[Message Prev][Message Next][Thread Prev][Thread Next][Message Index][Thread Index]
Re: PDF accessibility (was Re: N:Vision CFL's)
"Dave Houston" <nobody@xxxxxxxxxxxx> wrote in message
news:460a6ab5.1104620437@xxxxxxxxxxxxxxxx
> "Robert Green" <ROBERT_GREEN1963@xxxxxxxxx> wrote:
>
> >I run at 800 by 600 on a
> >21" monitor and have problems seeing even at those settings. My browser
> >settings are for "largest text" and most HTML pages correctly handle that
> >increased magnification and allow me to read without resorting to a
clumsy
> >screen magnifier program. That minor difference alone can make the PDF
> >experience just fine for one person and agonizing for another. That's
even
> >before one considers how much more security exposure is required to view
> >anything that's not standard HTML in a web browser.
>
> OK, now I understand. I wasn't aware that you had impaired vision. HTML
does
> display better with large text, flowing to fill the screen width and only
> requiring vertical scrolling whereas PDF requires horizontal and vertical
> scrolling at high magnification. For anything I really want to study, I
> print the page(s) of interest and that usually works much better with PDF
as
> opposed to HTML.
Now you see another problem that severely sight-impaired folks have with
PDFs. Printing out a PDF is usually not very helpful to them unless it's in
Braille. (-: Since my vision's not that bad, it's what I resort to most of
the time, but it's an awful waste of paper. I'll be the first to admit both
approaches have their problems but just on general principles I'd rather the
technology be something that's included in the WWW standards, not a
proprietary tack-on. There's been some real progress in Vista regarding
vision impairment aids:
http://arstechnica.com/reviews/os/pretty-vista.ars/1 points out:
****************************************************************
"GDI's bitmapped nature causes all sorts of issues. One that will be a
problem, "RSN," is that it's essentially pixel-oriented. Programs will draw
a line that is, say, two pixels wide, or text that's ten pixels tall. In
times gone by that didn't matter. Dots were about the same size on any
screen you used?about 1/96". But that's not the case today; laptop LCDs will
often have dots around 1/120" in size, and the very highest-end LCDs have
dots measuring just 1/200". If you use your old pixel-based measurements on
a screen like that everything looks tiny, only a quarter of the size you
expected it to be. Though one can work around this and perform appropriate
scaling, most applications don't because their developers would have to
perform all the corrections by hand. So instead, if you use high
resolutions, you'd better get used to tiny graphics. This problem doesn't
just face rich people with fancy monitors; similar issues are faced when
printing. Even cheap printers have a resolution much higher than that of a
screen. And clean scaling is, for obvious reasons, a boon to the partially
sighted."
Another page in the Vista review
http://arstechnica.com/reviews/os/pretty-vista.ars/3
goes on to say:
"Another practical repercussion of using vector graphics is with
"magnifier"-type applications; those utilities that enlarge some area of the
screen (typically that part under the mouse) as an aid to the partially
sighted. Such utilities have been available for Windows for years, and the
OS even ships with a simple magnification tool. But they all share a common
characteristic: the magnified portion of the screen is ugly. Because it's
magnifying a bitmap, such tools look blocky. The normal text may appear nice
and crisp, but the magnified version is awash with jagged lines and bumpy
diagonals: [see image at site] Not so in Vista. The magnifier shows a
scaled-up version of the screen, looking as sharp as the regularly sized
view, only larger. Needless to say, this only works for new WPF
applications. Boring old Win32 just gets blocky, as it always has done. "
********************************************************************
> As for security, I think any added risks are minor and even then most are
> traced back to scripting and HTML is extremely vulnerable to that risk
also.
That's true, but I think every little bit helps. If you really lock down
your browser, you won't be able to DL's *any* files by right clicking.
