Troy Hunt is a Software Architect and Microsoft MVP for Developer Security. He blogs regularly about security principles in software development at troyhunt.com and is the author of the OWASP Top 10 for .NET developers series and free eBook of the same name. Troy is also the creator of the recently released Automated Security Analyser for ASP.NET Websites at asafaweb.com. Troy is a DZone MVB and is not an employee of DZone and has posted 56 posts at DZone. You can read more from them at their website. View Full User Profile

10 Lessons for Uncultured Web Developers

09.10.2012
| 6553 views |
  • submit to reddit

Who likes being treated like they’re in a minority group? Unless it means you’re in that exclusive group of playboy (or girl) billionaires, “minority group” often ends up with you being unfairly discriminated against because you don’t represent the perceived majority. As with social discrimination, technology discrimination is frequently the product of ignorance; people often don’t understand the impact of their choices.

What a lot of this boils down to is culture, or more specifically, lack of cultural awareness. I’m talking about making assumptions based on what a developer may personally hold to be true but in the broader global context is incorrect and often marginalises their audience.

In the pursuit of a more globally harmonious online experience, let’s take a look at 10 lessons relating to aspects of web development with a cultural bent. Some of this may not be new to you, but all of it is relevant if you want to play nice with people from all cultural walks of life.

1. Firefox and Chrome command 91% of the market

No, really, they do:

Firefox and Chrome owning 91% of the Indonesian market

If you’re Indonesian, you use Firefox or Chrome. These stats come directly from StatCounter and whilst different statistics sites will give you different precise figures, the trend is always the same; Internet Explorer is dead in Indonesia. This is in a country where 93% of people are running Windows 7 or XP so it’s not like they’re all on Macs or *nix, they simply don’t use the default OS browser.

This is a perfect example of where knowing your audience is key and blanket statements made on a global scale are frequently irrelevant. Case in point: Chrome now several points ahead of IE in global browser market share. Only several points?! Worldwide, this is accurate but clearly if you’re interest is purely the Indonesian audience, the information here is irrelevant. Context is everything.

2. Almost always, 8/7 comes before 7/8

I know that everyone is aware of this already, it’s just that they often ignore it; there is a really significant chunk of the world that expresses dates as dd/mm rather than mm/dd. In fact if you’re using mm/dd, you’re in a very small minority and you are very likely either American or Belizean; no other countries exclusively follows this pattern (although a few swing both ways):

Date format by country

Abbr. B/L/M YMD/DMY/MDY Main regions and countries
Appx. pop in millions
  Cyan L DMY India (1190), Latin America (370), Asia (Central, SE, West), most of Europe (ca. 800), North Africa, Australia (20) 3200
  Yellow B YMD China (1340), Korea, Iran (80), Japan (130), Hungary, Lithuania. Due to ISO 8601 this is known in other countries too. 1500
  Magenta M MDY United States (310), Belize 310
  Red L, M DMY, MDY Philippines (90), Saudi Arabia (30) 120
  Green B, L YMD, DMY Nepal, South Africa, Austria, Portugal, Sweden, Norway, Denmark 110
  Grey B, L, M YMD, DMY, MDY Canada (30) 30
  Blue B, M YMD, MDY 0

The problem is not which way around the days and months are represented, it’s ambiguity. When you see nothing beyond “7/8” it could just as easily be the 7th of August as it could the 8th of July. Even if it’s a US (or Belizean) site, how do I know if it’s applying the local culture or has intelligently (either explicitly via my profile or implicitly via my by IP address) adjusted to my localisation settings?

A site like 6speedonline.com gets this wrong:

6Speed Online with ambiguous dates

Was that post from July or back in Feb? Without a day exceeding 12 or seeing it represented in some form of chronology with other posts, you can only guess.

A site like Stack Overflow gets this right:

Stack Overflow with explicit dates

Months are always represented with letters. Period. You can put it before the day or after the day but a month should never be represented in an ambiguous fashion and that’s precisely what digits are.

3. Your surname is 40 times more likely to be 王 than Jones

There are 2.38 million Joneses in the US but a whopping 92.88 million 王s in China (that’s “Wang” in Roman characters). Then of course there are many more occurrences of each in other countries but the point is that there are a huge number of people out there with names containing non-Roman characters.

For us developers, recognising and accommodating this is absolutely paramount. Imagine going to a website and being told you can’t register because your name is not permitted? Irish descendants across the world are nodding in pained agreement with this (O'Sullivan, O'Brien, O'Connor). My own Aussie government demonstrated this perfectly just recently with the no apostrophe name glitch in its e-health portal.

There are two primary fronts that we need to consider as developers:

  1. Is there any whitelisting or blacklisting which prohibits these names? The Irish names are often caught because an (incorrect) assertion is made that a name may not contain a single quote (often a very rudimentary approach to mitigating the risk of SQL injection).
  2. Can the data layer support multi-byte characters? If you provision your database with, say SQL Server varchar types, you’ve likely got a problem. Have a good read of the answers on Stack Overflow regarding when you should use nvarchar or nchar.

But it’s not just the Chinese you’re catering for with multibyte character support, for example there’s Д, Ҫ and Ң, all of which are Cyrillic and none of which play real nice in a varchar field. Of course there’s a downside to this performance wise, but there are also a whole lot of Wangs out there.

