Affordable Accessibility Solutions by WebAbility – Compliance Made Easy

WebAbility offers affordable accessibility solutions that help your website meet ADA and WCAG compliance without high costs or complexity. Our accessibility widget provides essential features like screen reader compatibility, font scaling, contrast adjustments, and keyboard navigation. It’s quick to install, fully customizable, and perfect for businesses of all sizes. With WebAbility, making your site inclusive, user-friendly, and legally compliant is simple, effective, and budget-friendly.

A Brief Guide on Current State of Web Accessibility Lawsuits

Get a quick overview of the current state of web accessibility lawsuits and what it means for website owners and businesses.

To whoever designed the university housing student portal,

If I find you, I am going to remove your knee caps with a belt sander.

Sincerely your new comm & media student resident.

Accessibility Experts

Learn how to create inclusive and compliant PDF documents with our ultimate guide on PDF accessibility best practices!

!!! my tag system is below all of this,,, I moved it under a cut because people reblog this post for the links :P

edit: thx for the love on this post. im going to try and continually update this!

⇩ ⠀sites FULL of web graphics ⇩

blinkie maker : make your own blinkies!

DOLLZ REVIVAL : a revival of pixel dolls where you can create and share your own. very cute!

GlowTxt : create glowing transparent text gifs that say whatever u want

HOARDER'S PILE : contains blinkies, buttons, stamps, and teddies

plasticdino.neocities.org : blinkies

Glitter Graphics : contains gifs, blinkies, dividers, and just sooo many web graphics

Cute Kawaii Resources : contains gifs, blinkies, stamps, favicons, dividers, buttons, fonts, literally everything you need. its an insane resource

Adrian's blinkie collection : collection of blinkies, stamps, and buttons

☆ (supplies.ju.mp) : blinkies, stamps, buttons, & favicons

twigbranch.carrd.co : blinkies

lallys.carrd.co : blinkies, stamps, dividers, and other resources

Bugleeblinkie.carrd.co : blinkies, and 3 very special gifs at the end ;)

unshinesblinkies.carrd.co : blinkies

The 88x31 GIF Collection : buttons. there are 5 parts! huge collection!

Bonnibel's Graphic Collection : blinkies

WELCOME TO GIFCITY : blinkies, dividers, favicons, stamps

cass-tastrophe.carrd.co : blinkies, stamps

kotatsuOS : blinkies

Cute web graphics : blinkies, stamps, dividers, and a LOT of other graphics, all very cute

⇩ some html tools! + tags below cut ⇩

MDN (mozilla.org) : if you're just starting out like me this is super helpful HTML Tutorial (w3schools.com): same here! (offers other programming languages as well!) Accessibility Checker(Free Scan) : a site you can use to check accessibility/ADA compliance when making your website! it will point out what needs to be changed. it is free, but they also offer paid services if you need more help imagecolorpicker.com : hex code picker. i use this one because you can upload an image, paste clipboard, OR type in the website and it'll grab a screenshot for you! something simple that was made really well. cssgradient.io : helps you make css gradients for backgrounds or whatever else you need them for smartgb.com : a free guestbook service FC2 Counter! : free "site visits" and "online now" counters. fully customizable Unclosed Tag Checker by Alicia Ramirez : does as it says, checks for unclosed tags (although I recommend using a program that does this as you write anyways. I use Visual Studio Code. Status Cafe : an updateable and embeddable status that you can stick anywhere on your site! it is mostly customizable with CSS but I have noticed a few small quirks with it

my tagging system :))

#graphics

#blinkies

#stamps

#buttons

#dividers

#html/css

#resources

#code

e10's web (neocities.org) <- shameless site plug. show it some love :P

"Bots on the internet are nothing new, but a sea change has occurred over the past year. For the past 25 years, anyone running a web server knew that the bulk of traffic was one sort of bot or another. There was googlebot, which was quite polite, and everyone learned to feed it - otherwise no one would ever find the delicious treats we were trying to give away. There were lots of search engine crawlers working to develop this or that service. You'd get 'script kiddies' trying thousands of prepackaged exploits. A server secured and patched by a reasonably competent technologist would have no difficulty ignoring these.

"...The surge of AI bots has hit Open Access sites particularly hard, as their mission conflicts with the need to block bots. Consider that Internet Archive can no longer save snapshots of one of the best open-access publishers, MIT Press, because of cloudflare blocking. Who know how many books will be lost this way?  Or consider that the bots took down OAPEN, the worlds most important repository of Scholarly OA books, for a day or two. That's 34,000 books that AI 'checked out' for two days. Or recent outages at Project Gutenberg, which serves 2 million dynamic pages and a half million downloads per day. That's hundreds of thousands of downloads blocked! The link checker at doab-check.ebookfoundation.org (a project I worked on for OAPEN) is now showing 1,534 books that are unreachable due to 'too many requests.' That's 1,534 books that AI has stolen from us! And it's getting worse.

"...The thing that gets me REALLY mad is how unnecessary this carnage is. Project Gutenberg makes all its content available with one click on a file in its feeds directory. OAPEN makes all its books available via an API. There's no need to make a million requests to get this stuff!! Who (or what) is programming these idiot scraping bots? Have they never heard of a sitemap??? Are they summer interns using ChatGPT to write all their code? Who gave them infinite memory, CPUs and bandwidth to run these monstrosities? (Don't answer.)

