IIS Outbound Rules with gzip compression by JAN REILINK
Saotn.org uses used URL Rewrite Outbound Rules in IIS, to offload content from a different server and/or host name. This should improve website performance. Just recently I noticed Outbound Rules conflicted with gzip compressed content. I started noticing HTTP 500 error messages: Outbound rewrite rules cannot be applied when the content of the HTTP response is encoded ("gzip").. Here is how to fix that error. …

An Introduction to Block-Based Homepages with the Genesis Framework by Carrie Dils
StudioPress just released Revolution Pro, the first Genesis child theme to sport a block-based homepage. In this tutorial, you'll learn how to create one.

Speaking from experience, I know exactly what Carrie is talking about when it comes to widgets being a poor choice, (although the only available one), for homepage layouts. I’ve done more than my fair share of theme customizations and often times those customizations meant hiring someone to redo the CSS. I, for one, will be over the moon when I can fully use Gutenberg and take advantage of block-based homepages.

The practical value of semantic HTML by Bruce Lawson
It has come to my attention that many in the web standards gang are feeling grumpy about some Full Stack Developers’ lack of deep knowledge about HTML.

It’s easy to get cranky when semantic HTML is ignored by developers, and that’s usually my cue to quit for the day if possible. This is probably the funniest take I’ve read on the subject of HTML, and I kind of want to steal and modify slightly that footer text and use it on my personal site. This post is also written in a way that allows you to steal the points and add them to your notebook if you’re into that sort of thing.

Blindness Charities And Money, Part 1: The Aggregation by Chris Hofstader
many of the biggest blindness organizations are sitting atop a mountain of cash while spending relatively little on programs for the people they state they are helping.

I would encourage every blind person in the strongest possible terms to read the most recent article by Chris Hofstader and download the data. I would especially encourage the blind people who has been contracted by any of these organizations to do things like build websites or write software to read through this data and then make decisions with regard to whether or not you’re going to work with these organizations and how you are going to price your services based on this data and not the sob stories or excuses provided by these organizations when they plead lack of budget coupled with great need for your services. It’s one thing to suspect they’re screwing you over with no proof. It’s a very different, and bigger, ball of wax to know that they are screwing you over, have proof of it, and then contrast that with the “have a large impact”, “make a difference”, “help the cause”, “we’ll send you referals” kind of language that is so often used when they pitch for things like websites or apps. I will not only be reading through this data myself, but also passing this on to any blind person who has been my student, formally or otherwise, when it comes to WordPress.

Improving user experience with links, notifications, and Webmentions by Chris Aldrich
Use & publish visible data for humans first, machines second. Hiding @, #, and other cruft in links that send webmentions.

I didn’t realize Twitter highlights all that information. I agree. Get rid of all of it. That’s got to be a horrible reading experience.

Democratize Publishing, Revisited by Matt
For many years, my definition of “Democratize Publishing” has been simply to help make the web a more open place. That foundation begins with the software itself, as outlined by the Four Freedoms: ... In 2018, the mission of “Democratize Publishing” to me means that people of all backgrounds, interests, and abilities should be able to access Free-as-in-speech software that empowers them to express themselves on the open web and to own their content.

Matt Mullenweg has taken the time to introspect and revisit his working definition of democratizing publishing to specifically include people of all backgrounds, interests, and abilities, and I think this is worthy of note. Not only that, I think it’s a significant step that earns him a not insignificant amount of credit. It’s a necessary step that helps lay the foundation for a more accessible WordPress, a more accessible editor for WordPress, and a more accessible web going forward. Granted, words are not action. But this, coupled with Matt’s pledge to fund the remainder of the WPCampus crowdfunding effort for a full accessibility audit of Gutenberg, by way of Automattic, (provided that pledge is fulfilled), gives me reason to be cautiously optimistic regarding Matt’s participation in the effort to make WordPress and its new editor accessible to everyone. So, thank you Matt for your demonstrated willingness to revisit the core idea behind WordPress and as a result of that thought process to make a necessary course correction. It hasn’t gone unnoticed.

Bridgy Stats Update by Nicolas Hoizey
I’ve been using Brid.gy since I started using Webmentions on this site, to get mentions from silos (Twitter mostly) back to the contents. This is an awesome service.

I couldn’t agree more that Bridgy is an awesome service, and I like watching the stats climb. I’m about to add two more unique domains to start sending webmentions and collecting responses. I also need to start backing Indieweb every month, or at least one-time donations when I can afford to, since I get so much value out of it personally and professionally. I would love to see native webmention support and native collection of responses and reactions in WordPress core, instead of as plugins. It needs to be as easy as possible for anyone to adopt and become part of the indieweb so that people have a real choice when it comes to freeing themselves from platforms like Facebook and Twitter and the like.

GitHub Free users now get unlimited private repositories
If you’re a GitHub user, but you don’t pay, this is a good week. Historically, GitHub always offered free accounts but the caveat was that your code had to be public. To get private repositories, you had to pay. Starting tomorrow, that limitation is gone. Free GitHub users now get unlimited private repositories.

