as seen with the reCAPTCHA project).

Smb2-recaptcha in In Search Of The Perfect CAPTCHA
The reCAPTCHA project aims to stop spam and help digitize books.

reCAPTCHA was created at Carnegie Mellon University, home to the CAPTCHA pioneers and (in 2000) coiners of the term. Now run by Google, the project uses scanned text that optical character recognition (OCR) technology has failed to interpret. This, in theory, provides unbreakable CAPTCHAs, with the secondary benefit of helping to digitize books.

Smb2-recaptchaocr in In Search Of The Perfect CAPTCHA
reCAPTCHA’s example of failed OCR scanning.

Concerns of accessibility and usability are often voiced with regard to this type of CAPTCHA. Completely illegible CAPTCHAs are common on the Web, and asking users to perform impossible tasks can not be good for usability.

The reCAPTCHA project does make efforts to provide audio alternatives for visually impaired users, but many more text-recognition CAPTCHAs are being used without aids. As noted in the Stanford University study, audio CAPTCHAs take a long time to complete. The same study also highlighted an undesirable reliance on recognition of English-language words.

Another take on the basic text CAPTCHA was introduced in late 2010 by Solve Media, whose solution was to replace text with an advertisement and a related question, a move that many saw as too invasive.

Smb2-solvemedia in In Search Of The Perfect CAPTCHA

Solve Media claims its CAPTCHAs can be solved more quickly than others. While we should be skeptical of marketing talk, there is clearly some potential, given that many global brands transcend a single language. There is potential here for marginal improvement.

While text-recognition CAPTCHAs have a few downsides (e.g. spammers could use a software that would be able to recognize text embedded in the image and try all possible combinations to “break” the anti-spam mechanism), they are undoubtedly recognizable. This fact alone can go a long way in usability decisions.

Logic Questions

Some have suggested that answering simple logic questions would be better than performing visual tasks, the idea being that the complexity of written language would be enough to confuse computers.

The TextCAPTCHA service has over 180 million questions in its database, including:

  • The 6th letter in “unrolledâ€� is?
  • What is fifty-eight thousand, five hundred and seventy-four as digits?
  • Which of 3, twenty-nine, 70, 46 or 65 is the lowest?

These CAPTCHA questions are designed for the intelligence of a seven-year-old child. They are far more accessible than text and image recognition, and while this is a big advantage, it comes with a price. First, the time required to read and comprehend these questions will vary because they are unusual and unknown to users. Secondly, computers can still break these CAPTCHAs. Joel Vanhorn points to Wolfram Alpha as an intelligence source strong enough to crack them.

With the likes of IBM’s Watson recently showcasing an eerily human-like ability to process language, such technology might become mainstream quicker than we think. Instead of worrying about logic questions becoming solvable by computers, we should use this technology to analyze user-submitted content and then separate natural language from the computer-generated content that is common to spam. Services like SBlam! are implementing this idea.

Questions that are website-specific, such as “What is the name of this website?� and “What is the dominant color in the image above?�, might be better than general questions. The downside, of course, is that the pool of pointed questions is very small compared to the 180 million possibilities of TextCAPTCHA.

The biggest problem with logic questions is that they’re specific to a language, usually English. Providing millions of questions in every language in order to avoid alienating potential users would be a huge task. When presented with such a daunting prospect, the same question resurfaces: are CAPTCHAs the right solution?

Image Recognition

Many have experimented with photography instead of text. The benefit? No legibility issues. Services like identiPIC ask users to identify the object in an image. Microsoft has also researched this method through its Asirra project.

Smb2-asirra in In Search Of The Perfect CAPTCHA
Microsoft’s Asirra project on image recognition.

The fact that we haven’t seen widespread adoption of image recognition CAPTCHAs indicates that it doesn’t improve usability. In fact, it jeopardizes accessibility. Visually impaired users have no chance of passing this type of CAPTCHA, and including a description or alternative text would weaken the tests.

