One place for hosting & domains

      Web Accessibility Guide for Designers (6 Key Tips)


      As a website designer, you play a significant role in a website’s accessibility and inclusiveness.  Many design elements, from typography to media, can create barriers for those with disabilities. With so many items that need to be addressed, it may feel like an impossible task.

      Fortunately, there’s a lot of guidance available for designing a website that’s accessible to all. By giving careful attention to a few key areas, you should be able to include accessibility in your design process without breaking stride.

      In this guide, we’ll introduce you to the concept of web accessibility and its importance. Then we’ll cover six key areas to keep in mind when designing an accessible website. Let’s get started!

      An Introduction to Web Accessibility

      Web accessibility means that all aspects of a website are usable by people with disabilities. Without it, much of the information on the internet would be inaccessible to a large percentage of the population. For online business owners, this would also equate to losing out on potential sales.

      As of 2019, nearly 60% of the United States population with disabilities lived in a home with internet access. That translates to a lot of people who rely on accessible design to use the web fully. People with disabilities also tend to adopt technology at lower rates, meaning they may not have an option for which device to use when accessing a website.

      The World Wide Web Consortium (W3C) developed the Web Accessibility Content Guidelines (WACG) to provide a set of standards to developers, designers, and others responsible for creating and maintaining content on the web.

      The accessibility guidelines are organized into four principles, sometimes referred to by the acronym POUR:

      1. Perceivable: Website components must be presented in a way that users can perceive, regardless of disability.
      2. Operable: Navigation and operation must not require input actions that a user cannot perform.
      3. Understandable: Users must understand how to use and navigate a website and the content on it.
      4. Robust: Content needs to be compatible with current and future assistive technology.

      These principles can seem overwhelming and even somewhat vague. However, there are concrete steps you can take to ensure that your website is accessible to everyone.

      Get an Inclusive Design You’re Proud Of

      Our designers will create a gorgeous website for your brand with usability guidelines and ADA compliance in mind. No accessibility problems here!

      Web Accessibility Guide for Designers (6 Key Tips)

      Having touched on how vital web accessibility is, let’s look at six areas to consider when designing an accessible website.

      1. Make Visual Design Elements Readable

      Typography is a fun area to showcase your creative flair, but the primary purpose of your website’s text is to convey information. There are a few guidelines to be mindful of when working with typography.

      First, you’ll want to think about the contrast between the text and the background. Contrast is expressed as a ratio, and per WCAG guidelines, the minimum contrast is 4.5:1 for normal text and 3:1 for large text.

      There are several tools you can use to test color combinations. WebAIM’s Contrast Checker is one of these.

      WebAIM’s contrast checker tool.

      Line height and letter spacing also come into play where accessibility is concerned. To keep text readable, W3C provides the following guidance:

      • Line height must be at least 1.5 times the font size.
      • Spacing between paragraphs should be two times the font size.
      • Spacing between letters must be at least .12 times the font size.
      • Word space should be at least .16 times the font size.

      Graphs are another way to present a lot of information in an easily understood format. However, if you’re only differentiating the elements by color, you could be shortchanging many people. In fact, there are about 3 million colorblind people worldwide who could be struggling with your content.

      To be certain visual elements are understandable, consider using patterns as well as color in your graphs. When selecting designs, we recommend choosing ones that are different enough from each other. For example, lines or dots are easily discerned, whereas lines of varying thickness may not be.

      2. Organize Content for Easy Understanding

      No matter what type of website you’re designing, chances are there is a lot of text. You can improve accessibility by structuring content in a way that’s easy to skim and understand.

      First, most users will appreciate you breaking your text up into short paragraphs. People often aren’t reading deeply on the web, and shorter sections are easier to scan through.

      Headings are also crucial to scannability. Each heading should accurately describe the content beneath it and follow a logical hierarchy. This means using larger headings first and progressively smaller ones as you cover more specific information.

      Using appropriate markup for your headings can make it easier for screen readers to read and navigate your content. In HyperText Markup Language (HTML), you’ll use tags <h1> down to <h6> to create hierarchical headings to break up your text.

      Headings arranged hierarchically from one to six.

      When adding links to your content, be sure the anchor text is descriptive enough that readers will know where clicking on it will take them. Also, it’s smart to mention if the link will open in a new window. A window opening unexpectedly can cause issues for screen readers and confuse the user.

      You should also let your users skip through the content without using a scroll wheel or repeatedly pressing an arrow key. This can be as simple as including a table of contents at the start of a blog post. You can also have a button that skips right to the main content of the page.

      A ‘skip to main content’ button.

