I just came across a mind-boggling “ghost in the machine” style problem in Firefox: if you use window.sun or function sun() in JavaScript you effectively start the Java VM. As explained in this article on doctype

There are a few “magic” properties on Mozilla’s DOMWindow interface for supporting LiveConnect that will initialize the Java plugin and all the baggage that comes with it (which, with modern Java plugins, means launching java.exe as a subprocess). Looking up these properties on the window object is all it takes.

Other properties to avoid are:

• java
• Packages
• netscape
• sun
• JavaClass
• JavaArray
• JavaMember

So if you want to make sure that the performance of your webapp doesn’t go down the tubes makes sure you avoid any of these.

Things that made me happy this morning:

• Working for Lego is every kid’s dream. If you look at their ‘business cards’ you know why
• Matt Snider has information about an Apache Ant script to consolidate CSS and JavaScript in a build process – seems to be loosely connected with the work Julien Lecomte has done on the same subject
• When Mitch Haile builds his own office he doesn’t do things half-way. His office setup is impressive and bordering on the mental.
• Jane Finette of Mozilla released their community marketing guide
• The Nosh brothers have great etiquette advice what to do when someone dies during your dinner
• shlomo has a sobering thought about our lives being both empowering and pitiful

One thing that drives me up the wall is the inertia that happens in the accessibility world. We do our best to keep the web development world aware of accessibility concerns but in the other direction I just don’t see much drive to even understand the basic principles of web design.

My favourite example is the question that crops up almost every 3 weeks on different communication channels:

The WCAG guidelines state that every image needs alternative text but we are using CSS background images a lot [Ed: sometimes this question is also about CSS sprites] – how do you define alternative text for background images?

OK, here is the scoop, people:

CSS background images which are by definition only of aesthetic value – not visual content of the document itself. If you need to put an image in the page that has meaning then use an IMG element and give it an alternative text in the alt attribute. You can also add a title attribute to add extra information that will be displayed to every user as a tooltip. If your image has a lot of content (for example a graph) then consider using the longdesc attribute to link to a textual representation of the same data or display the same data for example as a data table in the same document.

That is it – images in CSS are only visual extras, not page content, hence they never need alternative text. “Rounded corner” or “blue-yellow gradient” does not help anybody as alternative text – on the contrary, it annoys the end users.

It is not rocket science, really!

Things that made me happy this morning:

• Christopher Blizzard of Mozilla showing off a motion tracking example in pure JavaScript – just imagine the opportunities for interfaces. Move forward and backward in a playlist or carousel by moving your hand in front of the screen!
• A good roundup of Firebug tricks and use cases
• Marco’s article ‘The death of web development’ as an answer to my recent article on Thinkvitamin
• Teacher Xpress is a great example how amazingly clever AI technology can produce interfaces that totally overwhelm HI and make us go “what?”
• Some nice and cheeky ads
• Moo.com opening a US office – I love them cows!
• Stephanie Troeth merging the old MACCAWS content and my Wiki on the business reasons for web standards
• Dustin Wilson going apeshitgetting annoyed with new Safari features being heralded as innovation but really being used in Opera for quite a while – first come is not always best delivered or reaching the right people.

Following my talk on web application security at the Web Directions North I had a lot of questions on PHP security and I have to admit I am OK but not an expert on the matter. Luckily enough there are experts I rely on and if you are in London next Tuesday you can go and see them give a talk for free!

In the second in the series of “YDN Tuesday” monthly events, Jose Palazon, Yahoo’s mobile security expert, will be talking about PHP Security.

The venue is Skills Matter Limited at 1 Sekforde Street, EC1R 0BE
London, England.

Jose will be presenting a series of demos on how to exploit and prevent the most popular security flaws in web applications, such as SQL and blind SQL Injections, Cross Site Scripting, file uploads, file handling functions, global variables and, favorite of them all, programmers ingenuity!

YDN Tuesdays are tech talks held on the first Tuesday of every month at Skills Matter’s London offices. The events are FREE, but you need to sign up for them at Skills Matter’s website.