In 2009, Google published research (by a team led by Rich Gossweiler, Maryam Kamvar and Shumeet Baluja) that looked at an alternative form of image CAPTCHA. The project asked users to correct the orientation of images by rotating them.

Smb2-googlephoto in In Search Of The Perfect CAPTCHA

A novel idea, I’m sure you’ll agree, and the research showed a preference for the ease and simplicity of this technique. Sadly, it fails the accessibility requirement (think again of the visually impaired).

Friend Recognition

One of the more interesting CAPTCHA ideas appeared in January 2011 as a result of an effort by social-networking giant Facebook. The company is currently experimenting with social authentication in an effort to verify account authenticity. In the words of the experiment:

“We will show you a few pictures of your friends and ask you to name the person in those photos. Hackers halfway across the world might know your password, but they don’t know who your friends are.”

— Alex Rice, Facebook, A Continued Commitment to Security

Smb2-facebook in In Search Of The Perfect CAPTCHA
A peek at Facebook’s friend recognition test.

What makes Facebook’s project slightly different than the normal CAPTCHA is that the authentication is supposed to filter out human hackers rather than machines.

There is potential for Facebook to roll this out across the Web. With 600 million users and millions of websites that integrate with it, Facebook has the ability to use this social recognition CAPTCHA in a big way — and it could prove to be easier than text recognition (Orwellian privacy concerns aside for the moment).

There is one problem. Do you actually know who your friends are? The reality is that friend requests are exchanged between even the barest of acquaintances; remembering names to go with all those faces could be challenging. As intuitive and intelligent as Facebook’s idea might be, it is ultimately flawed because, as humans, we don’t follow the rules.

User Interaction

One method getting a lot of attention has users perform tasks that are impossible for virtual intelligence. They Make Apps features a small slider that must be dragged to the right in order to submit a form. It asks the visitor to “Show your human side; slide the cursor to the end of the line to create your account.�

They-Make-Apps-Slider in In Search Of The Perfect CAPTCHA
They Make Apps uses a slider CAPTCHA.

Obviously this option is inaccessible to people with special needs. Furthermore, developing a script that is capable of moving the slider automatically to activate the “Submit� button would probably be not that difficult. A multilateral version of the slider option is used in the comments section of the Adafruit blog. Four different sliders have to be matched to the corresponding colors in order to validate a comment and activate submission.

Adafruit-Slider in In Search Of The Perfect CAPTCHA
The Adafruit blog’s slider CAPTCHA.

An Over-Engineered Solution?

None of the solutions above meet all of the requirements we highlighted for a perfect CAPTCHA. Each of them impairs usability for a large segment of potential users. Even if we went so far as to assume that users generally welcomed traditional text-recognition CAPTCHAs, they would not likely welcome the other alternatives. The extra few seconds the user takes to decipher what is being asked of them negates the benefits. Too slow means not worth it.

Of the solutions available, text recognition (like reCAPTCHA) still feels like the best choice. But the question remains: why are we asking users to perform these tasks? Surely we can beat spammers at their own game by using automated systems to do the work for us. So far we have assumed that a common problem actually exists for CAPTCHAs to solve.

Despite the advances in intelligent computer systems, most spamming mechanisms are stupid. If a submission fails (because of the CAPTCHA or some other reason), the spam bot will move down its list of thousands of websites. Jeff Atwood showed this in his 2006 article “CAPTCHA Effectiveness.� Despite all the research that goes into CAPTCHA-breaking, most spammers have no incentive to invest effort in defeating them. The sheer quantity of websites available to attack and the speed at which they can do it means that CAPTCHA-breaking is unlikely to concern many spammers.

The BBC is one of the most highly scrutinized institutions in the UK. Its requirements for accessibility are second to none, and its recent examination of CAPTCHAs resulted in an emphatic “No�:

“Visually impaired participants expected full accessibility from the BBC and we felt it would affect our reputation to use them. Elderly users had issues with the distorted text. The logic puzzles were found to be odd and patronising. The audio was struggled with. Overall, extremely negative feelings were expressed towards CAPTCHA technology.”