      Next, we’ll explore some ways you can make interacting with your website easier.

      3. Keep User Interface (UI) Elements Intuitive and Device-Independent

      User Interface (UI) elements are anything on a website that visitors need to interact with to navigate, and they play a major role in the overall User Experience (UX). UI elements can include scrollbars, dropdown menus, and notifications.

      For a website to be considered accessible, people using different devices need to be able to interact with these UI elements successfully. This means that device-independent design is crucial.

      For example, some people are only able to use keyboards. To make it possible for them to navigate a webpage, you can include focus indicators to highlight buttons, links, and text fields when a user tabs through a page.

      Anything on your website that can be interacted with should have a corresponding focus indicator. The appearance can vary from one browser to another, but they typically show up as a blue or white outline depending on the background color.

      A focus indicator on the Google search page.

      When adding focus indicators, you’ll need to define tab order. This order should be similar to how you read: top to bottom and left to right. You can test this by tabbing through your site.

      Try to keep navigation and other menus in a consistent order throughout the website. These elements should also appear in roughly the same locations on each page because it makes them easier to memorize and quicker to use.

      Touch targets are the areas a user taps when using a touchscreen device. When defining touch targets, you’ll want to be sure they’re large enough to be easily tapped by anyone. For example, people with neuromuscular disorders may lack the fine motor control needed to interact with a tiny target.

      However, you also don’t want to create targets so large that they overlap with nearby elements. Tapping one button when you were aiming for another is enough to frustrate anybody.

      Some users rely heavily on keyboard shortcuts. While you can define shortcuts for your website, it may not be the best course of action. Keyboard shortcuts are not standardized across the web, and any you create may conflict with the device someone is using. If you decide to add custom shortcuts, be sure to make this clear and provide guidance for using them.

      There are some types of interactions that aren’t available on every device. For example, while pinch-to-zoom is convenient for mobile phones, it’s impossible on any computer without a touchscreen. Be sure content isn’t locked behind actions your users may not be able to perform. Provide multiple avenues to your information.

      UX is a highly involved area of web design with a lot of moving parts. Therefore, you might consider adding a section to your style guide to help maintain consistency for all UI elements across your website.

      4. Make Input Controls User-Friendly

      Input controls are a subset of UI elements intended to accept input from a user. Examples include text fields, checkboxes, and radio buttons.

      Forms can be tricky to design with accessibility in mind, but there are some guidelines to follow. You can start by labeling each field of your form. You might also include some example text in the field itself.

      A lead generation form with labels and example text.

      When laying out forms, we suggest using a vertical structure and placing each field on its own line. This makes navigating the form easier for keyboard-only users. On a related note, ensure that focus indicators are placed throughout the form.

      You might break long forms into multiple sections as they can be overwhelming. You could also add a progress bar for people to know where they are in the process; this is likely to be appreciated by your users.

      Finally, be sure to provide error messages that are clear and easy to understand. If possible, don’t clear the entire form when an error is made. It’s a good idea to include instructions for how to fix the mistake as well.

      5. Include Multiple Ways to Enjoy Media

      Media can add a lot to a website, but there are accessibility issues to be mindful of. Fortunately, you can ensure that any media you use is enjoyed by everyone.

      First, some types of media are best avoided altogether. Flashing animation or pop-ups can potentially trigger seizures in some people. You may also want to skip scrolling text or animated content that can’t be paused. It can be difficult or even impossible for some users to absorb.

      If you feel the need to include scrolling or animation, there are ways to make these elements more accessible. Be sure text moves slowly enough that visitors can read it easily. In addition, make it possible for users to pause the content and be clear about how to do so.

      When you create video content for your website, you can include closed captioning for the deaf and hard of hearing. You should also add a text transcript of the video’s content for those using a screen reader.

      Visitors who use screen readers can sometimes have a difficult time with images on a site as well. To make it possible for these people to see what is happening in a picture, you can include alt text.

      Adding alt text to an image of a person playing guitar.

      Alt text is a description intended to show up when an image fails to load. However, screen readers also speak this text, so those with visual impairments don’t miss out.

      When you’re writing alt text, you’ll want to be as descriptive as possible. You can base your description on what is featured in the image and the context of the surrounding content. Also, there’s no need to include the words “Picture of…” at the start of your alt text, as the screen reader will add that automatically.

      6. Perform User Research and Testing

      User research and testing probably aren’t as exciting to you as the design process, but they’re crucial for nailing accessibility. User research is best done early in the process to get a handle on who your users are and what they expect from you. You can do testing throughout the design process to help keep you heading in the right direction.

