Accessibility is Everything

At MagnoliaJS 2023, Chris DeMars posed the question: who is disabled?

In the context of his talk, it followed that his response was such: “Everyone.”

Talking about the accessbility (a11y) of the Internet means creating an interet accessible to everyone.

Who has the possibility of being disabled, at some point in their life?

Everyone

In the realm of code and pixels, we unfold, A tale of “everyone,” both young and old. In digital waves, a journey we start, Accessibility’s essence, a work of art.

For every user in the vast cyber sea, “Everyone” must navigate, swift and free. A symphony of code, a crafted blend, Where inclusivity is our guiding friend.

Not just the agile, nor the keen of sight, But every soul, in the web’s vast light. In lines of code, a chorus must swell, “Everyone” embraced, in each parallel.

For those with vision, clear and bright, Or those who navigate the web at night, The door to information, open wide, “Everyone” should find it, side by side.

In digital echoes, a chorus resounds, Through keyboard strokes, inclusion abounds. For those who hear and those who touch, A symphony of empathy, oh how much!

To surf the web with ease and grace, “Everyone” must find their rightful space. No barriers strong, no walls so high, In the language of code, let empathy fly.

Crafting lines of code, we weave, “Everyone” as the common motif. In alt text whispers, and ARIA’s song, Inclusion’s chorus, enduring and strong.

For “everyone” transcends the word’s mere rhyme, The heartbeat of a digital paradigm. Let progress rhyme in every line, Accessibility’s eternal chime.

Written by ChatGPT 27 November 2023

Check Out “Accessibility in the Enterprise: The Relationship between A11y and ROI” by Chris DeMars

You can watch his entire talk on YouTube and the link provided here takes you to the beginning of his talk.

Someone please hire Chris.

MagnoliaJS 2023 - Recap

I recently attended MagnoliaJS, the premiere web dev conference in Mississippi. I’m lucky enough to be close, personal friends with both the founder and current organizers of the conference and was able to bring a group from C Spire to join in the event. The conference began on Tuesday, October 17 at the Mississippi Museum of Art, with a strong encouragement to create content. This blog post, this blog, and my social media presence were validated by Taylor Desseyn’s first talk, and so I was doubly encouraged to share these notes so that others might be able to glean something from the time I spent in the company of web developers.

Day 1

Taylor Desseyn, Content Creation 101

persuasive speech on the networking benefits of creating content on social media

Alex Riviere, Small Design Systems for Developers

6 types of design systems Design token code generators

Rizel Scarlett, Emerging tech to improve diversity

• defining privilege doesn’t mean you didn’t earn your achievements
• tech identified as creating equity
• containers
• AI code generation
• Decentralization

Angie Jones, Refactoring the Web

• the missing layer: identity
• Web5 = Web2 + Web3

Jaimin Patel, D3.js: Changing the way people do cancer research

• visualization of cancer mutations
• D3.js provides SVG creation APIs

Karl Groves, Everything you need to know about JavaScript Accessibility

• GitHub Repo used for live coding exercise

Tyler Clark, Getting the Job… Tips For Your Next React Interview Challenge

1. Be proactive in your career, not reactive
2. Network Network Network
3. Breakdown job descriptions
4. Understand your code, sometimes less is more
5. After fundamentals, learns tradeoffs and patterns

Pato Vargas, From Chaos to Order: How React Monorepos Can Simplify Your Codebase

• Monorepo tooling; Pato uses nx

Danielle Maxwell, To Micro-Frontend or Not to Micro-Frontend: 5 Questions to Ask First

• I think this is an architectural talk?

Taylor Desseyn (reprise), A Manifesto in Hiring

• don’t be an asshole
• do what you say you will
• show you are capable of being prepared

Noteworthy events

• Kenia won the art giveaway
• Abbey Perini won the costume contest as Tech Conference Barbie
• Nick Wallace catering was fire

Day 2

Chris DeMars, Accessibility in the Enterprise: The Relationship between A11y and ROI

• numeronym
• Web accessibility means that everyone can use the web
• 3 things that come last:
• Accessibility
• Performance
• Security
• questions
• Does it work on all screen readers?
• can i solely use a keyboard?
• Does the color contrast work for all users?
• Do the images have alt attributes?
• why should i care?