— Rowun Giles, BBC, CAPTCHA and BBC iD

Alternative solutions exist that prevent automated submissions without resorting to CAPTCHAs and, more importantly, without user interference.

Alternatives To The CAPTCHA

CAPTCHAs, in their purest form, might realize their potential in another field. As website protectors, though, they’re far from ideal. Doing a disservice to users in an effort to combat spam doesn’t cut it on today’s Web. Human-powered spam is on the rise (as is unethical link-building), and we should be implementing unobtrusive, invisible methods.

Automated and Manual Spam Detection

We touched on two detection services at the beginning of this article. Akismet, Mollom and SBlam! all analyze user-submitted data and flag spam automatically. Mollom sometimes presents a CAPTCHA, but only when it’s unsure. But why not develop your own system that is tuned to the mechanics of your website?

Taking responsibility and removing the burden from users will improve their interactions with and impressions of your website. Manually moderating content is often a sacrifice worth making.

The Honeypot Method

In 2007, Phil Haack suggested a clever method of detecting bots: using a honeypot. The idea behind the honeypot method is simple: website forms would include an additional field that is hidden to users. Spam robots process and interact with raw HTML rather than render the source code and therefore would not detect that the field is hidden. If data is inserted into this “honeypot,� the website administrator could be certain that it was not done by a genuine user.

The honeypot method can be made more sophisticated by using JavaScript and data hashing. These obfuscation methods are not hack-proof, but we can assume that robots are not sophisticated enough to enter the required information.

JavaScript can be used to fill in hidden fields dynamically, which server-side validation can check for. Scratchmedia provides an example of this hidden field solution, along with an alternative CAPTCHA if JavaScript is disabled.

Additional timestamp and session data checks can also be used to detect automated submissions. A recent discussion on Stack Overflow provides many examples and ideas about this, including the implementation of Hashcash, which is available as a WordPress plug-in. A jQuery tutorial explains a similar method and includes an interesting thought:

“Thieves know to look for stickers, dogs in the yard, lights on the exterior of a home, and other signs of a well-guarded house. They’re looking for high payoff with minimal work and risk.”

— Jack Born, Safer Contact Forms Without CAPTCHAs

The analogy suggests that, as with CAPTCHAs, the method used does not stop intruders so much as the presence of any hurdle at all. As mentioned, spammers currently have too many targets to bother searching for a back door.

Centralizing the User Base

With the rise of the social Web, many websites now allow users to register and interact with one another. Publishing to a third-party website was traditionally done either by registering a full-fledged account or by submitting totally anonymously, both of which methods leave the gate open to spam. In 2008, Facebook announced Facebook Connect, which provides websites and their users with an integrated platform that addresses this and other concerns. Twitter followed suit in 2009 with a similar service (“Sign in with Twitter�). Both of these services can be implemented on websites relatively easily, and they eliminate the need for registration and comment forms, which are accessible to robots.

So many websites offer social-networking integration that services like Janrain have popped up. Janrain provides an abstracted umbrella solution to ensure that websites are accessible through any account platform.

Smb2-janrainlogin in In Search Of The Perfect CAPTCHA
Mahalo provides social log-in functionality via Janrain.

Other services, such as the commenting platform Disqus, allow user interaction with built-in spam detection and user sign-in.

Less anonymity and more accountability make users think twice about the content they submit. It also enables human spammers to be detected and banned quickly across entire websites; remove one Facebook profile and the whole Facebook Connect network is safe from that account owner’s dastardly deeds.

Such services, of course, provoke heated debates about privacy, data protection and the like… but that’s for another article. As alternatives for preventing spam without CAPTCHAs while maintaining usability and accessibility, they have great potential.

