While the end-of-life, security issues angle is a perfectly valid one I’m surprised this isn’t about accessibility.
I would imagine government websites should provide information in an accessible way which Flash definitely isn’t.
The recent HN post about the UK government moving from PDF to HTML[0] springs to mind as an example of a move in the right direction but given that it took a lawsuit to make laws publicly and freely accessible I think that isn’t a goal in US government somehow.
Two notes, though I doubt anyone working on government pages will actually read them:
1) PDF -> HTML improves accessibility. HTML -> content rendered by JS via an SPA framework is worse than PDF, and approaches Flash. Please don't do that.
2) Think of the robots :). One of the problem of government data is that while you can usually find the scanned PDF or an XLS file with the data you're looking for, it's completely useless for automated processing. Making public data easier for machines to read enables citizens to build interesting tools on top of them.
I'd usually be right beside anyone wanting to begin JavaScript bashing but it feels like you are conflating two issues.
Whilst the (for lack of a better term) JavaScript / SPA ecosystem encourages (especially to novices) people to do things in the Wrong Way, I wouldn't say that an SPA is inherently less accessible, and I definitely wouldn't say that it's less accessible than a PDF.
I—like I'm sure the rest of HN—have experienced many a terrible SPA, but from my JavaScript dabbling it's becoming more and more apparent that it's due to bad developers more than anything else.
> I'd usually be right beside anyone wanting to begin JavaScript bashing but it feels like you are conflating two issues.
I'm not really bashing JavaScript per se, I'm bashing modern web development ecosystem.
Sure, you can use JS and modern SPA frameworks to build lean, accessible, progressively-enhanced pages. But that's not the default. That is not what tutorials will encourage you to do. That is not what those tools were designed to facilitate. And your typical developer will absolutely follow trends and "industry standard" in the technologies they use.
It's kind of like with bashing PowerPoint. To be completely honest, PowerPoint is a very powerful tool that can help you deliver amazing presentations if you know how to use it for that goal. Most people don't, and the defaults of PowerPoint encourage bad style - hence people bash the tool.
I will attribute this to the ignorant of management.
The local government here mandated all website to have w3c AA grade accessibility. But all the management fellow it by the letter of standard. None of them provide us the time or resource to do accessibility testing. They explain away the accessibility issues raised by the concerned groups.
So, yes plain html is better. They have a higher chance works without any prior testing
Non-technical / ignorant people are also highly likely to put blobs of text content into PDFs as raster images, which pretty much makes them impossible to search/index or deal with for visually impaired persons' software assistance tools. I have seen too many government PDFs that would be impossible to understand if I were visually impaired.
Sometimes lawsuits are like a “4th branch of government”. It forces legal compliance (or at least highly encouraged) so in some ways it’s not that different from the typical role of government. Politically, it can be easier for politicians to let lawsuits do the work for them instead of gaining enemies by going after people (which lawyers get instead). You also hear the media get called “the 4th branch” from time to time.
I've seen a model described in which lawsuits are used to exercise executive power while bypassing the judiciary. I have no opinion on how prevalent this is:
1. An agency would like to make a rule, but that rule would exceed their authority.
2. After some quiet discussion, an NGO which is friendly with the agency sues them for not already enforcing the rule.
3. The agency settles the lawsuit, and the terms of settlement require them to enforce the rule. This bypasses inquiry into whether they're allowed to do so.
If something like this happened, I'd be pretty comfortable describing it as a "4th branch of government" or similar.
I agree, but that's all I could find in a quick search.
Anyway, if you read between the lines and realize that some orgs wouldn't behave normatively, you can imagine some scenarios where the OP could be right.
Another aspect I'm surprised isn't being discussed is mobile. Many people in the US use a mobile phone or tablet as their primary computing device. Flash is not available on mobile devices -- using Flash on a web site effectively restricts that content to people who have access to a desktop computer.
Seconding this, since Flash is incompatible with most screen reading software used by the visually impaired, I think the legal requirements should be obvious.
The adblocker suggestion is particularly interesting and I don't think is getting enough press. I would bet that a lot of smaller federal agencies wouldn't be as timely with IT updates as they should be. As it happens one of those malicious payloads could indeed be a Flash applet, so the overall push away from Flash should help, but there are many other ways in. Unfortunately I think it's local agencies that would need this extra layer of defense most, having seen how neighbouring municipalities maintain their systems (or don't).
And really the blocker could be (and probably already is) implemented at the DNS level with something similar to PiHole's blacklist. I'm sure big switch/network gear manufacturers have something similar to block ad/tracking traffic.
