September 01, 2010
Adrian Sutton — The Email and P Myth
One of the greatest frustrations for anyone who develops an HTML editor is the constant supply of people who are convinced they want to use BR tags instead of P tags. Most of these are just people who don’t want “double spacing” and they’re happy once you give them the magical CSS incantation:
p {
margin-top: 0;
margin-bottom: 0;
}
The other group however are people writing HTML emails who insist that P tags are completely incompatible with some email clients and cause rendering problems. At one point it seems that Yahoo! Mail really did strip them entirely but now it just applies a different default CSS styling (ironically, the magical CSS above that removes the extra spacing). So if you naively use P without specifying the padding you want, some clients will display a blank line between paragraphs, others, notably Yahoo!, will push all the lines immediately under each other. The solution is of course the opposite magical CSS incantation:
p {
margin-top: 0;
margin-bottom: 1em;
}
Solved right? Nope. This runs straight into the where the heck do I define styles? problem. In HTML, it should be:
<html>
<head>
<style>
p {
margin-top: 0;
margin-bottom: 1em;
}
</style>
</head>
<body>
…
</body>
</html>
However while this works in some clients, it has no effect in most. Instead, the common wisdom is to move the style tag into the body tag:
<html>
<head>
</head>
<body>
<style>
p {
margin-top: 0;
margin-bottom: 1em;
}
</style>
…
</body>
</html>
Which works almost everywhere. Enter GMail. GMail never respects the style tag, only inline styles. So now you need to write your paragraphs as:
<p style=”margin-top: 0; margin-bottom: 1em;”>…</p>
Thankfully you can use the margin shorthand if you know what you want the left and right margins to be as well:
<p style=”margin: 0 0 1em 0;”>…</p>
I would strongly recommend using embedded styles while editing and then just use post processing to inline all the styles – Premailer can do that for you.
As far as I can tell, there is no need to avoid P tags in email anymore and sampling a number of emails from various clients that happened to be in my inbox, they turned out to appear in emails from a few different clients though that’s far from scientific and it was still intermingled with a lot of <br> and <div><br></div> hacks. I would be very keen to hear from anyone who knows of an email client that cannot be made to render P tags correctly.
With a bit of luck we may be able to start moving away from the horrific abuses of <br> tags…
Adrian Sutton — The Demise of Wave
I had written up a long, comprehensive and timely set of thoughts about what went wrong with Google Wave, but WordPress ate it so you’ll have to take my word that it was awesome and instead put up with this rather late and significantly shorter thought.
There are lots of opinions around about why Wave failed, and they show that it was a combination of a lot of factors from poor UI, inexplicable purpose, unreliability and simply combining too many technologies that didn’t always fit (e.g. people don’t always want what they type to be shared immediately but real time collaboration was forced on them). Certainly I experienced most of those downsides, but the thing that really drove me crazy about Wave was it’s primitive support for notifications.
The people I was trying to follow on Wave were mostly on the other side of the world, so most of the time I wasn’t collaborating with them in real time, I was trying to come along afterward and keep up with the changes. Initially that meant logging into Wave and trawling through every wave to see if anything was new and later email notification widgets came in then built-in email notifications. Even with the email notifications though, it would tell me that something changed, but it was way too difficult to find out what changed. I’d have to log back into Wave and try to rewind and replay the activity in the wave, which meant living through all the intermittent changes and most of the time it just didn’t work at all.
What I really needed was a clearly highlighted diff included right in the email notification (or via RSS/Atom). I didn’t care how many different individual edits had been made, I just wanted to know what was different between the last time I saw the wave and now.
It’s not the first service I’ve seen suffer from the lack of notification problem – it’s a surprisingly common oversight, but it’s crucially important to success. If you lack good notifications you’re depending on the user seeing enough value on their very first visit to start coming back regularly so they see the changes and keep interacting with the system. With good notifications, users have a much better chance of seeing the value proposition because the system keeps reaching out to them with useful, valuable information. Just sending lots of email doesn’t work – that diminishes the value, it has to really give them an idea of what’s been changing.
