Be fast, be secure, be accessible

Learn why performance, security, and accessibility are the pillars of web development and the O’Reilly Fluent Conference.

By Allyson MacDonald
January 31, 2018
Kings Cross Kings Cross (source: Free-Photos)

When my fellow program chairs of the O’Reilly Fluent Conference, Kyle Simpson and Tammy Everts, and I started thinking about how we’d describe a theme for the event back in 2016, we came up with “Building a better web.” While we recognized it can sound a little hand-wavey, a big part of this theme is a crucial layer of the developer experience — the bigger-picture more goal-oriented perspective that comes along with skill development. When we thought about what it takes to build a better web, we kept coming back to the idea of a fast, secure, accessible web — one that works for users of all backgrounds and abilities, one that reaches users of varied connection speeds and devices, and one that keeps its users safe. If there are three main pillars of the modern web, they are: performance, security, and accessibility.

It may seem obvious that these pillars should be key areas of focus and investment for engineering and product teams, and yet so often they’re treated as an afterthought. And while the practice of calling out these domains can feel like a hackneyed reminder to “eat your vegetables,” it’s worth it to think about the ways these areas intersect in our organizations and impact customers.

Learn faster. Dig deeper. See farther.

Join the O'Reilly online learning platform. Get a free trial today and find answers on the fly, or master something new and useful.

Learn more

The great thing is so many people and organizations are focusing on building out awareness and progress across these foundational web practices — and many of them have come to Fluent to share ways we can use existing and emerging tech to serve real-world users.

Performance is people

At Fluent 2017, Eli Fitch’s talk on perceived performance was an eye opener for me to some of the nuances of performance and UX that are often taken for granted.

Even though we’re optimizing our code for machines, at the end of the day, performance is a human issue. If your users and customers are going to overestimate the passive time it takes for your app to load or shopping cart page to update, then you need to plan for that. In his talk Fitch went through great use cases and UX strategies that teams could implement to keep users in active phases and optimize perception management.

It’s also an interesting time to be thinking about the future of performance. A fast-growing part of the program at Fluent focuses on the shift to web experiences beyond the screen, with developments in conversational UI and voice, AR/VR, and AI. The fact is, whether accessing the web on mobile, on a Roku app or in one’s car, on high-speed cable or a shaky connection, our perception of response times and performance as users stays relatively consistent, and our expectations are high. As the web ecosystem grows more complex and more of our daily interactions take place beyond the desktop, addressing performance as an add-on in your development strategy will no longer suffice.

Keep users safe

The conversation around security and the web has always fascinated me, in part, because of the inherent openness and sharing nature of the web. We come to the web to post, and share, and buy, and browse, but we also open ourselves up to vulnerabilities when it comes to security, privacy, and authorization. After more than two decades of the web, chances are if you can name a major web company, you can also name a major data breach that company has suffered at the cost of thousands, and more often, millions, of users.

Progress on the web platform has often been a balancing act of pushing and innovating forward while protecting against new threats. Just as progress in the capabilities of the web has created more complexity for performance and UX considerations, our ability to develop a more user-friendly web, to create better developer tools, also creates potential threats from attackers.

I often think back to a quote from Jarrod Overson’s talk at Fluent 2016, where he pointed out that “If you have value, there is value in exploiting you.” Phishing campaigns, bots, and malicious threats are a problem for companies of all sizes and industries. In the talk, Overson asked the audience to imagine the percentage of traffic to a major Fortune 500 login page was made up of bots. Is it 10%? 25%? More? The answer was not what I expected.

92%! That not only means that an overwhelming pattern of traffic is coming from potential attackers, but also that engineering teams are often optimizing code and performance for robotic and malicious traffic.

The web is for everyone

An essential part of “building a better web” means removing barriers for users and helping them enjoy the same, equally satisfying web experiences as others. The US Census Bureau estimates that 1 in 5 Americans have a disability, but at the same time, more than 70% of websites are broken for disabled users, including those who rely on assistive technology to navigate the web.

Accessibility is one of those topics that everyone agrees at a high-level is important, but often is only relegated to a few, specialized team members to implement. And it’s true that not everyone on a development or product team will invest in the same traditional a11y practices we think of when we think of “accessibility,” but in order to make a positive impact, we really need everyone to get on board.

At Fluent 2017, Marcy Sutton presented a keynote “Innovating with Accessibility in Mind” that dispelled many of the common misconceptions around accessibility, while also calling out the fact we can do better.

If you’re a frontend developer, if you’re a designer, if you’re a site reliability engineer, if you’re a CTO, you should not only care about accessibility, you should be holding your teams and stakeholders accountable for delivering accessible web products.

In the end, it comes back to another line from Jarrod Overson’s presentation: we can’t patch our way through this. It’s clear that performance, security, and accessibility act as support beams for modern, successful site and app architecture on the web, and treating them as add-ons in your development workflow will not suffice. Creating teams and company cultures that embrace and evangelize these modern user needs is important, and it often requires major shifts both mentally and organizationally. But by making horizontal investments in these pillars, you can ensure you’ll be shipping better products and meeting your customer needs. In conclusion: it’s time to eat your vegetables. But we promise, it’s actually sort of fun.

Further Resources:

Post topics: Web Programming

Get the O’Reilly Radar Trends to Watch newsletter