Recording User Time Expenditure

Another rather simple method that can be implemented without annoying users is to distinguish between users and bots by measuring the time they take to fill out a contact form or compose a comment. By estimating the average time spent on a comment, one could define certain rules. For example, if a submission takes less than five seconds, which is virtually impossible for a human but just enough time for a bot to do its job, you could ask the user to try again. Jack Born’s tutorial on a slight variation of this concept for jQuery is worth a peek, since most users have JavaScript enabled. The whole endeavor is based on one crucial assumption: spammers prefer going after the easiest targets and will leave a website untouched if their initial attempt fails (although this can never be guaranteed).

The Perfect CAPTCHA

It would seem evident from years of use and research that CAPTCHAs are far from perfect as a solution. Remove spammers from the equation and we remove the need for CAPTCHAs entirely; this is the mentality we should be aiming for. The perfect CAPTCHA is no CAPTCHA at all.

The Rise of Humans

CAPTCHAs, by nature, function more by blocking spam than by detecting humans (which is their purpose). But they can’t do that when the spammer is not a computer. A better solution would be to remove the incentive to spam altogether. If we can reverse the trend and drive spam from being highly lucrative to being a net loss, then both automated and manual spam will become worthless.

One of the many dark arts of search engine optimization (SEO) is to artificially generate links to the website being “optimized.� Search engines consider inbound links a strong indicator of value. This can be abused, obviously, by posting worthless links on many websites (forums and comment forms are perfect for this). The SEO benefits are so worthwhile that automated spamming isn’t even required. The practice of enlisting cheap human labor is emerging. And CAPTCHAs are not designed to stop this.

We should accept the need for moderation and background detection. CAPTCHAs are a stop-gap solution at best, and are lazy and inaccessible at worst. Whether you choose to fight the good fight or simply put the interests of genuine users first, you have options.

Taking a Stand

If website owners work together to eliminate the incentives to spam, then spam will slowly wear away over time and eventually remove the need for CAPTCHAs. Is that too idealistic? Probably. In reality, we are likely to see a combination of technology and law dealing the death blow to spammers.

Google’s latest algorithm change has significantly demoted low-quality content farms (the effects of which are explained by Johannes Beus). Advances such as this will ultimately remove all incentives to game the system. However, if we website owners don’t evangelize and adopt alternative solutions, then we might just wake up to a world where CAPTCHAs are worthless and our websites are unmanageable.

Understanding the alternatives (whereby spam detection is silent to users) and implementing them on our clients’ websites is a good start. It’s a positive step toward usability and conversion rates (and clients will love that!). If users comment on your website, reward them with a simple experience. This can be done in several ways:

  • Moderation wherever possible
    Disallow certain content to be posted directly to your website, or allow it through maintained and verified account management. Better yet, use a service like Facebook Connect or Disqus; you’ll make things easier for both yourself and users.
  • CAPTCHA alternatives
    Try the honeypot method or another that is invisible to users. Some could potentially be bypassed, but their presence is often enough to thwart automated efforts.
  • Client-side detection
    This can work because, while there are simple workarounds, spammers won’t waste time (for now). Keyword and mouse interactions can be used to detect genuine user input. This option shouldn’t be used on its own but can add extra assurance.
  • Server-side spam detection
    Developers should focus on server-side spam detection that monitors users and flags unusual activity. Specialist services like Akismet are affordable and proven, but bespoke systems can be tailored to the nuances of your website.
  • Social moderation
    Move toward more sophisticated features that allow this. The simple act of voting content up and down can help to push spam away or flag it for deletion.

It seems clear, considering all the pros and cons of CAPTCHA, that the future lies in a system that is invisible to normal Web use. For now, using a CAPTCHA should be your last resort.

Further Reading

We express sincere gratitude to our Twitter followers and Facebook fans for their support and feedback in helping to prepare this article.

(al) (vf) (ik) (sp)


© dbushell for Smashing Magazine, 2011. | Permalink | Post a comment | Smashing Shop | Smashing Network | About Us
Post tags: ,


Bringing Interactivity To Your Website With Web Standards

Advertisement in Bringing Interactivity To Your Website With Web Standards
 in Bringing Interactivity To Your Website With Web Standards  in Bringing Interactivity To Your Website With Web Standards  in Bringing Interactivity To Your Website With Web Standards

Adding interactivity and animations to a design doesn’t have to be complicated or make the website inaccessible when you use modern Web standards. In this article, we’ll explore several examples and theories that employ CSS, HTML, SVG, the canvas element and JavaScript. Some of these techniques you’ll know, others you may not have considered. Let’s start with the basics.