"We are headed for a world in which all good information is locked up behind secure registration barriers and paywalls, and it won't be to make money, it will be for survival. Captchas will only be solvable by advanced AIs and only the wealthy will be able to use internet libraries."

So with the pandora's box of AI being released into the world, cybersecurity has become kind of insane for the average user in a way that's difficult to describe for those who aren't following along. Coding in unfamiliar languages is easier to do now, for better and worse. Purchasable hacking "kits" are a thing on the dark web that basically streamline the process of deploying ransomware. And generative AI is making it much easier for more and more people to obscure their intentions and identities, regardless of their tech proficiency.

The impacts of this have been Really Bad in the last year or two in particular. For example:

(I'm about to link to sources, and you better be hovering and checking those links before clicking on them as a habit)

Ransomware attacks have become increasingly lucrative for private and state-sponsored hacking groups, with at least one hack recently reported to have resulted in a $75 MILLION payout from the victim. This in combination with the aforementioned factors has made it a bigger and bigger risk for companies and organizations holding your most sensitive data.

In the US, the Salt Typhoon hack over the past year or so has compromised virtually all major phone networks--meaning text and phone calls are no longer secure means of communication. While this won't affect most people in day-to-day, it does make basically all the information you share over traditional phone comms very vulnerable. You should avoid sharing sensitive information over the phone when you can.

CISA updated their security recommendations late last year in response to this compromise. One of the recommendations is to use a separate comms app with end-to-end encryption. I personally prefer Signal, since it's open source and not owned by Meta, but the challenge can be getting people you know on the same service. So... have fun with that.

2FA is no longer as secure as it was--because SMS itself is no longer secure, yeah, but even app-based 2FA has been rendered useless in certain circumstances. One reason for this is because...

A modern version of the early-2000's trick of gaining access to people's accounts via hijacked cookies has come back around for Chromium browsers, and hackers are gaining access to people's Google accounts via OAuth session hijacking. Meaning they can get into your already-logged-in accounts without passwords or 2FA even being needed to begin with. This has been achieved both through hackers compromising chrome browser extensions, and via a reinvigorated push to send out compromising links via email.

Thanks to AI, discerning compromised email is harder now. Cybercriminals are getting better at replicating legitimate email forms and website login screens etc., and coming up with ways to time the emails around times when you might legitimately expect them. (Some go so far as to hack into a person's phone to watch for when a text confirmation might indicate a recent purchase has been made via texted shipping alerts, for example)

If you go to a website that asks you to double-click a link or button--that is a major red flag. A potential method of clickjacking sessions is done via a script that has to be run with the end user's approval. Basically, to get around people who know enough to not authenticate scripts they don't recognize, hackers are concealing the related pop ups behind a "double-click" prompt instruction that places the "consent" prompt's button under the user's mouse in disguised UI, so that on the second click, the user will unwittingly elevate the script without realizing they are doing it.

Attachments are also a fresh concern, as hackers have figured out how to intentionally corrupt key areas of a file in a way that bypasses built-in virus check--for the email service's virus checker as well as many major anti-virus installed on endpoint systems

Hackers are also increasingly infiltrating trusted channels, like creating fake IT accounts in companies' Office 365 environment, allowing them to Teams employees instead of simply email them. Meaning when IT sends you a new PM in tools like Zoom, Slack, or Teams, you need to double-check what email address they are using before assuming it's the real IT person in question.

Spearphishing's growing sophistication has accelerated the theft of large, sensitive databases like the United/Change Healthcare hacks, the NHS hack & the recent Powerschool hack. Cybercriminals are not only gaining access to emails and accounts, but also using generative AI tools to clone the voices (written and spoken) of key individuals close to them, in order to more thoroughly fool targets into giving away sensitive data that compromises access to bigger accounts and databases.

This is mostly being used to target big-ticket targets, like company CSO's and other executives or security/IT personnel. But it also showcases the way scammers are likely to start trying to manipulate the average person more thoroughly as well. The amount of sensitive information--like the health databases being stolen and sold on the darkweb--means people's most personal details are up for sale and exploitation. So we're not too far off from grandparents being fooled by weaponized AI trained off a grandchild's scraped tiktok videos or other public-facing social media, for example. And who is vulnerable to believing these scams will expand, as scammers can potentially answer sensitive questions figured out from stolen databases, to be even more convincing.

And finally, Big Tech's interest in replacing their employees with AI to net higher profits has resulted in cybersecurity teams who are overworked, even more understaffed they already were before, and increasingly lacking the long-term industry experience useful to leading effective teams and finding good solutions. We're effectively in an arms race that is burning IT pros out faster and harder than before, resulting in the circumvention of crucial QA steps, and mistakes like the faulty release that created the Crowdstrike outage earlier last year.

Most of this won't impact the average person all at once or to the same degree big name targets with potential for big ransoms. But they are little things that have combined into major risks for people in ways that aren't entirely in our control. Password security has become virtually obsolete at this point. And 2FA's effectiveness is tenuous at best, assuming you can maintain vigilance.

The new and currently best advice to keeping your individual accounts secure is to switch to using Passkeys and FIDO keys like Yubikeys. However, the effectiveness of passkeys are held back somewhat as users are slow to adopt them, and therefore websites and services are required to continue to support passwords on people's accounts anyway--keeping password vulnerabilities there as a back door.

