[thelist] Site check: Staples.com

[Ken Schaefer]

> -----Original Message-----
> From: thelist-bounces at lists.evolt.org [mailto:thelist-
> bounces at lists.evolt.org] On Behalf Of Shawn K. Quinn
> Subject: RE: [thelist] Site check: Staples.com
> 
> On Tue, 2005-09-20 at 16:20 +1000, Ken Schaefer wrote:
>   [I wrote:]
> > > And there is absolutely none of this that requires Javascript to do a
> > > redirect.
> >
> > There may be some reason why it's there (it might be some functionality
> > supplied OOB by an application), and there's no compelling cost/benefit
> > reason to change it
> 
> There is. It's broken. You buy a car with an obvious defect straight out
> of the factory, the dealership fixes it at no cost, paid for by the
> company that made it. I don't think it's unreasonable to expect software
> companies to work the same way.

What evidence (other than your opinion) do you have that it's broken? Site
seems to work perfectly well for me.


> > > It's rather well known that letting any
> > > old site run Javascript on your system is poor security practice
> >
> > No, it's not a "poor security practice".
> 
> Yes it is, the same way running every program you get in an e-mail is
> poor security practice.

Again, your opinion only.


> > It's a risk, like everything you do, and every piece of functionality
> > you want from your software. Risks are there to be managed, avoided or
> > passed to something else. What might not be acceptable to you is
> > perfectly acceptable to me - I certainly have javascript enabled in my
> > browser.
> 
> I do, for sites that I trust, and only sites that I trust. Everybody
> else falls back to the non-script alternative.

So, it's not poor practice. It's a risk. You manage that risk. You allow
javascript to run for sites you trust. Everybody manages risk differently.
You manage it a particular way. I manage it in other ways.


> > I think that's largely irrelevant to someone running a large web site.
> > Anyone running a large scale public site would be obtaining metrics on 
> > what browsers people are using, and what functionality they have 
> > enabled. My experience is
> > that people with your setup are in a tiny minority.
> 
> So are people with >$1,000,000 annual income. Are you as quick to write
> them off as a tiny minority?

It's all about what makes good business sense. I'm astounded that your fail
to see that. There are *costs* involved with catering to any particular
configuration. Unless there's a payoff, there's no point spending the money.
Shareholders don't hand over their money to companies for them to p*ss it
down the drain catering to markets that don't produce a return. If there were
enough people earning >$1,000,000 that had a particular browser combination
and where willing to spend money at the store, then we should cater to them.
If not, then there's no point spending the money.

Cheers
Ken