While they're at it, they should request that all government websites with news feeds provide it in RSS format. A lot of agencies do this, I have a list of almost 100 US government feeds - but it's unfortunately absent from some agencies.
They really shouldn't make people to go to twitter or facebook to follow their press releases...
By the looks of it, many US government websites haven't had a significant technical update for at least a decade. Searching for '"best viewed * internet explorer" site:*.gov' turns up a depressingly large number of results, many of them for important-looking services rather than old static pages.
It's the difference between building a product to spec and building a product so it's usable by the actual demographic that needs to use it. US Digital Service talked about finding these Flash barriers and building quick webform replacements making a HUGE improvement in usability (like from ~5% completion to 90%+ completion IIRC).
I wouldn't be surprised if those same government departments are stuck on WinXP SP2 with IE6-8 with Flash enabled. IT at huge orgs moves extremely slowly.
Last decade or so? Chrome still supports Flash, you just need to enable it on a per-site basis. And it's been less than two years since they enabled it by default.
How do you make Flash files in 2018? I don't see export as Flash in any of the programs I use, I am sure other programs have them though. Maybe the option needs to be purged from the toolchain as well as the browser.
Flash and ie6 need to be completely left unsupported. I'd go so far as Adobe and Microsoft should put a Killswitch that removes them or simply makes them unusable.
> yes, it does serve a purpose, but at the expense of your users
That has always been the tradeoff of captcha.
The other side of the equation is how relevant/useful is the data submitted? So long as the captcha isn't unreasonably difficult for a human, I would rather my government not spend resources to follow through with every single spammy form submission.
ideally you'd implement something that inconveniences machines (ie spam bots, aka the sole reason captcha needs to exist) but doesnt inconvenience humans
in particular, the v2.0 of captcha implements this time delay.. where you click a picture that matches a description but the images do not appear instantly. its like, wait a random amount of time before you can continue.. you cant even login to our service until you wait a random amount of time.. its insane, piss off, you know, these captchas can actually be broken easily, its just not common yet...
When malicious users were abusing our trial accounts at work, I tried to find alternative solutions that would slow them down, but the implementing team had already exhausted all the usual tricks and in the end I didn't really have anything to offer. And they went with ReCAPTCHA, since unfortunately that seems to be one of the better options at the moment.
I think the best option might be something as CPU-hungry as a coin miner, maybe just burn through a bunch of hashes as a proof of work, but smartphones have such limited CPU that it's not clear to me you could reach a threshold that would be acceptable to phone users but not to the bots.
Proof of work is an interesting angle… I think users might like it if it was an opt-in to avoid captchas. You could have a relatively viable product where users can either do tasks hard for computers a la ReCAPTCHA (and 3rd parties can put in tasks, like MTurk), or users can opt in to a mining script for a couple of minutes. Both can be monetized.
My original thought was that the account creation page (or whatever needed to be gated) would do the mining and send the server a small amount of e.g. Monero. And alternatively, if you didn't want your device to actually mine the Monero, perhaps because you don't allow scripts, you could instead have your browser send that small amount directly from your own wallet. :-P
...but people have browser extensions to sniff out miners now, so a more generic proof of work is probably safer.
They've already announced they're not going to renew their military contracts. What would Google have to do for you to be ok with Captcha challenges again?
It's precisely the case where you're not committed to a "team" forever and ever that knowing which party a representative belongs to would be an informative data point. Whether they are doing something notably sensible or dumb.
>It's precisely the case where you're not committed to a "team" forever and ever that knowing which party a representative belongs to would be an informative data point. Whether they are doing something notably sensible or dumb.
Quite the opposite for me. Because I'm not committed to a team, I have little reason to care, and that piece of information is not at all informative for me. I vote for people, not parties.
Nearly all journalism in the US states the party affiliation in the headline or close to the first mention of the name of the politician:
Title: "Jason Spencer, Georgia Lawmaker Duped by Sacha Baron Cohen, to Resign"
Article lede graf: "Jason Spencer, the Georgia Republican lawmaker who was fooled into repeatedly yelling a racial epithet on the comedian Sacha Baron Cohen’s television series, intends to resign effective July 31."
Title:
"Lessons From a Failed Nomination, for Both Brett Kavanaugh and the Senate"
"WASHINGTON — The doors to the Republican cloakroom off the Senate floor swung open and out walked Senator Ron Wyden, an Oregon Democrat who is not usually found in the inner sanctum of the majority party."
[0] https://news.ycombinator.com/item?id=17541045