TLDR; it's pretty ugly out there right now, and I think it's going to get worse before it gets better. Because even with more sophisticated EDR and anti-virus tools, social engineering itself is getting more complex, which renders certain defensive technologies as somewhat obsolete.

Try to use a passkey when you can, as well as a password locker to create strong passwords you don't have to memorize and non-SMS 2FA as much as possible. FIDO keys are ideal if you can get one you won't lose.

Change your passwords for your most sensitive accounts often.

Don't give websites more personal info about yourself than is absolutely necessary.

Don't double-click links or buttons on websites/captchas.

Be careful what you click and download on piracy sources.

Try to treat your emails and PMs with a healthy dose of skepticism--double-check who is sending them etc for stealthily disguised typos or clever names. It's not going to be as obvious as it used to be that someone is phishing you.

It doesn't hurt to come up with an offline pass phrase to verify people you know IRL. Really.

And basically brace for more big hacks to happen that you cannot control to begin with. The employees at your insurance companies, your hospital, your telecomms company etc. are all likely targets for a breach.

On Online Accessibility

I painstakingly wrote this (or similar) out for a long, slightly ranty thread on BlueSky (which I had to restart several times as the app kept wiping it), so here it is in slightly expanded format with the points in the right order:

The Rant

I am literally BEGGING organisations, ESPECIALLY ones that are apparently supporting disabled people, to stop sending badly formatted, image-only mailouts.

This advice post is brought to you by a recent terrible email to a list of disabled people that was an Inaccessibility 101. (To their credit, they did respond fairly quickly with "Oh no! It was not supposed to do that!" and sent out a plain text one shortly afterwards. They didn't get all of the things below wrong, but this is a general "Here's how you can start to do better" list based on my - and others' - experience, including of personally getting it wrong.)

The List

If you feel that your formatting dream can only be fulfilled by a single large image, at least provide the means to access a plain text version of the relevant information. You've already had to type it, you can just copy-and-paste it elsewhere (alt-text or linked transcript, preferably both).

If you must use coloured text, please check that the contrast between it and the background is sufficient for people to access. You want to be able to ensure that they can read your message. There are plenty of sites that will check your Web Accessibility Standards, including this one, top of the Google search: https://accessibleweb.com/color-contrast-checker/

Unless accessibility standards have changed recently (and I'm happy to learn if they have), please avoid serifed fonts. Plain doesn't have to mean unpretty. Verdana and Tahoma are your friends, for example.

Plain backgrounds. But if you absolutely insist on having your text in front of an image, create a clear barrier between the words and the background (plain, thick outline or a box around the text like old-school subtitles). You want to minimise distractions.

Talking of which: paragraph formatting. Justified paragraphs will create distracting "rivers of white" that will make text processing difficult for e.g. folk with dyslexia or certain flavours of ADHD. Likewise, don't cram your lines too close together and distinguish clearly between paragraphs.

Don't make use of tiny images if people can't click through and see them in more clarity. And please try to describe your images, especially if they have relevant information in them. People who cannot process them will lose out, and you'll lose that connection. There are professionals who will describe for you (I'm one of them), or increasingly sophisticated apps.

Standard text emoji will be read aloud by screenreaders, so you don't need to supply descriptions for them, but do try to avoid long strings of them. Similarly, don't use a string of asterisks to divide sections. Imagine a robot voice saying asterisk asterisk asterisk asterisk asterisk each time. No. Use a line divider or even just a single *.

Please don't highlight text using underlining (too distracting), especially for text mid-paragraph. Use bold instead. Similarly, use italics sparingly, and certainly not for full paragraphs of text. If you want to highlight using colour, see point 2. above re: checking contrast.

If your hashtags are several strung-together words, make the beginning of each new word a capital letter e.g. #BetterAccessibilityNow to help both the screenreaders and folk who find it difficult to parse text generally distinguish between the words.

Some more thoughts:

"Why should I bother with all this? Surely it's only a handful of people who can't access stuff like this!"

a) Ugh. Bad attitude, friend.

b) But let's talk numbers of people not getting your message. Recent worldwide estimates: 49.1 million blind people. 224.1 million with moderate and 33.6 million people with severe visual impairment. 300 million people with colourblindness. 780 million (10% of the population) people are believed to be dyslexic.

It just makes business sense to not miss out on reaching so many folk. Let alone learning how to exercise empathy and thereby how to communicate with people who literally don't see the world as you do. And I know there's a spoons cost to making stuff more accessible - trust me, I know! But more and more platforms make it incredibly easy to add alt-text to your images, but there are always ways around it if they don't, and practising makes things easier.

And, while we're at it: subtitle your videos and provide transcripts for longer ones. Again: if you've already written a script, what's stopping you pasting it into another place for people to access as a bare minimum? And there are loads of reasonably priced transcription services out there (or do what I do and edit the auto-transcription)!