1. HTML and JavaScript

Manipulating HTML with JavaScript is the most common method of adding interactivity to a website. But before you start using JavaScript, having a strong understanding of the CSS visual formatting model and box model is important. They are vital to making sense of how HTML elements can be manipulated visually. When you dynamically change the style of an HTML element, it will flow with and react to the rest of the document. Learning to anticipate and control what is affected can be difficult.

Using a JavaScript library such as jQuery can take the pain out of cross-browser support. jQuery also provides common functionality that makes interacting with HTML a quicker process. It’s necessary to learn the basics of JavaScript before looking at a library like jQuery, to ensure that you understand the fundamentals and therefore know how jQuery does something, not just what it does. The distinction here is key to being able to write your own JavaScript.

A Slideshow Example

The website for the Momento App has a horizontal-scrolling slideshow that presents new content when the user clicks left and right.

Itws-momentoapp11 in Bringing Interactivity To Your Website With Web Standards
Momento App has its own jQuery plug-in for the slideshow effect.

How It Works

The five slides are img elements wrapped in divs and positioned sequentially inside their containers:

<div id="tour_pages">
    <div id="tour_page_capture" class="tour_page">
		<img src="images/tour/capture.png" />
	</div>

    <div id="tour_page_import" class="tour_page loading">
    	<img src="images/tour/import.png" />
    </div>

    <div id="tour_page_browse" class="tour_page loading">
    	<img src="images/tour/browse.png" />
    </div>

    <div id="tour_page_read" class="tour_page loading">
    	<img src="images/tour/read.png" />
    </div>

    <div id="tour_page_protect" class="tour_page loading">
    	<img src="images/tour/protect.png" />
    </div>

</div>

<a id="tour_nav_previous" href="#">Previous</a>
<a id="tour_nav_next" href="#">Next</a>

The container tour_pages has a fixed height and width in the CSS. It also has the overflow property set to hidden.

#tour_pages {
    position: absolute;
    left: 0px;
    top: 116px;
    height: 420px;
    width: 940px;
    overflow: hidden;
}

You can see in the image below how the five slides are positioned to move inside their containers. A container will clip everything outside of its boundaries because of overflow: hidden. This creates what we can call a window or viewport effect.

Itws-momentoapp2 in Bringing Interactivity To Your Website With Web Standards
Showing the clipping frame and hidden elements.

This set-up can all be done with CSS and HTML alone. To create the interaction, we need to use JavaScript to move the slides when “Nextâ€� or “Previousâ€� are clicked. The JavaScript used by Momento is quite involved, so I’ll leave it as an exercise for the reader to inspect, but I hope this example provides a good illustration of how HTML elements are controlled while remaining part of the document structure.

When to Use JavaScript

In the Momento example, we can see how JavaScript is useful for controlling access to content. The hide and reveal technique in all its forms is useful for keeping visible content clean and enhancing the user experience.

The website is intended to sell a product, and this slideshow effect imparts a sense of quality, something that is more exciting than the norm. Interactive content like this works best for promotional content.

When Not to Use JavaScript

Interactivity can be a lot more engaging than static content, but it’s not always the most usable solution. Consider the following:

  • Will the user understand and expect the relevant action that occurs?
  • If content is hidden, will the user know how to access it?
  • Does the additional user input actually improve the overall experience?
  • Will the website be usable on all devices?

If you cannot justify the JavaScript against these questions, then you’d be wise to stay away. Be vigilant: ask yourself whether the extra eye-candy is really necessary.

Usable and accessible don’t just mean that a device is technically supported by the website. The website should be as easy to use as possible for all audiences—from young to old—and in all environments.