      Thorough research ensures that none of your users will fall through the cracks and will help you develop a plan for designing your website. You might use focus groups or surveys to determine what users need from your website and how they intend to use it.

      You’ll likely want to do some testing throughout the site-building process. You might try A/B testing at the wireframing stage when there’s still time to pivot. Once your site goes live, you could observe people using your website and ask for their thoughts as they accomplish specific tasks.

      During research and testing, it’s best to gather a diverse group of participants. Including those of all abilities gives you a better chance of designing a site that works for everyone.

      You can also perform testing yourself, such as trying to navigate your website using only your keyboard. For other elements of accessibility, you might want to try a plugin such as WP Accessibility.

      The WP Accessibility plugin.

      This plugin is free to use. It can help you correct a variety of accessibility issues.

      DreamHost Takes Inclusivity Seriously

      We regularly report on diversity, accessibility, and representation in the tech industry. Subscribe to our monthly newsletter so you never miss an article.

      Let’s Make Accessibility Standard

      Focusing on accessibility during the design process can result in a website that’s accessible to everyone. While it may seem like a lot to keep track of, the payoff is well worth the extra effort.

      Keep the following in mind when you’re designing your website:

      1. Make visual design elements readable.
      2. Organize web content for easy understanding.
      3. Keep User Interface (UI) elements intuitive and device-independent.
      4. Make input controls user-friendly.
      5. Include multiple ways to enjoy media.
      6. Perform user research and accessibility testing.

      Building an accessible website is a lot easier with the right web host in your corner. DreamHost’s Shared Unlimited hosting can ensure that you get off to a great start with a fast and reliable website!



      Source link

      Apache Configuration Error AH02572: Failed to configure at least one certificate and key



      Part of the Series:
      Common Apache Errors

      This tutorial series explains how to troubleshoot and fix some of the most common errors that you may encounter when using the Apache web server.

      Each tutorial in this series includes descriptions of common Apache configuration, network, filesystem, or permission errors. The series begins with an overview of the commands and log files that you can use to troubleshoot Apache. Subsequent tutorials examine specific errors in detail.

      Introduction

      Apache generates an AH02572: Failed to configure at least one certificate and key error message when it is configured to use the ssl module, but is missing a TLS/SSL public certificate and corresponding private key. The error will prevent Apache from starting up, and the error message itself will be found in Apache’s logs.

      In this tutorial you will learn how to troubleshoot an AH02572 error using the methods described in the How to Troubleshoot Common Apache Errors tutorial at the beginning of this series. You will also learn how to set the SSLCertificateFile and SSLCertificateKeyFile directives to resolve the message.

      If you have already determined that your Apache server is affected by an AH02572 error and you would like to skip the troubleshooting steps, the Adding an SSL Certificate to Apache section at the end of this tutorial explains how to resolve the error.

      Troubleshooting Using systemctl

      When you are troubleshooting an AH02572: Failed to configure at least one certificate and key error message, Apache will not be running. Its systemctl status will show a failed message.

      To examine Apache’s status with systemctl, run the following command on Ubuntu and Debian derived Linux distributions:

      Ubuntu and Debian Systems

      • sudo systemctl status apache2.service -l --no-pager

      On CentOS and Fedora systems, use this command to examine Apache’s status:

      CentOS and Fedora Systems

      • sudo systemctl status httpd.service -l --no-pager

      The -l flag will ensure that systemctl outputs the entire contents of a line, instead of substituting in ellipses () for long lines. The --no-pager flag will output the entire log to your screen without invoking a tool like less that only shows a screen of content at a time.

      You should receive output that is similar to the following:

      Output

      ● apache2.service - The Apache HTTP Server Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled) Drop-In: /lib/systemd/system/apache2.service.d └─apache2-systemd.conf Active: failed (Result: exit-code) since Fri 2020-07-31 16:02:41 UTC; 20s ago Process: 36 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE) Jul 31 16:02:41 7d6ef84b6907 systemd[1]: Starting The Apache HTTP Server... Jul 31 16:02:41 7d6ef84b6907 apachectl[36]: Action 'start' failed. Jul 31 16:02:41 7d6ef84b6907 apachectl[36]: The Apache error log may have more information. Jul 31 16:02:41 7d6ef84b6907 systemd[1]: apache2.service: Control process exited, code=exited status=1 Jul 31 16:02:41 7d6ef84b6907 systemd[1]: apache2.service: Failed with result 'exit-code'. Jul 31 16:02:41 7d6ef84b6907 systemd[1]: Failed to start The Apache HTTP Server.