Anything to add (or correct me on)? Let me know!

psa — pls use neurodivergent / dyslexia friendly fonts and high contrast text vs background color choices for low-vision fans interacting with your fanworks!

aka: making your podfic cover art and / or gifsets & text post memes more widely accessible and viewer friendly

-continues below the cut-

okay, hey, hi! thanks-in-advance for reading this long post (lol or skipping to the tldr) ₍^. .^₎Ⳋ ⸜(｡˃ ᵕ ˂ )⸝♡

so, first of all! i made a canva poster regarding which fonts i consider to be neurodivergent & dyslexia friendly *in my personal opinion* -- it also has examples of text (foreground) vs immediately surrounding background color choices with luminosity contrast ratios that meet minimum WCAG standards for low-vision web users -- btw there's a plain text list of the fonts included and colors used on the poster near the bottom of this post

-----

-----

so! what do i think makes a font family neurodivergent / dyslexia friendly and / or accessible to low-vision persons?

i think a font is visually accessible if it passes the tests of:

no-exact-mirror-letters [ b d p q ]

distinguishable-vertical-bar-characters [ 1 I l i ]

and also very very importantly: i find it at least aesthetically tolerable 😅😉

which btw @staff the default tumblr True Blue color scheme uses a font that fails both of these tests — UPDATE: test failure for every color scheme's default font when using the ios app (side note: we need a dark mode for the queer pride color scheme)

UPDATE: i just tested all color schemes on my chromebook -- Vampire theme has a default font (combined with a tolerable-to-my-eyes low-light compatible color scheme) that passes these readability tests in the chrome browser but i don't know about any of the other browsers *shruggie*

-----

and here's a color palette representation of the color choices i made on the poster with their associated hex codes

-----

some context:

so while i was working on research (motivated by @flamingwell 's post) about ways to make my podfics accessible for hearing-impaired fandom friends, i got to thinking about how i often struggle to read lovingly made podfic covers and painstakingly created fandom-themed gifsets and text post memes here on our beloved hellsite. and so i was inspired to try and raise awareness amongst the podficcers making cover arts and the magicians making gifsets & memes! about webdesign standards regarding visual accessibility

btw! if you're tracking this, my research and experimentation with how i personally can make my podfics more accessible to those with biomechanical and/or neurological hearing challenges is still in progress, but you can read more about what i've learned so far here!

==========

some links:

-----

my preferred browser-based tools for choosing font vs bkgd colors

https://colorable.jxnblk.com -- free & no ads

https://www.audioeye.com/color-contrast-checker -- free & some ads but Very Official lol

https://coolors.co/contrast-checker -- free & no account necessary to use & no ads -- also has a really neat color palette generator tool

https://www.canva.com/colors/color-wheel -- free & no account needed to use & no ads

-----

this tool simulates colorblindness on png / jpeg images

https://www.vischeck.com/vischeck/vischeckImage.php

==========

okay so! if you don't want to interact with the poster just now, or if you would like to be able to c&p an exact font name or color for your own use! here's a plain text list of all the fonts referenced as being low-vision / neurodivergent / dyslexia friendly in my opinion & based on my lived experiences on my poster, as well as the colors i chose to use as examples of high-contrast fonts vs bkgd

p.s. as of 2025.06.19--all but 2* of these fonts are available with a free account on canva.com

-----

my suggested body text aka plain fonts

ABeeZee

Amaranth

Belgrano

Nexa Slab*

honorable mention

Alice

Andika

BIZ UDPMincho

Cooper BT

Droid Serif

Duru Sans

(Atkinson) Hyperlegible

Marmelad

Merriweather

Monradok

Moonjelly*

PT Serif

Quando

Tirosh

my suggested header text aka fancy fonts

Black Ops One

Playwrite US Modern

Vast Shadow

honorable mention

Apple Juice

Bree Serif

Carollo Playscript

Comfortaa

Kurale

Lobster Two

Soft Icecream

Special Elite

my suggested websafe fonts (boring fallback choices, but necessary i guess)

Cambria / Caladea

Comic Sans

Courier New

Georgia

Verdana

Times New Roman / Tinos

-----

what colors did i use? and their hex codes

the dark blue bkgd #060644 aka ~federal blue~

the pale pink used for main header shape #ebddd7 aka ~champagne pink~

the yellow 'plain fonts' header shape #e0f19c aka ~mindaro~

the pale rose-pink header for 'fancy fonts' #9e6f6d aka ~rose taupe~

the grey bkgd for the text example boxes #373f51 aka ~charcoal~ and the pale pink font #ebddd7 aka ~champagne pink~

the yellow used on the example of how ugly the open dyslexic font is to me #ffd230 aka ~jonquil~

subtitles example: light blue font (usually called cyan in subtitle menus btw) #05e0e9 aka ~robin egg blue~ and black bkgd #000000

the honorable mentions box: blue #0033a0 aka ~egyptian blue~ and the white font #ffffff

the green-ish box #33443c aka ~dark slate gray~ using the pale pink font #ebddd7 aka ~champagne pink~ with the pale yellow link #e0f19c aka ~mindaro~

the purple box #5b3256 aka ~japanese violet~ using the pale pink font #ebddd7 aka ~champagne pink~ with the pale blue link #dcecf5 aka ~alice blue~

-----

a final consideration re font choices: don't be afraid to use Big Font Sizes and Use Up Some Space in your text overlay visual arts! especially for the most important information; WCAG standards recommend 18 point font size for easier readability (or a 14pt bolded font)

-----

TLDR--what i am asking for people to do when designing podfic covers and gifsets (well. really any artwork with a text overlay on an image) is to choose the font color and immediately surrounding background color to have a high contrast ratio (3:1 min for headers and 4.5:1 min for smaller fonts) AND to use dyslexia friendly fonts. pretty pretty please!

and in conclusion: OPEN DYSLEXIC IS AN UGLY FONT AND A DIRTY LIE AND I HATE IT SO MUCH PLS DON'T USE IT I BEG YOU orz orz orz YOU HAVE BETTER OPTIONS — SO. MANY. BETTER. OPTIONS

-----

end post

how to install dashboard unfucker (for desktop)

hi i use desktop and i use the dashboard unfucker extension by dragongirlsnout and you should too because it's awesome. i don't know much about computers so it was intimidating to set up but ended up being really easy.

but first:

what is dashboard unfucker?

dashboard unfucker is an extention that makes being on tumblr bearable again.