Mo Daniel, How to Learn Technical Skills Effectively

• Continual learning
• Increases adaptability
• Maintains skills

Five steps to learn effectively

1. Have a goal in mind
2. Master the fundamentals
3. Project based learning
4. Practice
5. Strengthen your weaknesses
6. Work with people with more experience

Blake Watson, The Joys of Home-Cooked Apps

• home-cooked apps are about redefining success
• A Fine Start
• DSL caretaker time sheets

Mark Noonan, a whale of a tale about front-end testing

• Unit and Component Tests
• Unit tests document the purpose of a function
• ‘Component tests document the purpose of a component and its variations
• Component tests are useful for discovering accessibility issues
• Lowest level for testing quickly
• Written by engineers who have the most knowledge of what and why the DOM is the way it is
• End-to-end and component tests
• Component tests are often “vertical”
• E2E tests are often “horizontal”
• Network stubbing benefits e2e testing and dev in parallel
• API testing
• When using mocked APIs, use API testing to validate the mocks against the real API
• Balance trade-offs between different testing schemes

Michael Liendo, Moonlighting as a developer

• Side hustle guidelines
• Come with a plan
• Communicate with your manager
• Create separate social accounts
• Side hustle tool box
• Calendly
• Stripe
• Carrd

Abbey Perini, Cognitive Load and your development environment

• Memory and cognition are finite resources
• Instructional design
• CodeClimate

Nerando Johnson, Unloacked: Growing Your Skills Through Open Source Development and Civic Hacking

• Ushahidi platform (Kenyan)
• Hack the City (Finnish)
• BudgIT (Nigerian)
• Code for America
• getCTG.org
• Code for Atlanta
• Marta.js
• Georgia Courtbot

Todd Libby, Deceptive Patterns and FAST

• Deceptive is not anti-pattern
• Molly Holzschlag

Noteworthy events (pt 2)

• Noonan’s presentation had a cast of characters
• Kevin won some socks
• Nicole won a Bluetooth speaker
• Dylan won a Bluetooth speaker
• Because everyone from C Spire but me won something, Kayla felt bad and gave me a candle
• More Nick Wallace heat with slow cooked pork roast

Thank you for reading

These notes may or may not mean anything to you and that is okay. For making it this far, I’d like to reward you with the relevant social media asset to this experience.

View this post on Instagram

A post shared by Michael Lamb (@themichaellamb)

MagnoliaJS 2023

MagnoliaJS is the premier web development conference hosted in the capitol city of Mississippi at the Mississippi Museum of Art downtown. With all the stories of Mississippi as a failing state, it is important to recognize MagnoliaJS as an opportunity for people in the web industry to learn about the state from its storied museums. The art museum in particular is an excellent community center and venue for this conference, as well as being rich with catering options from close by!

1. Why do I want to attend MagnoliaJS

I won’t lie: the food is a big draw. There’s great food in Jackson and MagnoliaJS is a great chance for it to be showcased in front of a national (sometimes global) audience.

Another, more personal reason is that the conference organizers are friends of mine who I want to support. The conference is also quite emphatic about accessibility and inclusion as themes and as a policy, so everything from the registration process to attendance is demonstrative of these values. MagnoliaJS will begin on Tuesday, October 17, with a talk on accessibility and neurodiversity from Homer Gaines. I’m also looking forward to a live coding session from Karl Groves demonstrating accessibilty principles in JavaScript.

2. What do I expect to learn

My primary goal is to listen and learn about the varied perspectives in the web industry. While there will be some JavaScript covered at the conference, there are a number of other topics that may shed light on a different way of thinking, so I am approaching with an open mind.

3. How will this benefit my personal growth

I am always willing to take the time to listen to story tellers in Mississippi spaces. I come away from these types of interactions inspired and motivated, and this usually takes a direct impact through the leadership decisions I make.

Referral Link with Discount

If you would like to purchase tickets for MagnoliaJS please use the button below for a 15% discount!

Get Tickets for Magnolia JS 2023

Let's Expire Password Expiry

Too many organizations employ outmoded policies related to passwords that have been shown to be ineffective in providing security, namely, the requirement to change a memorized token on a regular periodic basis. I would like to present here various references which demonstrate that the industry standards have evolved in the last decade and do not require users to change a memorized token on a regular basis. It is best practice to require a changed password when credentials are found in other systems (I know of some orgs that use the haveibeenpwned API to provide intelligence when credentials are found on the dark web) but expiry should not be required until there is evidence a compromise has occurred.

Key paragraph from NIST Digital Identity Guidelines¹

Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.

PCI DSS password requirements²

Requirements set in the Payment Card Industry Data Security Standards state that passwords should only be changed on a regular 90-day basis, if it is the only authentication method available (Section 8.3.9). A stronger security posture is to require multi-factor authentication to access secure systems.

FTC persuasive article against mandatory password changes³

Lorrie Cranor, ACM and IEEE fellow & Chief Technologist at FTC (2016-2017), wrote an article that makes the point of this blog post: mandatory password changes should be reconsidered. Compellingly, she details research that has demonstrated “[an] attacker who knows the previous password and has access to the hashed password file (generally because they stole it) and can carry out an offline attack can guess the current password for 41% of accounts within 3 seconds per account (on a typical 2009 research computer). These results suggest that after a mandated password change, attackers who have previously learned a user’s password may be able to guess the user’s new password fairly easily.”

Three different Microsoft articles make the case

Microsoft Security removed password expiration in v1903 of Windows 10 and Windows Server⁴

Periodic password expiration is a defense only against the probability that a password (or hash) will be stolen during its validity interval and will be used by an unauthorized entity. If a password is never stolen, there’s no need to expire it. And if you have evidence that a password has been stolen, you would presumably act immediately rather than wait for expiration to fix the problem.