      The important lines to note are the ones showing that Apache failed to start. However, there is nothing in the output that indicates an AH02572 error message. Examining the systemd logs for Apache using the journalctl command, or checking Apache’s configuration files with apachectl configtest will not help locate information that you can use to troubleshoot the error.

      To diagnose and resolve an AH02572 error, the next section explains how to examine Apache’s logs directly.

      Examining Apache’s Logs

      Apache logs diagnostic information about its internal operations to various locations, which differ depending on your Linux distribution. Typically, Apache is configured to log error messages to a separate log file from access requests in order to help with debugging, monitoring, and alerting.

      On Ubuntu and Debian-derived systems, Apache defaults to using /var/log/apache2/error.log for error messages.

      On CentOS, Fedora, and RedHat-derived systems, Apache defaults to logging errors to the /var/log/httpd/error_log file.

      To examine Apache’s logs for evidence of an AH02572 error message, use the grep utility to search for the error code in the appropriate log file for your distribution. While there are other tools like less that you could use to find evidence of an AH02572 error, grep will only display lines with the error code so you can be sure of whether you’re affected by the issue.

      Invoke grep like this on Ubuntu and Debian-derived systems:

      • sudo grep AH02572 /var/log/apache2/error.log

      On CentOS, Fedora, and RedHat-derived systems, use the following command:

      • sudo grep AH02572 /var/log/httpd/error_log

      If your Apache server is affected by an AH02572 error, you will have output like the following:

      Output

      [Mon Aug 03 13:21:47.677235 2020] [ssl:emerg] [pid 26:tid 140355819735360] AH02572: Failed to configure at least one certificate and key for 172.17.0.5:443

      If your server is affected by an AH02572 error, the next section of this tutorial explains how to resolve it, by either disabling the ssl module, or configuring Apache with a private key and public certificate file.

      Resolving an AH02572 Error

      There are three ways to resolve an AH02572 error. The first option to resolve the error is to configure Apache with a private key and public certificate that is signed by a recognized Certificate Authority (CA). Let’s Encrypt is a free CA and you can use it to issue a valid certificate. This approach will ensure that traffic to and from your server is encrypted properly, and that web browsers and other HTTP clients trust your Apache server.

      Another approach is to create a self-signed certificate for your Apache server. This approach is useful for development and testing environments, or in cases where your server is not directly connected to the Internet and you can establish trust between systems manually.

      The last approach to resolving an AH02572 error is to turn off Apache’s ssl module entirely. This option is the least preferred since traffic to and from your server will not be encrypted. However, if you are only using your Apache server for local development or in a trusted environment, this approach can be valid.

      The following sections explain how to resolve an AH02572 error using each of the three options.

      Resolving an AH02572 Error with a Let’s Encrypt TLS Certificate

      To encrypt traffic to your Apache server using a free Let’s Encrypt TLS Certificate, use one of the guides that is specific to your Linux distribution from this tutorial series: How To Secure Apache with Let’s Encrypt.

      The Let’s Encrypt process is mostly automated, and the scripts will configure Apache for you. Moreover, the issued certificate will also be renewed automatically so you do not have to worry about it expiring in the future.

      If you are using a Linux distribution that is not included in the How To Secure Apache with Let’s Encrypt series, the Let’s Encrypt documentation includes links to interactive Certbot instructions that can help you configure your Apache server with a valid TLS certificate.

      Resolving an AH02572 Error with a Self-Signed Certificate

      To encrypt traffic to your Apache server using a self-signed certificate, use one of the tutorials from this series that explains how to create Self-signed SSL Certificates with Apache.

      These tutorials demonstrate how to generate a private key and public certificate for your Apache server. They also demonstrate how to use the SSLCertificateFile and SSLCertificateKeyFile Apache directives to configure your server with the certificate that you generate.

      If you are not using a distribution that is listed in the Self-signed SSL Certificates with Apache set of tutorials, this OpenSSL Essentials: Working with SSL Certificates, Private Keys and CSRs guide can help you create a private key and self-signed public certificate that you can use with Apache.

      Note: Where possible, it is best to use a free Let’s Encrypt certificate, or other commercially issued TLS certificate. Self-signed TLS certificates are not trusted by default by browsers and other HTTP clients. As a result, your users will see a security error when visiting your site. However, if you are doing local development, or your use case does not require a valid TLS certificate you can opt for the self-signed approach.

      Disabling the ssl Module

      The last approach to resolving an AH02572 error is to turn off Apache’s TLS/SSL support by disabling the ssl module. This approach is less desirable than encrypting traffic to your server with a TLS certificate, so be certain that you do not need TLS support before disabling the module.

