Site Policies

Privacy

Cookies

Cookies are set by WordPress in the CVblog, but they are not viewed, stored, or compiled for any other purpose. Cookies are not used elsewhere on the site.

Other Identifying Data

Apache (web server) records standard information for every visit, such as operating system, browser, and IP address. The logs are used to generate site statistics, but the data is not otherwise compiled or stored. The only other use of identifying information is by CGI scripts (e.g. Contact Form). Scripts are favorite targets of those making sport, and business, of compromising sites, so IP addresses are logged separately and available for forensics in the event of an attack. They are used for no other purpose.

Conclusion

No attempts are made to identify visitors, and there is no storing or compiling of data beyond default settings of standard software (as described above). My business seeks visitors to engage the company for advancing their purposes, and is not about using their personal data to facilitate some ulterior gain of mine.

Miscellaneous

Scripting

The main web site does not currently use any active scripting. This is a conscious choice based mostly on personal security preferences. My browser's are generally configured with scripts disabled, although enforcement has eased somewhat in recent years.1

Arguably, more caution is required today, not less. Although valid uses exist for scripting, malicious use is on the rise. Drive-by downloads are becoming a more common tactic for the botnet criminals—and not just from illegitimate sites. Compromised pages on popular, mainstream sites are increasing,2 as this becomes a more popular attack vector. In short, carefully policing the sites you visit, staying away from "bad" ones, is no longer sufficient to remain safe from the reach of malware.

We have chosen to forgo the benefits of active scripting. Of course, this doesn't mitigate the risk of site compromise, but it does allow visitors to have scripts disabled without losing functionality. "Bells and whistles" (e.g. navigation menus) are implemented using CSS. This site will lack the glitz of some others, but it allows for safer browsing and forces the focus on content, rather than moving and/or flashy parts.

Navigation

Navigation used to be ad hoc, with the old site using both left and right navigation blocks, sometimes changing between sections with different subject matter. To start, the new site adopted a two column layout, with navigation links at the top, which will be implemented consistently across the site. The CVblog is the lone current exception, a conscious and functional choice. One possible future exception will be the integration of content from the old web site, which might reflect the design of the period. The one constant: the logo on every page connects to the home page.

Following external links will most often take you to the destination using a new window or tab. With tabbed browsers, my preference has changed, from strongly opposing this behavior, to wanting links opened in a new tab. There is no way to please every visitor, so the best guess was to configure this site according to my choices.

Standards Compliance

An effort was begun in 2009 to make the site standards compliant (XHTML 1.0 Transitional, CSS 2.1). It was not a priority at the time, as it meant retrofitting old pages, some dating back 10 years. The process is now facilitated by the business retooling. New pages are created following the standards, and old ones converted if/when they are reintegrated, so the site should be fully compliant.

There are exceptions in the CVblog, which uses WordPress and includes a third-party theme and plugins. Tests indicate mostly compliant output with the few "errors" caused by attributes which are valid CSS 3. They could be eliminated by simply deleting the definitions in the third-party .css files, but our purpose is to eliminate deprecated features and botched syntax of otherwise standard code. These exceptions are not errors, per se, and not a concern for current efforts.

1. A firefox addon, NoScript, facilitates simple and temporary granting and revocation of rights per site/visit.
2. U.S. Treasury sites were compromised May 03, 2010. There are many other examples and the pace of attacks is increasing.