(ID: 2 screenshots of tumblr with urls/posts etc censored. the first is with the new layout, with labels on the left, the ad-free button, "check out these blogs," "explore all of tumblr," the radar, and no easy way to access your own blog. the second is with the extension enabled, the left hand side of the screen is empty, posts are wider, navigation icons are back at the top right, and the only thing on the right-hand side of the dash is the dashbaord unfucker and limit checker and tag replacer from xkit. end ID)

i got it for layout changes like these- the first is cramped and ugly and i feel like i'm on twitter. the second is warm and comfy and i can make my posts wider (i dont like all the empty space). (limit checker, tag replacer, and post color were done on xkit and palettes respectively, not unfucker, btw)

with the dashboard unfucker you can:

hide the following/blog subs/for you etc tabs

get rid of the changes/staff picks/etc carousel

hide recommended blogs and tags

add profile pics back to posts

hide the radar

hide the explore page

hide tumblr shop

hide user badges

highlight bots in ur activity feed

show who follows u in the activity feed

make posts wider/slimmer and move the dash posts position to the left/right

revert messages design (and make the messages box bigger)

revert activity feed to the old design

display vote counts on polls

show poll results without clicking (no more skewing polls or "see results"!!)

disable tumblr domains

add polls to reblogs

disable "post without tags?"

show ns.fw posts

and other things that i probably missed copying this from the settings!!

so how do you do it? it seems scary but it's easy actually. take my hand

(note: i did this on firefox and tested it on chrome, i'm not familiar with other browsers, also use firefox if at all possible fuck chrome)

how to install dashboard unfucker

step 1: install either tampermonkey, tampermonkey beta, greasemonkey, or violentmonkey (if you don't already have it)

note: im using tampermonkey as an example because it's what i use

step 2a: go to firefox extensions/chrome web store/your browser's equivalent

step 2b: look up "tampermonkey" and click "add to firefox/chrome/whatever" and confirm

step 2c: you're done! yayyy

step 2: click this link. look under "installation" where it says "Click on unfucker.user.js to install or update". and click that

(ID: a screenshot of the tampermonkey install page, showing dashboard unfucker v5.7.8 installation information, the source code, and the install/cancel button. end ID)

(it should open in a new tab and look like this)

step 3: click install! (when i did this it didn't look like much happened and i got scared. dont get scared take my hand)

step 4: go to www.tumblr.com and to the right of the dash it'll have the dashboard unfucker label to the right!

(ID: the default dash again, but with the dashboard unfucker title at the top right of the right-hand side of the dash. end ID)

step 5: click the little gear icon and all the options will pop up! u can fuck around with em to ur heart's content. i recommend exporting after ur done and saving it somewhere in case u have to uninstall/reinstall to troubleshoot or smth

you're done! now u can see the results of polls without clicking them and other such things

(ID: a poll i have not voted on. it has 17 votes and 23h 56m remaining. the title is "poll :)" and the answers are "answer 1" "answer 2" and "see results". there are no percentage labels, but the amount each answer has is indicated by light blue bars in each result, as they would be if i had voted. end ID) note: i'm not sure how/if this aspect of the extension is indicated for screenreaders

THIS POST IS TRANSGENDER BTW!

ADA Compliance Tool for Inclusive and Legally Compliant Websites

WebAbility’s ADA Compliance Tool is designed to help websites meet the Americans with Disabilities Act (ADA) standards with ease and affordability. Featuring a user-friendly accessibility widget, it offers tools like screen reader compatibility, keyboard navigation, contrast controls, and text adjustments. No coding is required, and it integrates seamlessly into any website. Ideal for businesses of all sizes, this tool ensures your site is accessible, legally compliant, and welcoming to all users. Stay protected and promote inclusivity with WebAbility.

How do Individuals with Disabilities Use the Web?

Learn how people with disabilities use the web, and discover ways to view your website more accessible for everyone.

since i saw that accessibility post floating around here's a contrast checker where you can just pop in any two colors and see if they pass modern standards, and here's a tool from the same site that lets you just scan an entire web page for accessibility errors

note: i'm not an accessibility expert by any means, these are just some tools that helped me

ForgottenWriter's Guide to Writing: Getting Started, Part One.

So, I mentioned before that I might do this, and a few people were interested. I decided to actually put my money where my mouth was for once; this guide is going to be a practical guide to writing for a beginner. Now, this one is aimed at people who want to do stuff in fandom spaces, but a lot of what I am going to be doing here is also relevant to original work. I'll start you off with the basics, and help to teach you everything I've learned over the many, many, many years that I've been doing this.