      To disable Apache’s ssl module on Ubuntu and Debian-derived systems, run the following command:

      On CentOS, Fedora, and RedHat-derived systems, disable the module with the following command:

      • sudo rm /etc/httpd/conf.modules.d/00-ssl.conf

      Once you have disabled the ssl module, run apachectl to test that the configuration is valid.

      • sudo apachectl configtest

      A successful apachectl configtest invocation should result in output like this:

      Output

      Syntax OK

      You can now restart Apache using the appropriate systemctl restart command for your Linux distribution.

      On Ubuntu and Debian-derived systems, run the following:

      • sudo systemctl restart apache2.service

      On CentOS, Fedora, and RedHat-derived systems use this command to restart Apache:

      • sudo systemctl restart httpd.service

      If there are no errors from the systemctl command then you have disabled the ssl module successfully.

      Conclusion

      AH02572: Failed to configure at least one certificate and key errors are challenging to detect and troubleshoot. They cannot be diagnosed with the usual systemctl, journalctl, and apachectl commands. In this tutorial you learned how to use the grep utility to examine Apache’s logs directly for evidence of an AH02572 error.

      Next you learned how to use Let’s Encrypt to configure Apache with a TLS certificate to secure your traffic and resolve the AH02572 error. You also learned about using self-signed TLS certificates for development and isolated environments. Finally you learned how to turn off the ssl module for those situations where it is not needed.



      Source link

      Cloud Security Tips for Financial Services: 5 Key Takeaways from an Industry Expert


      Today we are pleased to welcome guest blogger Tony Bradley, Senior Manager of Content Marketing for Alert Logic, INAP’s trusted managed security partner and expert in cloud security for financial services customers.
      – Wendy Williams, Product Manager, INAP

      Show me the money, and I’ll show you a cybercriminal ready to attack.

      The sophistication of digital financial services and mobile banking have greatly expanded the attack surface criminals can exploit. While technology has given us the luxuries of quickly depositing a check via our mobile device or shopping online, it has also created ever evolving security challenges.

      Planning your cloud security strategy? Below are five key takeaways for IT infrastructure pros in the financial services space:

      1. Moving to the cloud changes the entire approach to security. A comprehensive view of your environment is critical, so choose a partner who can provide security monitoring of the environment, as well as network intrusion detection, vulnerability management and log management.

      2. The level of expertise and the amount of people needed to maintain compliance using exclusively in-house services is cost prohibitive for all but the rarest of enterprises. The best options are to evaluate a trusted managed services partner or adopt technology that integrates services as part of the solution.

      3. eCommerce has paved the way to unprecedented growth and revenue but opens doors to exponential compliance and threat risks. Using public cloud providers calls for 24/7 platform security. It is important to understand who has what security responsibility when utilizing cloud platforms and service providers. Furthermore, it pays to spend time evaluating whether or not your solution provider and partner have a deep understanding of your preferred platform. If they don’t, look elsewhere. This approach will ensure hard-to-detect web attacks such as SQL injection, path traversal and cross-site scripting risks are mitigated.

      4. A solution may complement in-house capabilities, however, sometimes getting the right resources becomes a balancing act. As the hottest market today, security experts are scarce. In fact, according to (ISC)2, a non-profit IT security organization, there are an estimated 2.93 million cybersecurity positions open and unfilled around the world. The best advice is to develop a relationship with a service provider and a partner who can truly be an extension of your internal team and who has both the technology and resources to ensure constant surveillance, as well as the ability to stand up to any rigorous compliance audit.

      5. We’ve only just witnessed the beginning of technologies touting AI capabilities. If you’re ready to adopt an AI-based solution for cybersecurity, ensure that it can draw on data sets of wildly different types, allowing the “bigger picture” to become clear from not only static configuration data and historic local logs but global threat landscapes and concurrent event streams, as well.

      It’s more important than ever for businesses in the financial services industry to have the right tools and partners in place. Remember: Any solution you choose should be more than widgets and a slick UI. Too much is on the line. The road to holistic cloud security begins with proper implementation and infrastructure design, detailed, best practice configuration, and a plan for continuous monitoring and threat response. Chat with our partners at INAP today to get started.

       

      About the Author

      Tony Bradley is Senior Manager of Content Marketing for Alert Logic. Tony worked in the trenches as a network administrator and security consultant before shifting to the marketing and writing side of things. He is an 11-time Microsoft MVP in security and cloud and has been a CISSP-ISSAP since 2002. Tony has authored or co-authored a dozen books on IT and IT security topics, and is a prolific contributor to online media sites such as Forbes and DevOps.com.

      Wendy Williams
      • Product Manager, Private Cloud and Security Services


      READ MORE



      Source link