Further Reading

Interactivity and JavaScript are almost synonymous in Web design, but as we’ll see in the next example, JavaScript is not always necessary.

2. CSS3 Transitions

The CSS :hover pseudo-class allows for a style change when the user hovers over an element. Typically used on the <a> element for links, the change can provide visual feedback for the user. While not exactly revolutionary on its own, :hover can be used to great effect.

Designer Christoph Zillgens uses CSS3 transitions to enhance the hover effect. You can see the transition phases below:

Itws-transitions in Bringing Interactivity To Your Website With Web Standards
Three phases of the hover transition: default, transition and then hover.

How It’s Done

Inspecting the HTML doesn’t offer many clues. At a glance, we can see a normal link. This is perfect for semantic markup, but how do we create the transition?

<p class="category_link">
    <a href="http://christophzillgens.com/en/category/posts/">
        <span>View all Posts</span>
    </a>
</p>

The only unusual addition here is the extra span tag wrapping the text. The CSS reveals the secret. Let’s take a look (some styles have been omitted below for readability):

.category_link a {
    display:block;
    background:rgba(0,0,0,.05) url(img/big_icons.png) 10px 10px no-repeat;
}
.category_link a:hover {
    background-color:rgba(180,70,30,.7);
    -webkit-transition:background-color .4s ease;
}
.category_link a span {
    position:relative;
    top:150px;
    opacity:0;
    -webkit-transition:all .3s ease-in-out;
}
.category_link a:hover span {
    top:130px;
    opacity:1;
}

We can see in the HTML and CSS that both the a and span are converted to block-level elements to allow for positioning and sizing. They are styled in two states, default and hover (A and C in the image above).

By default, the span starts of with an opacity of 0 and at 150 pixels from the top. On hover, the span is fully visible and 130 pixels from the top. The anchor has a simple background color change between A and C.

At this stage, the hover effect jumps from default to the hover state instantly. This works fine for older browsers, but with CSS3 transitions we can create a silky-smooth animation between the two points.

Adding the Transition

We now have a start point and end point for our hover effect. To create the intermediate transition, we can use the transition property (defined here) with a format like this:

transition: [transition-property] [transition-duration] [transition-timing-function]

In the default span style, the transition property was added like so:

-webkit-transition:all .3s ease-in-out;

This means that whenever the default style is applied, the span will transition between its current style and the default style. In this case, all CSS properties are affected, and the transition is triggered by the mouse hover. If we want to transition a single property, like the background-color of the anchor, we can do this, too:

-webkit-transition:background-color .4s ease;

Creating hover transitions is as simple as specifying the default and hover states with CSS and then letting the transition property animate any changes between the two.

When CSS Transitions Work

Using the transition property with :hover is a very handy technique that bypasses JavaScript entirely. Removing this extra dependancy can save time and space.

That said, transitions are also triggered by dynamic HTML changes using JavaScript. If you’re used to toggling classes with JavaScript to change styles, then why not see what difference a transition or two can have?

You’ll notice that this example uses the -webkit- vendor-specific property for Safari and Chrome, but transitions are also supported in Opera using the -o- prefix and the new Firefox 4 beta with -moz-.

The good news for graceful degradation fans is that older browsers (i.e. Internet Explorer) ignore the transition and apply the style change immediately. This means you’ll rarely find a situation in which using transitions degrades functionality.

Other Examples

Here are a few more websites whose use of CSS transitions is noteworthy:

  • When using hover, the affected elements don’t always need to sit inside the same container. Love Nonsense makes use of the adjacent sibling selectors to trigger transitions.
  • Simurai demonstrates a combination of transitions and transforms to create a complex experimental toggle button using nothing but CSS and HTML.
  • The :hover is not the only trigger for transitions. Neal Grosskopf’s CSS-only lightbox demonstrates the use of the :target pseudo-class.