The two best examples I’ve seen of this are Dopplr which has a million different ways to continuously view what’s going on without actually going to the site and Facebook which sends very effective email notifications, although the default settings are overly noisy for my tastes they have good controls to limit it to precisely what is useful. Twitter is also very good.
Advertising driven sites may make their money by increasing page views, but ultimately allowing users to keep up with what’s happening without coming to the site itself is a far more effective way to get them hooked on the service and keep them using it.
Greg Black — Gmail Priority Inbox
After wrestling with various Gmail extensions with similar aims, I was pleased to hear about the new Gmail Priority Inbox which I have now turned on for my Gmail. I don't think they have it quite right yet, but I expect it will evolve over the next few months and that it might just become so useful that I end up feeling that I did the right thing moving all my email to Gmail.I’d be interested to see what other people think about this feature as they try it out.
August 27, 2010
Ben Martin — Yubikeys and KDEs
The yubikey is a small usb flash drive like device which can generate a one time password on demand. When it does this it inputs it as though it were a usb keyboard. You can set your own keys on the device and authenticate yourself locally using OTPs which is useful as well as cool.A little series of hurdles later and I have the key unlocking KDE4. Some of the issues you are likely to see are that /etc/yubikey needs to be +rw by whatever is trying to use it. So making a yubifoo group and setting /sbin/yk_chkpwd to be setuid that group can be a plus. The biggest problem I had was trying to get the YubiPAM module to unlock KDE. It turns out that it was getting the user name and sending that to a child yk_chkpwd to verify instead of sending the current auth token.
To fix it, you might like to mangle pam_sm_authenticate() to use the following to get the authtok and send it through as the one time password for verification...
const char *prompt = 0;
const char *authtok;
int rc = pam_get_authtok( pamh, PAM_AUTHTOK, &authtok, prompt );
if( rc == PAM_SUCCESS )
{
otp = authtok;
}
REMOVE these two lines which don't seem to work
otp = get_response(pamh, "Yubikey OTP: ", verbose_otp);
retval = pam_set_item(pamh, PAM_AUTHTOK, otp);
With this in place and the normal line in /etc/pam.d/kscreensaver:
auth sufficient pam_yubikey.so
the key should unlock you, or a regular password too. If you want two phase then it is easy to hack that into pam_sm_authenticate() looking for a pin prefix inside the authtok. Breaks the rules of module stacking in PAM, but works as they say.
To setup an offline aes key, make one somehow and use
ykpersonalize -o fixed=$modhexwhatever -a $aes_key_here \
-o -static-ticket -o -strong-pw1 -o -strong-pw2 \
-o -man-update
ykpasswd -d $my_user_name
ykpasswd -a $my_user_name -k $aes_key_here \
-f $modhexwhatever \
-o OTP
ykvalidate -u $my_user_name OTP
where OTP indicates a tap of the yubikey.
You can also get a layer down from ykvalidate using
echo -n OTP | /sbin/yk_chkpwd $my_user_name
There are other groovy scripts around to lock the screen when the yubikey is removed from the machine which might be a nice next step... now that it actually works to *un*lock.
August 25, 2010
Greg Black — Giving Chrome Another Chance
Back in February, I reported my intention to try Chrome as a replacement for Firefox. A week later, although most parts of the experiment went well, I reported that Chrome was useless for printing in Australia (or anywhere that uses A4 paper).That was a blow, but I hoped that Google—despite their complete contempt for bug reports from their users—might one day rectify this issue. Naturally, when they did fix it, they did not announce that in any place that was useful to me and so I discovered the fix by accident. If I was cynical, I might even think they had fixed it by accident. But I won’t go there.
At any rate, now that Chrome appears to be able to do almost all the things I need, I’m going to drop Firefox again and see if I can manage with just Chrome. That’s where I’ll find out if “almost all” might really be “all”—if Chrome can manage with 12 windows and 180 tabs open, which is what I currently have going on this desktop. In fact, if it’s at least only half as clunky and slow as Firefox, that will be wonderful.
