The Uncomplicated Web
Many believe the use of standard data formats prevents innovation. Web developers commonly use this to justify reinventing the square wheel: Compared to standards-based web pages, almost all ad-hoc contraptions exhibit worse accessibility, usability and performance characteristics. This prevents interoperability without providing new functionality.
The following guidelines serve to avoid needless complexity.
A web page must load fast.
- Maximum transfer size 20kb without embedded media.
- Maximum 6 resources, not counting embedded media.
- No cross-origin resources, except for embedded media.
- Use compression, except for already compressed data.
- No unnecessary content.
- No validation badges.
- No share buttons.
- No advertising.
- No cookies.
- For caching, use entity tags.
A web page must not be annoying.
- No pagination, except for collections of self-contained compositions or very long lists.
- No account registration for read access.
- Provide human-readable URLs.
- Default font size
1em. - High contrast.
- No autoplay.
A URL must always refer to the same resource.
- If user is not authenticated, return HTTP error 401.
- If user is not authorized, return HTTP error 403.
- URIs must never change.
- No user agent sniffing.
- No device sniffing.
- No hashbangs.
- No sessions.
- No frames.
A web page must use standard semantics.
- Provide hypertext content in HTML.
- No plugins.
- No AJAX.
- No PDF.
- No LaTeX.
- Embed media in standard formats.
<img>: GIF, PNG, JPEG or SVG.<audio>: (MP3 or AAC) and Ogg Vorbis.<video>: H.264+AAC and (WebM or Ogg Theora+Vorbis).
- Provide hypertext content and media in Atom feeds.
- Provide feed autodiscovery.
- No partial feeds.
- No newsletters.
- No RSS.
- For multiple media files, use multiple enclosures.
- Layout with CSS.
- No vendor-specific CSS, use -prefix-free.
- No JavaScript layout or typography.
- No SVG layout.
- Do not invent meaning.
- No custom APIs.
- No data attributes.
- No cookies.
- No JSON.
- No DRM.
- Authenticate with HTTP basic auth over HTTPS.
- No query-string-based authentication.
- No cookie-based authentication.
- No HTTP Digest authentication.
- No OAuth.
A web page must be media independent.
- Do not assume hardware, browser or OS.
- Do not assume turing completeness.
- Do not assume JavaScript.
- Do not assume bandwith.
- Do not assume plugins.
- Do not assume fonts.
- Do not assume CSS.
HTTP basic auth over HTTPS – cool idea! Though I worry about having my password visibla cleary in the address bar of my browser. This could be fixed by browsers rendering the password in the address bar with “*”s. This would also prevent that somebody accidentally copypastes the URL somewhere. If the password part is only “*”s, then the user has to make a concious choice and retype his password.
josch, you might be confusing something here. You can give username and password for HTTP auth in a URL – but when you login with HTTP auth, browsers do not display your credentials in the address bar.
erlehmann, just tested this with firefox – indeed it doesnt do that. Good, good…
If you need code: My bottle.py-based blog software buddelblag contains a Python HTTP auth decorator example. Caveat: I am fairly sure that the login link is superfluous and the logout request should be a POST, not a GET.
Hi erlehmann,
Could you post some example sites, please? It would be nice to see some diverse results where your rules apply. If they are aesthetically appealing, great. If not, also great. Both results would give hints why the internet is used how it is used.
I totally understand your demands, living at the moment in Johannesburg, RSA, where more people were introduced to the internet in mobile, compressed form than in any other way (maybe this is true for the majority of people from Africa?). Bandwith is scarce, slow or more expensive than in Europe. The eurocentric web developer standard (which has no problem in terms of speed or bandwith) affects browsing a lot, f.i. if hyperlinks are uncommented (destination, possible file size, etc.) or if even the first site loads so awkwardly slow that a tea can be brewed in between. [I am crucially aware that with the blogger/blogspot domain, I have not chosen a fast blogging tool thanks to AJAX/flash/etc. Only out of convenience I will stay there until I return to Europe, than I change]
Thanks in advance, mro.
PS This is another matter altogether: do you know a way (hyperlinks welcome) to ask via the shell (wget, aria2c) how large an internet file is (explicit filesizes in kb/mb etc)?
I have not yet built a validator, but I plan to.
Regarding file size, try a HEAD request and look for the Content-Length header: The shell command
curl -sIL http://w3.org | grep Content-Lengthwill give you the size in 8-bit bytes (octets).The validator would be very helpful, your shell command is already! Thx.
in other words: blog.fefe.de :)
HTTP basic auth over HTTPS is still a bad idea because HTTP basic auth doesn’t support passwords longer than 8 characters.
Prove it.