True to its nature, this article will be pretty basic, but as we go, I'll get to more advanced stuff and concepts. You want to know how to do a proper character arc? Or characterise someone? Or make dialogue flow naturally? Or attract readers? Or really, anything like that? I'm your girl, and just because we don't cover it right away doesn't mean we're not going to cover it. But before we get into that, who am I and why do I get to give you these lessons? Well, I'm a writer, and a pretty successful one! Not only have I been in fandom species since the early 2000s, I'm also a self published author and writer of commissioned fiction. I live and breath writing, and not only do I think it's incredibly important, but I also treasure it as something that we all can have, and which can help us connect to one another.

I've been writing for a long time. Counting it all, I've been writing for almost two thirds of my span of life. I've done a lot, seen a lot, made a lot, fucked up a lot, and learned from it - hopefully a lot! My list of achievements include a fairly successful web novel-ish quest which ran for multiple years at hundreds of comments, votes and discussion per chapter, a 70K word steampunk novel, and a series of decently successful short stories published under a different, business name.

tl;dr, I'm not saying that I am an expert here and we always have more to learn. But I am saying that i know the basics, and know them well enough to make a living doing this shit, so let me pass on a little bit of what I know to you all if you're in any way interested.

So, what do you need to get started with writing? I'm going to be treating you like you know absolutely nothing here, and handing you some of the basic tools. The first thing you're going to want to have is a word processor of some sort. Back in ye old days, there were really only two games in town: Microsoft word and OpenOffice, but these days, there are a ton more options. I'll go over some of them and weigh the pros and cons.

Microsoft Office Microsoft office used to be the standard. Back in the old days, if you could use this, you would. Believe it or not, I don't hear it used much anymore, but if you happen to have it, it can serve well. It's formatting is still universal, and it provides a good grammar and spelling checker.

The downside of this is that it's paid, and microsoft can be pricey. It tends to be bundled with other programs, so if you already have it, you can use it. If you don't, it's not worth coughing up the cash for this alone. Also, it's had some AI controversies I believe, and some writers don't trust it. LibreOffice LibreOffice is an off-shot of OpenOffice, which was Microsoft's big, open source rival for writing back in the day. OpenOffice boasted that it could offer everything Microsoft offered, but for free. That's true! But I find it has a bit of a steeper learning curve. That said, I don't believe they've dipped into AI, and to this day, they're still free and can export documents into various formats.

If you want an word processor but don't want to pay, this one is pretty near the top of the list, and it's what I used for years and years.

Google Docs Google Docs is also a word processor, but differs from the others in several key ways. The first and most important is that your work is saved to the Cloud; you can access it from any computer. This also means that it doesn't matter what kind of computer you're running - LibreOffice won't run well on a chromebook for example, and Microsoft Office has no hope in hell, but anything will run Google Docs. Docs is also free, and has essentially unlimited space. Technically, limited, but if you're only writing, you'll probably never hit it. In my experience, the spelling and grammar checker is worse on google docs than Libre, but this is a minor complaint, and the main drawback of google docs is twofold.

Firstly, if your google account is ever lost, compromised or blocked, you lose everything. Your documents will be deleted, and you will instantly lose access without warning. Now, I rarely hear about this happening, but it's something to be aware of.

Secondly, AI. Google is very AI happy, and there has been suggestions in the past that they harvest information from google docs without permission. This has never been proven, but comes up somewhat semi regularly within author circles. Make up your own mind how likely you think it is.

Generic Word Processor These are things like Notepad, or some other brand of word processor. Typically, they won't serve as well as the ones I've name-dropped above, but you can write on anything in a pinch. The most important thing is to find something that works and clicks with you.

I spent years operating off LibreOffice, and before that, it's ancestor, OpenOffice, and nowadays I do most of my work via Google Docs.

These are all you will need to start writing in fandom spaces. Now, there are more advanced tools - especially if you're aiming to get published, but we can cover those in a later post. They don't matter right now.

Create Accessible PDFs

The Ultimate Guide To PDF Accessibility: How To Make Your Documents Inclusive And Compliant

In today’s digital age, Portable Document Format (PDF) files have become an integral part of our information-sharing process. Whether educational materials, corporate reports, or government publications, PDF files with Accessibility maintain the original formatting and allow users to access information consistently across various devices. However, for PDFs to be truly effective, they must be accessible to all, including those with disabilities. Besides, as about 61 million adult Americans have some disability, you risk their not being able to access the ADA-compliant PDFs and content you create. And it’s not just those with visual impairments that are affected. Even people with a mobile or hearing disability may face problems accessing your web content or PDF.

This is why the ADA and Section 508 focus on making life for those people with disabilities much easier. They require that places of accommodation be accessible to users with disabilities. As PDFs are commonly used on the web, they also have to comply with these laws based on the criteria set by the WCAG. While web compliance is important, creating accessible web content can be challenging. PDFs are especially difficult to manage as they are complex files inaccessible out of the box. It’s only experts who know WCAG and ADA standards well who can take care of the task. We have provided some tips about PDF accessibility features in this article. However, don’t worry if the information overwhelms you. We at ADA Site Compliance can help if you don’t know how to ensure your website or PDF is accessible. Our team of accessibility experts will not only check your PDFs and website content for accessibility but also constantly monitor and update your website and PDFs based on the latest accessibility updates.

Overview of Portable Document Format (PDF)

PDFs, developed by Adobe, have transformed how we share electronic documents. The format was created to maintain document integrity while allowing easy sharing. PDFs are based on an image model that differs from the typical PostScript language commonly used. It is to improve interaction and accessibility that PDFs are structured differently.

