The Future of Web Design: Google First Websites

In the near future your website may have to be Android first, Chrome first, Google first. Maybe even Google Phone first. Apple, Microsoft, and others are doing little to change this. Unfortunately the problem is caused by consumers, who buy a phone, turn it on, and Google becomes their god. And they leave it that way. We've created the thing that controls us and irritates us.

Their demands and expectations of massive news websites, sports sites, shopping sites, and others are increasingly affecting small businesses. Many of the things they expect of those sites don't make sense for small business sites. A website for Fox News and a website for Sally's Bakery are about as different as night and day, but Google sees no difference. They've either stopped caring or the web is becoming too hard for their gen-whatever employees to figure out. Either way, your website needs to stand up to some absurd expectations you probably aren't aware of.

Google figures your website should use HTTPS/TLS (a brilliant technology but pointless for most small businesses), AMP and content delivery networks (a great idea for powerhouse ecommerce sites like Amazon and Ebay, but nearly useless for small local businesses), and possibly PWA (making websites behave like apps, blending components of both).

They require certain coding practices and page flow (specific placement of elements, above-the-fold content, ads, etc.), special treatment of links to your website from other places on the internet, it must pass their mobile friendly test, PageSpeed test, and abide by their quality guidelines. And of course you should be using Search Console and Google Analytics.

They expect your site to use the latest coding techniques, even if it means your site won't work for a large number of people because their phones or browsers don't have the latest updates. Getting the latest updates isn't always a smart thing to do, there are often valid concerns around security and bugs. And some users simply can't get the latest updates for a variety of reasons. Too bad for them.

The future is yet to come, so we'll see how far things continue on this path before a change happens. I think a fundamentally new way of looking at the web is on the horizon, at least from a search point of view.

This post is an epilogue to my article about The Evolution of Websites on SGDM.

Software Security Design Flaws

An IEEE report notes that "the security of many systems is breached due to design flaws" rather than a particular coding mistake or unique bug.

Read the report here (pdf).

The recent bug bounty trend reflects the common approach of picking things apart to find mistakes and bugs, whereas the IEEE wants to identify and improve poor design practices. By uncovering the top security flaws found in software, developers can learn to write better code and spend less time fixing security problems after the fact.

Changing accepted practices around software design sounds like a goal that's a bit big, even if it is warranted. Things typically roll out as soon as they work, not as soon as they're safe. Security is someone else's problem, unless you make security products. Will this attitude ever change?

Here are the top software security flaws they identified:

- Assuming trust
- Weak authentication
- Authorizing before authenticating
- Processing control instructions from untrusted sources (and keeping data and control instructions together)
- Failing to explicitly validate data
- Failing to identify and protect sensitive data
- Using cryptography incorrectly
- Failing to consider user experience; prioritizing security over the needs of the user
- Increasing the attack surface by using external components
- Using static security implementations instead of flexible ones