I think this is over all a good thing, although I’m hesitant to take this as some sort of goodwill sign from Microsoft. I find that it’s easier to deal with the disappointment that inevitably arises when platforms remove or limit features if one keeps in mind that these are business decisions and nothing more. Plus, honestly, I still don’t trust Microsoft when it comes to free/open source software. Their newfound love for open source hasn’t been around long enough to erase their very long history of having an anti-open-source stance. This article opines that most developers have come to terms with Microsoft’s Github acquisition. Well of course we have. Most of us use Github either for our own projects or for projects we contribute to, and it’s easier to just come to terms than it is to spin up decentralized operations and move everything over to those. Decentralized is the better approach, although I think managing the social aspects of software contribution is still a hurtle. I need to look into this more.

Tech Ethics New Year’s Resolution: Don’t Build Software You Will Regret by Jennifer Riggins
we should be working not just to pay the bills, but to make sure we don’t create software that we will one day regret.

In the web accessibility space, we talk a lot about how everyone has a role to play when it comes to accessibility. We’ve been talking about this for a very long time, and I’m glad to see the idea that when it comes to cross-disciplinary things like ethics, it’s not just one person’s responsibility. Accessibility, at its core, is an ethics issue, and I think that, just as accessibility as a part needs a good business case to support it, tech ethics as a whole will need that too. Right now we’re still in the beginning stages of considering tech ethics as a whole, so we’re not to the part yet where the business case for it, or even the general idea of a business case, is being considered. But I suspect we’ll get there soon enough.

New 5.0 Target Date
Based on the stability, testing, and reports on the release candidates for WordPress 5.0 so far, we are now targeting Thursday December 6th for public release and announcement. 5.0.1 will open for commits soon, and will be an area people can choose to focus on at the contributor day at WordCamp US ...

For those of you who are reading this in your inbox, the context for this post is the recently-published, (as in yesterday), target release date for WordPress 5.0, which rolls out the new Gutenberg editor. I’d like to say I’m surprised by this, but I’m just not. I find myself asking a few questions: First, I find it very difficult to believe that a piece of software that is being released with known, significant issues, (up to and including significant accessibility issues, and no, that doesn’t just apply to assistive technology users), can be declared stable enough for release. Accessibility problems, just by themselves, are bugs. Well, they are if you claim to consider accessibility a priority. Next, if the plan was to release the Thursday before WordCamp US, (and I have to concur with those who believe it has been), what was the point of all those one-on-one office hours? How is anyone in the WordPress community supposed to believe that Matt is dealing in good faith when he has apparently convinced himself of the superiority of his own definition of quality and stability, and that his cause is so right and so perfect that it’s worth literally sneaking a major release out the door while everyone is traveling to WordCamp US? I am not opposed to the concept of Gutenberg, and I never have been. I know the current editor is not perfect, and that it can be improved. But this whole thing wreaks of fanaticism, arrogance, dishonesty, a complete disregard for any standard definitions of quality control, (there’s no way, absolutely none, that enough time for actual testing, complete with stress cases, could have been performed between RC 2 and RC 3, and that’s not even counting RC 1), a complete disregard for those of us who work with WordPress users outside of what is apparently a hermetically sealed bubble of perfection in which Matt lives, and the day-to-day experience that has informed our comments since day one, along with a healthy dose of hope as a strategy when it comes to Gutenberg. The question and answer session at this weekend’s State of the Word address is going to get interesting, as is the dev chat this Wednesday.

Prototypes and production
Don’t build prototypes with a production mindset. Don’t release prototype code into production.

I don’t think I’m too far off base to suggest that so many of the problems we face on the web could be avoided if the prototype mindset discussed in this article were limited to the prototype phase by developers and designers, and kept completely separate from the production process.

XSS in hidden input fields
At PortSwigger, we regularly run pre-release builds of Burp Suite against an internal testbed of popular web applications to make sure it's behaving properly. Whilst doing this recently, Liam found a

I can absolutely see a case where users would interact, and and therefore become vulnerable to this exploit: Keyboard-only users, screen reader users, and speech recognition users. So this might be worth looking into, especially if you’re adding a ton of keyboard shortcuts to your app and calling it an accessibility improvement.

( )

This is a good read regarding the event-stream ongoing saga, and I agree with it, but I also have some things to add to it. For those of you who may not be familiar, (non-developers), event-stream was pulled from Node Package Manager, (something that gets used pretty frequently when building software in order to manage dependencies, otherwise known as other code bits you need in order to run/build your code bit), because it relied on another package which was found to have vulnerabilities. It was then handed over to someone else, who promptly added a cryptocurrency iner to it, at which point the internets freaked out. Frankly I don’t completely blame the new maintainer for adding the cryptocurrency miner. There are very large corporations who have no problem using open source software for their benefit, all while not supporting the maintainers. See for example: Apple and Microsoft. And if you can’t be relied on to hit that donate button, well then we’ll just use your processing power because eating habbits need to be supported. I’d like to add to the post I’m linking to though that, while I think code does need to be simpler and thus easier to understand, I also think maybe we need to simplify our build processes. But back to the “understanding” point, reading code is a learned skill, and I think to a certain extent it’s on the users, (and in this case the users are developers), to learn how to read code. As much as I’d like code to be simpler, outside of everyone who writes code taking courses/reading books on best practice and then applying all that, I don’t see this happening.