What makes an accessible PDF?

As the name suggests, an accessible PDF is a PDF anyone with any disability can easily read and navigate through. And it can mean different things for users with different disabilities. For example, for those with visual impairments, an accessible PDF can mean any of these three. It can mean:

They can easily zoom into the texts if need be

The content has high contrast, making it easy to read

They can easily read the PDF using the help of screen readers

In the case of users with physical disabilities, it means ensuring users can easily navigate through the entire document with the help of a keyboard. These readers find managing a mouse for navigation difficult, so being able to use a keyboard is a welcome move for them. For users with hearing impairments, creating an accessible PDF will mean having captioned audio and video content. In short, the main aim of creating web-compliant PDFs is to provide them with an alternative means of accessing content. Most PDFs have some of these options as default, like zooming and keyboard navigation. However, it doesn’t mean that these PDFs are necessarily accessible. They can, however, be made accessible just by implementing some additional steps.

Characteristics of Accessible PDF Files

Accessible PDFs are a must to ensure inclusivity. Most importantly, they feature searchable text, which, in the process, makes content available to screen readers. Besides, unlike scanned images of text, accessible PDFs can be selected, copied, and edited. This can prove helpful to everyone requiring more clarity about the PDF. Optical Character Recognition (OCR) technology also plays a crucial role in making content searchable and thus accessible to all.

Navigating PDF Accessibility

Ensuring that your PDF documents are fully accessible can be a complex task, but it’s an essential one. This is especially required with the World Wide Web Consortium (W3C) Web Content Accessibility Guidelines (WCAG) having set the standards for digital accessibility. These guidelines encompass various aspects, including alternative text alternatives, navigation, and readability. Adhering to these guidelines is crucial to creating PDFs that are both legally compliant and user-friendly. Besides, ensuring that your website and the content you provide, including PDFs, are accessible is not just a legal obligation; it’s a moral imperative. By embracing accessibility, you not only comply with the law but also open doors for a more inclusive and diverse audience.

Accessible PDFs: A Key to Digital Inclusion

The importance of accessible PDFs cannot be overstated. They open up a world of information and opportunities for individuals with disabilities. Accessible PDFs offer text-to-speech capabilities, allowing screen readers to convey the content to visually impaired users. Moreover, they allow users to navigate the document efficiently, providing screen reader users with a seamless reading experience. When your documents are accessible, you broaden your reach and cater to a broader audience. This inclusivity can increase website traffic and customer engagement, benefiting your business or organization.

How to Remediate an Inaccessible PDF?

Making an inaccessible PDF accessible isn’t about perfection; it’s about improving and providing access for all. Whether you have the original source document or just a PDF, here is a rundown of the best ways to enhance existing PDF documents for accessibility with the help of the right tools and processes. Contact ADA Siite Compliance today so we can make ALL your PDF documents fully accessible.

1. Determining the Accessibility Path for Each PDF Document

As PDFs can be generated in various ways, there is no cookie-cutter accessibility solution. Each document has and needs a unique solution.  The good news is there are some tools like Adobe Acrobat Pro with multiple accessibility features, making the remediation process more manageable.

2. Starting with an Accessible Document

The journey to accessible PDFs begins with the source document. Whenever possible, it is always better to start the remediation process with the document title in native file formats. The reason is that any and all documents created in Word or desktop publishing software can be later easily exported as PDFs. This is a useful feature as it allows for adding additional text, headings, data table structures, other document structure tags, language definitions, and more.

3. Preventing Security Settings from Interfering with Screen Readers

Ensuring that screen readers can navigate your PDFs smoothly is an important step in remediating inaccessible PDFs in the form fields in the proper PDF format. It is always better to avoid copying, printing, extracting comments, or editing PDFs. The reason is that these actions can hinder accessibility. There are tools that can help you ensure that access permissions do not interfere with screen reading.

How to Make a PDF Compliant with Accessibility?

Achieving document accessibility in your PDFs is essential. It ensures that users with difficulties can at least use the help of assistive technologies like screen readers to interpret your whole document structure’s structure correctly. Besides, as mentioned earlier, compliance with ADA standards helps make your digital landscape more inclusive to reach out to more of your target audience and, in the process, generate more web traffic.

How do you make accessible PDF documents?

There are a few optimal practices to adhere to within reading order to make a PDF accessible documents, and they are to:

Make things simple; in other words, use simple language in the PDF

Ensure you include as many relevant headings and subheadings as possible

Including meaningful alt-text for all the images and graphics you have in your PDF

Ensuring the text in the PDF is not only readable but has sufficient contrast with the background for better readability

Not depending much on colors to convey information as it can be intimidating to users with color blindness

Always make more use of accessible tables and lists in PDF documents

Adding bookmarks where possible

Using a catchy and interesting title, and of course, specifying the language used in the PDF

Correctly tagging the different elements

Setting titles and metadata as and where appropriate

Adding captions to videos and other non-text content accessible

It is undoubtedly time-consuming to create accessible PDFs. However, the end result of a compliant, accessible PDF file, which increases your reach and reduces the chances of facing a legal lawsuit, makes the item invested well worth it. Besides, you can always use the help of PDF accessibility checkers for PDF document audits and verifications as per the latest accessibility standards. And if that’s too cumbersome, you can always have the experts take care of your PDF compliance while you focus on what you do the best!

