Encouraging Better Practices

I’ve got a problem, and I’m not sure how to address it. If you’ve got ideas then I’d love to hear, but mainly I think I just need to rant and whine a little. ;-)

I’m trying to find ways to improve public choices in topics such as accessibility, redaction, security, and user-experience. People get hurt, unnecessarily. But it’s a hard thing to solve.

Here are some recent examples:

  • Redaction: “Redaction” means to remove information from a document. This is an old problem, but we still see fresh cases like Facebook’s $6 billion redaction error (which was done with non-Adobe PDF creation tools). Adobe can publish instructions on best-practices, but we can’t force people to follow them… even if we could, it might seem a little creepy for us to do so. How can we help people use PDF and other technologies in ways that would benefit them? Hard problem.
  • Accessibility: Last month WebAIM published a study with the troubling pullquote “71.5% of screen reader users reported that Flash is difficult”. I don’t put much faith in the study as it’s worded — any video would likely be “difficult” to turn into a stream of spoken text — and using the word “accessibility” as a synonym for “text-enabled” misses the wider issues implied by accessibility as a whole (language differences, cognition differences, emotional vs abstract communication, etc). As the continuing conversation at Adobe Accessibility blog points out, authoring tools can make certain choices default choices, but the implementor still needs to pay attention to diverse needs. How to make rich-experiences easier to experience as text-only? This too is a hard problem.
  • Security: It is, unfortunately, very easy to make insecure projects, even with secure tooling. HTML injection, cross-site permissions, third-party content and more… all require a lot of learning before they can be successfully avoided. Aftermarket tools such as IBM Rational AppScan can help, as can studying best-practices guides. I’d like to see Adobe make secure-authoring much easier, but I’m not sure how to best bring this about. Another hard problem.
  • Installation: A disheartening note this week… the Koobface exploit has re-appeared on Facebook. In this, some untrustworthy third-party content is included in a trusted webpage, throwing up a dialog which urges an installation of something calling itself “Adobe Flash Player” — another case of software impersonation. Even though mainstream reporters urge people to get their updates from legitimate sources, so long as ad-networks and social-sites cannot vet the content they broker, it seems like more consumers will be exposed to such exploits. Hard, hard, hard.

During early Flash days, some of us joked about putting an Easter Egg in the tool to detect the typing of “Skip Intro” and pop up a little dialog box asking “Are you *sure* you want to do that? Try this link for alternatives.”

Even back during earlier Adobe days, audiences complained about designers going too wild with filters and channel operations, and back before that the “ransom note” style of Desktop Publishing could be seen as something that an authoring tool might be able to mitigate. I’ve got mixed feelings about toolmakers injecting “taste controls” into tooling, but this seems one of the few choices we have to improve such hard situations.

All of us have a stake in bad usage… lingering doubts about security or search-engine results or whatever do add up, and make a difference in our daily lives. It would be useful if Adobe could help improve designers’ appropriateness. But even just typing that phrase, my stomach snarls in ambivalence… it’s a very narrow road to walk between suggesting improvements and preaching on taste.

Anyway, that’s my rant, thanks for listening. ;-) If you’ve got thoughts, perspectives on this whole set of issues, I’d be interested in hearing, thanks.