Microsoft 365 password policy reccommendations⁵

Password expiration requirements do more harm than good, because these requirements make users select predictable passwords, composed of sequential words and numbers that are closely related to each other. In these cases, the next password can be predicted based on the previous password. Password expiration requirements offer no containment benefits because cybercriminals almost always use credentials as soon as they compromise them.

Robyn Hicock, Microsoft Identity Protection Team⁶

In a research article, the Microsoft Identity Protection Team identifies password expiry as an “anti-pattern” (a practice which is believed to solve a problem but in fact does not).

Mandated password changes are a long-standing security practice, but current research strongly indicates that password expiration has a negative effect. Experiments have shown that users do not choose a new independent password; rather, they choose an update of the old one. There is evidence to suggest that users who are required to change their passwords frequently select weaker passwords to begin with and then change them in predictable ways that attackers can guess easily.

One study at the University of North Carolina found that 17% of new passwords could be guessed given the old one in at most 5 tries, and almost 50% in a few seconds of un-throttled guessing. Furthermore, cyber criminals generally exploit stolen passwords immediately.

Microsoft CISO says the future is passwordless⁷

“I remember we had a motto to get MFA everywhere, in hindsight that was the right security goal but the wrong approach. Make this about the user outcome, so transition to “we want to eliminate passwords”. But the words you use matter. It turned out that simple language shift changed the culture and the view of what we were trying to accomplish. More importantly, it changed our design and what we built, like Windows Hello for business,” he says.

“If I eliminate passwords and use any form of biometrics, it’s much faster and the experience is so much better.”

Microsoft is moving towards a hybrid mode of work and, to support that shift, it’s making a push towards a Zero Trust network design, which assumes the network has been breached, that the network extends beyond the corporate firewall, and caters to BYOD devices that could be used at home for work or at work for personal communications.

References

[1] NIST 800-63B Section 5.1.1.2 Memorized Secret Verifiers

[2] PCI-DSS 4.0 Section 8.3.9

[3] FTC Time to rethink mandatory password changes

[4] Microsoft Security baseline (FINAL) for Windows 10 v1903 and Windows Server v1903

[5] Microsoft Password policy recommendations for Microsoft 365 passwords

[6] Microsoft Password Guidance

[7] Microsoft’s CISO: Why we’re trying to banish passwords forever

JXN Film Club - PODCAST REVIVAL

As a film lover in Jackson, I’ve felt compelled to identify the people in my life who love talking about movies. A few years ago, the thought had crossed my mind to start a film club and try to create some community around this shared love. I asked some friends and started organizing events, and eventually was approached about starting a podcast. That’s the brief history of Jackson Film Club (aka jxnfilmclub or JXN Film Club).

When The Fairview Sound studio was located in Belhaven, I worked with Brennan White to release 2 seasons of podcast content under the banner JXN Film Club The Podcast. My co-host was Sam Graef, a current film student at Belhaven University and co-founder of Escape the Wolf Productions. Both Brennan and Sam have moved on to other phases of life and so I am going to do something new to continue this podcasting project on my own.

If you’ve never listened to the podcast before, here’s the last episode we recorded with Brennan, featuring Brennan! It’s a great introduction to our style.

Are you on Discord

There is a chat and social app called Discord which was initially created for the gaming community. If you’ve ever used Slack or IRC, you’re going to be familiar with the channel structure of Discord Servers. I have owned and maintained a personal Discord I use for development since 2017. You can join my server using the widget under my bio on this page.

Moving forward starting with Season 3, all episodes will be generated from recorded conversations taking place on Discord. This will enable a regular schedule since guests will be completely remote. This does require that guests are registered Discord users and have access to a camera and microphone. The great part is that the Discord app lets users use the camera and most people who have a smart phone have earbuds or headphones. All the recording logistics are handled seamlessly and the only thing guests will have to do is join a voice channel at an agreed upon time.

Topics

Previously, we collaborated with our guests to come up with general topics we could have some freeform discussion about. I don’t know how well this really worked as far as exploring intellectual takes on films or the film industry, but I had fun doing it.

In addition to topics, we had a throughline of Top 20 episodes. These conversations focused on a guest’s Top 20 favorite movies, a list they compiled ahead of time. I’ve collected all of the lists we turned into episodes on my Letterboxd. I’ll continue to catalogue JXN Film Club podcast content on Letterboxd as is appropriate.

Considering that Seasons 1 and 2 were primarily recorded in the living room studio of The Fairview Sound, the conversational nature of our topics relied a lot on in-person chemistry. I’m not concerned that chemistry won’t be possible using Discord but I do believe it will feel very different. I look forward to exploring the challenges to recording a podcast using this digital platform.

Be Our Guest

So far we’ve had lots of interesting local guests, but I am excited about the potential of opening the podcast to feature guests from anywhere in the world! If you think you’re up for the task and want to learn more about the podcast recording schedule, please respond to the form below!