Web Accessibility Provider

Ensuring web compliance is a multifaceted endeavor. It may seem to take lots of time and be confusing to many. It’s where web accessibility providers, like ADA Site Compliance, play a crucial role in ensuring your website and PDFs meet ADA standards. We have a team of accessibility experts who can help make web compliance so much easier and less time-consuming for you. With our expertise, we can ensure your site and all your PDFs are easily accessible to all, including individuals with disabilities.

In conclusion, the world of PDF accessibility and web compliance is multifaceted, but it’s a journey worth embarking on. By ensuring that your PDFs are accessible, you not only meet legal standards but also contribute to a more inclusive and diverse digital landscape. Together, we can make the Internet a place where everyone can access information and opportunities. Contact ADA Site Compliance for all your website accessibility needs today!

Secure Your Laravel App: Fix Insufficient Transport Layer Security (TLS)

Introduction

Transport Layer Security (TLS) is vital for ensuring secure communication between clients and servers over the Internet. Insufficient TLS configurations can leave your Laravel web applications exposed to various cyber threats, like Man-in-the-Middle (MitM) attacks. In this blog post, we’ll explain the risks associated with insufficient TLS security in Laravel and provide a detailed guide on how to configure your Laravel application for optimal security.

Additionally, we’ll show you how to check and resolve potential TLS issues using our free Website Security Scanner tool.

What is Insufficient Transport Layer Security?

Insufficient Transport Layer Security occurs when a website fails to use strong encryption protocols like TLS 1.2 or higher, or when it doesn't properly configure SSL certificates. This exposes web applications to data interception, tampering, and attacks. A properly configured TLS ensures that all data transmitted between the server and client is encrypted and secure.

Common Issues in Laravel with Insufficient TLS Security

Some common causes of insufficient TLS in Laravel include:

Outdated SSL Certificates: Using deprecated SSL/TLS protocols (like SSL 3.0 or TLS 1.0) that are no longer considered secure.

Improper SSL/TLS Configuration: Misconfiguration of the web server or Laravel app that doesn’t force HTTPS or downgrade protection.

Weak Cipher Suites: Servers using weak ciphers, making it easier for attackers to break the encryption.

Lack of HTTP Strict Transport Security (HSTS): Without HSTS, an attacker can force the browser to use an insecure HTTP connection instead of HTTPS.

How to Fix Insufficient TLS in Laravel

Upgrade Your Laravel App’s TLS Protocol To enforce TLS 1.2 or higher, you'll need to configure your server to support these protocols. Here’s how you can configure your server to prioritize stronger encryption:

In Apache: Modify the ssl.conf file:

SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

In Nginx: Edit your nginx.conf file:

ssl_protocols TLSv1.2 TLSv1.3;

These configurations will ensure that your server uses only secure versions of TLS.

2. Force HTTPS in Laravel Laravel provides an easy way to force HTTPS by modifying the .env file and the config/app.php file:

In .env file:

APP_URL=https://yourdomain.com

In config/app.php file:

'url' => env('APP_URL', 'https://yourdomain.com'),

This will ensure that all requests are redirected to HTTPS, preventing insecure HTTP access.

3. Enable HTTP Strict Transport Security (HSTS) HTTP Strict Transport Security is a web security policy mechanism that helps to protect websites against Man-in-the-Middle (MitM) attacks by forcing clients to communicate over HTTPS. Here's how to add HSTS headers to your Laravel app:

In Apache: Add the following line to your ssl.conf or .htaccess file:

Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"

In Nginx: Add the following line to your nginx.conf file:

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

4. Use Strong Cipher Suites Weak cipher suites allow attackers to break the encryption. You can configure your server to use strong ciphers:

In Apache:

SSLCipherSuite HIGH:!aNULL:!MD5:!3DES

In Nginx:

ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256';

5. Use a Valid SSL/TLS Certificate Ensure that your website uses a valid SSL/TLS certificate from a trusted Certificate Authority (CA). You can get a free SSL certificate from Let's Encrypt.

How to Check TLS Configuration with Our Free Tool

Before and after implementing the changes, it’s essential to check the security status of your website. You can use our free Website Security Checker Tool to evaluate your website’s TLS configuration.

Go to https://free.pentesttesting.com.

Enter your website URL to start the scan.

Review the vulnerability assessment report for TLS issues.

Screenshot of the Free Tool

Here’s a screenshot of the free Website Security Checker tool in action:

Screenshot of the free tools webpage where you can access security assessment tools.

Screenshot of a Vulnerability Assessment Report

After running the scan to check website vulnerability, you’ll receive a detailed report highlighting any security vulnerabilities, including issues related to TLS. Here’s an example of the vulnerability assessment report:

An Example of a vulnerability assessment report generated with our free tool, providing insights into possible vulnerabilities.

Conclusion

Ensuring sufficient Transport Layer Security in your Laravel app is crucial to protecting sensitive data and preventing attacks. By following the steps outlined in this blog, you can fix any TLS issues and enhance the security of your web application.

Don’t forget to check your website using our free Website Security Checker tool to identify any existing TLS vulnerabilities and other security flaws.

Need help? Contact us at Pentest Testing Corp for professional vulnerability assessments and penetration testing services to secure your website further.