Giving a browser permission to DL means a hijack exploit will likely find it
easier to DL all sorts of nonsense. Prohibiting that is a nuisance, but
keeping the browser from doing anything but browsing is something I feel to
be necessary when plain ol' surfing. Especially when I am running Microsoft
products. (-: The big problem for IE is that is ships wide open. How many
users even know what the questions in the Options/Security dialog mean?
http://www.jfitz.com/tips/ie_security_config.html
Since changing the options (and more) detailed in the above link (a PDF-free
zone!) there haven't been any bookmarks shoved into my bookmark file,
toolbars added that I never requested, pop-up windows, click trackers,
excursions to sites other than what I clicked on, etc. You're right in
saying that most of that garbage comes from scripting exploits, but not all
of it does.
What I find really interesting is that sites like E-bay still work without
DL'ing rights, javascript, Active-X and the like enabled. Money talks and
they're not willing to lose customers dazzling them with useless Flash ads
or pop-up windows if they detect the browser's locked down. Still, with all
that locking down, clicking a maliciously crafted URL/website is dangerous
because of the potential for unpatched exploits. Using an old, ratty
browser that no one cares about hacking anymore may or may not help in that
regard. We'll see!
This information at least tends to support that belief:
http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx
Graphics Rendering Engine Vulnerability - CVE-2005-4560
Remote Code Execution
Windows 98, Windows 98 SE, and Windows ME - Not Critical
All later Windows version: Critical
Ironically, visiting that site triggered a "your browser has crashed"
message!
Ebay has been making lots of noises about my security settings lately - they
can obviously tell that they are set to maximum - so it may be that they're
finally going to force their users with high-security settings in their
browser to lower them, but I suspect they're reluctant to do anything that
will disenfranchise a lot of their customers. Or result in an endless
barrage of complaints.
I know some companies that lock down their browsers completely, insisting
that users deal with that policy on a case-by-case basis. I suspect more
and more businesses are doing that because of scripting exploits.
Interestingly enough, it drops the personal use of the 'net at work to just
about zero. No video clips, no YouTube, no game sites, no Flash ads. Far
fewer cases of virus infections, too, since those rely heavily on
attachments that can be downloaded and executed. Sounds draconian, but it
hardly seems to impact their business use much at all. (-:
> usually right-click on PDF URLs and download them rather than open them
> in a browser. It just takes too long to open them in a browser.
Oh, I forgot to mention the horrific performance of PDF's viewed from the
browser as another thing I dislike about PDFs. Thanks!!! (-: If I really
want a PDF, I DL it from a different machine that does nothing but DL files
from the net. If anything goes wrong, the damage is contained to that
isolated machine and I never have to actively remember to "raise shields"
again as I might on my normal surfing PC.
The problem with a lot of browser exploits is that firewalls have already
given the browser program access to net. Those types of exploits are only
going to get more popular as the other security components are hardened and
the browser is the only "door" left open. What's happening on the web is
very similar to what happened with cars. Lock them down tight enough, and
thieves switch from unattended thefts to car-jacking because they know YOU,
the driver, can defeat the security systems. The increasing use of
firewalls and scanning SW has caused the crims to switch to phishing because
like the new car driver, the PC owner unlocks the door for them.
> Unfortunately, more and more things are only available as PDF so I will
> probably continue to cite them.
I suppose. But there's a big difference in what I read for fun and
downloading an instruction manual for electronic equipment. I mentioned
this so you wouldn't think I was dissing you by not following the links you
post. I don't expect you to join my grass-roots campaign to get webmasters
to convert PDFs to HTML when there's really no overwhelming technical reason
to use them. It's clear from the discussion here that the problems of PDFs
and the sight-impaired are not "general knowledge" so it's largely a
question of education. Tax forms, RFPs, large documents and
format-dependent documents really demand them. But most other uses I've
come across, don't. They were print documents to begin with and the easiest
thing for a webmaster to do is post it just that way.
Now I've got to go zero out my firewall log so I can watch the number of
pings go through the roof. Writing any kind of post about security seems to
attract an inordinate number of "We'll just see how secure you REALLY are
types." <sigh> I'd call it the "Gibson Effect" after the founder of Spinrite
and his DOS attack woes but that name is already spoken for in perceptual
psychology to describe how after viewing a line curved in one direction, a
subsequently viewed straight line appears oppositely curved.
--
Bobby G.
alt.security.alarms Main Index |
alt.security.alarms Thread Index |
alt.security.alarms Home |
Archives Home