Further Reading

Here is a selection of in-depth articles that cover the nuances of CSS transitions:

3. Animations With SVG

Hover effects work well for links but can be confusing when triggered unexpectedly on other elements. They’re also less accessible on touchscreen devices. Adding interactivity when the user clicks is usually very useful because it provides feedback to the user, and sometimes it just feels more intuitive.

Get Satisfaction uses a clever technique to showcase 12 different testimonials. In this example, the company makes use of scalable vector graphics (SVG) to aid with the animation.

Getsatisfaction in Bringing Interactivity To Your Website With Web Standards
The “Wheel of Satisfaction� animates an SVG image.

Part of the HTML for this wheel looks like this:

<div id="wheel-logos">
    <svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="1003" height="315">
        <image x="91" y="-505" width="820" height="820"
        preserveAspectRatio="none"         href="sites/all/themes/getsatisfaction/images/wheel_logos.png"
        transform="rotate(3600 501 -95)"></image>
    </svg>
</div>

You can see above that the wheel image is contained within an svg element. SVG is an XML-based standard and can be written inline in HTML. SVG is particularly useful because images in SVG can have a transform attribute, allowing for rotation, scaling and skewing (unlike normal HTML img tags).

To create and animate the wheel, Get Satisfaction used a library called Raphaël with jQuery:

var R = Raphael("wheel-logos", 1003, 315);
var logos = R.image(src, 91, -505, 820, 820);
$("#wheel-spin-btn, #wheel-controls .spin").click(function(e) {
    if (status != "animating") {
        num = Math.floor(Math.random()*(items-1)+1),
        angle += (num+items)*rotate;
        logos.animate({rotation: angle}, 3000, "<>", reorderLinks(3000));
    }
    e.preventDefault();
});

In the JavaScript above, jQuery binds the click event to the spin button. When the button is clicked, Raphaël’s animate() function is called to rotate the image. If you open the Firebug extension in Firefox, you can see the SVG image’s transform attribute update live as it spins:

Code-transform in Bringing Interactivity To Your Website With Web Standards

True SVG Animation

As we’ve seen above, SVG can be manipulated with JavaScript just like HTML. But did you know that SVG has its own animation properties? It’s in the SVG specification, but we rarely see it used. Here’s an example element from the W3C draft:

<rect>
    <animate attributeType="CSS" attributeName="opacity" from="1" to="0" dur="5s" repeatCount="indefinite" />
</rect>

SVG can even contain ECMAScript (which is the standardized scripting language on which JavaScript is based) to add interactivity inside. For more information on this usage, I’d suggest starting with Peter Collingridge’s article “Mouseover Effects in SVGs.â€�

When to Use SVG

Always consider the pros and cons of any technology. The most logical solution is not necessarily the easiest to implement. SVG provides an alternative graphics environment that may make animation a piece of cake in some situations. The scalable nature of SVG also provides obvious benefits over fixed-sized raster images.

The reason we rarely see SVG used is that Internet Explorer (below version 9) has no support for it. But not all is lost! The Raphaël library that Get Satisfaction uses automatically substitutes SVG for VML (vector markup language), which IE can understand.

Further Reading

Scalable vector graphics are a relatively untapped resource in the Web designer’s toolkit. Here are more articles to get your creativity flowing:

4. Animations With Canvas

The CSS transitions that we examined above can alter any number of properties to create a lot of visual effects, but ultimately they’re still limited to CSS styles and fixed-length transitions. Is there a way to create more advanced animations?

Google’s Chrome OS features page demonstrates a hover effect that has continuous animation:

Googlechromeos in Bringing Interactivity To Your Website With Web Standards
Chrome features: each icon animates on hover.

To find out how this works, let’s start by looking at the HTML again:

<a href="features-speed.html">
    <canvas class="c1" height="150" id="canvas-uuid-1" onmouseout="javascript:hideBadge(0)" onmouseover="javascript:showBadge(0);" width="150" style="cursor: default; ">
        <img alt="" src="static/images/features-speedicon.png">
    </canvas>
 /a>

Here we have an a link that contains a canvas element (which itself contains an image). For browsers that do not support canvas, the image serves as a fallback—who said supporting IE6 was hard!

We can also see that the onmouseover and onmouseout attributes are set to trigger JavaScript functions named hideBadge() and showBadge(). This creates a behavior similar to that of the CSS :hover pseudo-class we saw in our second example.

Google’s JavaScript for controlling this is fairly extensive, but it’s basically drawing a series of SVG images onto the canvas to create the animation.

Goolechromeosassets in Bringing Interactivity To Your Website With Web Standards
The individual SVG assets for the canvas animation.

If you want to learn more about animating with canvas, then take a look at the Canvas Animation Kit Experiment (CAKE), the JavaScript library that Google uses to animate its hover effects.

How Useful Is Canvas?

Canvas is a very flexible HTML element for creating scriptable graphics and is by far the most powerful solution for interactivity and animation. By assigning similar effects to actions like click and hover with JavaScript, we can give the user a visual treat, unrestricted by the scope of HTML and CSS.

The downside? Google’s example isn’t very accessible, and the fact that the content in the canvas element is generated dynamically is a real issue. Search engines will have a hard time seeing your canvas content, and more importantly, assistive technology such as screen readers will struggle as well.

If you want to display content with the canvas element, then providing the same content in an alternate and accessible format would be considerate. Canvas is probably best used to display more visual data such as graphs, charts and diagrams. These are situations in which the content can be isolated and presented in a way that’s easier to understand.

Further Reading

A Note On Adobe Flash

Saving the best for last (well, you never would have gotten this far if I’d put this first), we have the powerhouse that is Adobe Flash. Flash is not a Web standard, but it is used extensively across the Web.

Adobe Flash provides a sandbox to create interactive content using ActionScript. ActionScript 3 shares the same ECMAScript roots as JavaScript, so learning one after the other is a relatively easy move. The problem is that Flash is a proprietary plug-in and not an open Web standard. Admittedly, it can be a lot more powerful and, in some cases (like with video), may be the only appropriate solution at present.

However, always weigh up arguments for and against Flash. You’d be amazed at what’s possible with modern standards. That said, despite the negative opinion of many Web designers and developers, Flash is still a commercially viable option. But this is becoming more and more debatable as standards progress.

To Summarize

We’ve seen some great examples of what can be achieved with Web standards today.

Here are a few points to remember:

  • HTML can be manipulated directly with JavaScript.
  • The CSS :hover pseudo-class and transition property can be combined to create a wide variety of hover effects.
  • Images can be contained within inline SVG, providing a simple way to transform them beyond the limitations of HTML and CSS.
  • canvas and JavaScript provide the most powerful (but a less accessible) solution for interactivity and animation.

These techniques can bring a website to life and enhance the user experience. But they also have the potential to make a website look like a hangover from the DHTML era. There’s no accounting for taste, so use it with care. Always focus on the accessibility of content and on user experience over eye-candy.

One Last Thought

When are JavaScript libraries required? We’ve already seen examples of canvas and SVG in which they’re used. JavaScript libraries aim to provide common functionality in order to drastically reduce implementation time. But using them for a single function can create a hefty load. Get Satisfaction uses the Raphaël library only once to manipulate the SVG image rotation. Could this have been done without Raphaël?

The answer is yes… but it’s not that simple. Browsers such as Internet Explorer don’t support SVG, and Raphaël uses VML instead. Careful research is required before rolling your own solution. It may be more difficult than you initially suspect.

There are libraries such as Modernizr in which individual functions can be isolated as required very easily, so that is always worth considering. With the new Modernizr beta preview, the situation has been recognized, and Modernizr now provides a completely custom library for your particular requirements.

(al)


© dbushell for Smashing Magazine, 2011. | Permalink | Post a comment | Smashing Shop | Smashing Network | About Us
Post tags:


  •   
  • Copyright © 1996-2010 BlogmyQuery - BMQ. All rights reserved.
    iDream theme by Templates Next | Powered by WordPress