4. Windows XP still commands 68% of the OS marketplace

That’s right, you’re two and a half times more likely to be using the aging, decrepit, adolescent OS that is Windows XP than the nearest rival. Oh – but only if you’re in the world’s most populous country:

Windows XP commanding 68% of the Chinese market place

I’ve hypothesised in the past as to why China is hanging on to XP, but regardless of the root cause, the fact remains that this eleven year old operating system reigns supreme. Of course what this also means is that you can guarantee that 68% of the Chinese audience doesn’t have IE9 which won’t play nice on XP. No IE9 then means no HTML 5 unless they’ve moved away from the default browser. More on that shortly.

The big thing to note with the trend above it that XP is on a very gradual decline; we’re talking 10% and a bit per year plus it actually increased in July and August. At this rate, XP will continue to be dominant until about 2015 where it will have already entered teenage years.

5. Dollars ain’t dollars

Ever paid $30 for a coffee? It might sound excessive, but thousands of people pay this every day in Honk Kong because $1 there is only worth about one eighth of what it is in Australia or the US. Head to Singapore and $1 will get you about three quarters of what it will “down under” but then depending on where you are down under – Australia or New Zealand – you’ll get a bit more or a bit less for $1.

There are 35 countries or territories using dollars and its worth differs fundamentally depending on the context. Every time you represent $ without context there is some level of ambiguity about what the dollar is worth and when it comes to money, ambiguity is never good.

For example, what’s Ghost in the Wires going to cost me on Amazon?

Amazon showing ambiguous currency

I know Amazon is US based so is it American dollars? But then I also know they support automatic currency conversion, did I turn that on and am I seeing things in Australian dollars? Who knows.

Currencies come with an ISO 4217 code which represents that context; AUD, HKD, NZD, USD, SGD, etc. I’m not saying every $ symbol should be proceeded by three letters, but certainly somewhere within the context of those costs it needs to be made crystal clear what the dollar is worth.

Now let’s look at eBay; see if you can figure out what I paid for this item:

Ebay thowing explicit currency format

Crystal clear. No ambiguity, no guessing. This is way it should always be when money is involved.

6. Country code top level domains give context

When you’re in Australia, local websites use the .au TLD.

In the UK, it’s all about .uk.

If you’re Dutch then you’ll be looking at .nl.

The whole idea of country code top-level domains is that they give context; when you see that suffix on the domain it’s immediately clear what the intended scope of the site is. Problem is, not everybody seems to want to play by those rules.

This practice seems to be particularly rampant in the US which has a perfectly suitable country code TLD – .us. By way of some examples:

usoutdoor.com using an internationalised domain name

The name of the organisation makes the scope pretty clear, shame about the choice of TLD. Perhaps their scope is truly international as the TLD implies? Nope:

US Outdoor has been serving the needs of snow, water & land sport enthusiasts of the Pacific Northwestern United States for over 50 years.

How about a restaurant chain with domestic locations:

Mastro's Restaurant using an international domain name

Ok, maybe they’re just protecting the internationalised TLD so nobody else grabs it and they have genuine .us versions that were actually designed for their scope. Except they don’t – there’s no mastrosrestaurants.us and as for usoutdoor.us, well:

usoutdoor.us parked at GoDaddy

The .com TLD is theoretically internationalised so anyone can grab it regardless of the scope of intended use, as odd as it might be for local-only businesses. But then you have examples like .edu, .gov and .mil:

Name Entity Notes
.edu educational The .edu TLD is limited to specific educational institutions such as, but not limited to, primary schools, middle schools, secondary schools, colleges, and universities. In the US, its usability was limited in 2001 to post-secondary institutions accredited by an agency on the list of nationally recognized accrediting agencies maintained by the United States Department of Education. This domain is therefore almost exclusively used by US colleges and universities. Some institutions that do not meet the current registration criteria have grandfathered domain names.
.gov governmental The .gov TLD is limited to governmental entities and agencies in the US.
.mil US military The .mil TLD is limited to use by the US military.

Why are these US only? It’s a conundrum which we probably don’t regularly need to worry about, but it’s unusual all the same (I’d love to hear insight on why there’s no .us on these).

7. iPhone has a massive lead on the smartphone market

There’s the iPhone – then there’s daylight – then there’s everything else:

iPhone commanding the vast majority of the market in Australia

Down here in Australia we don’t much care for everything else. Ok, we do just a tiny little bit with Android gaining a bit more of a foothold this year but we’re basically not that interested.

Now in China, it’s a whole different situation altogether. Over there the iPhone languishes at only 15% of the market but that’s somewhat understandable given how late they were to market it. The iPhone has only “officially” been marketed in China since late 2009 and even then it didn’t get wifi. Then again, they’ve had HiPhones for quite some time and no, I didn’t misspell that.

Head over to Brazil and suddenly it’s Nokia and Samsung commanding two thirds of the market. Come back over to Asia and in India it’s more like 83% with iPhone representing only, well, it’s actually a bit hard to tell because it’s jammed right down on the x-axis with Sony, Motorola and Huawei, you know, the guys who we don’t want to let build our national broadband network.

The point is that mobile landscapes are extremely diverse. Physical handsets launch in different countries on different schedules and in some cases, don’t launch at all. Then there are the carrier dependencies plus the general prosperity of the population which all lead to very different trends in different locations.

Oh – about that StatCounter data – I don’t have a huge degree of faith in the accuracy of the mobile vendor landscape for a number of reasons but certainly the trends are consistent with my personal observations.

8. Time zones matter (and they’re not universally understood)

Time ain’t time; my 4:30 is probably different to your 4:30 which is again different from the next guy’s. Of course most people realise the world is broken down into somewhere around 40 time zones depending on what point of time you’re referring to (remember, they’re not static). In the end, the world gets sliced up into very uneven segments like this:

Global time zones

Every single point in time has a hidden piece of information which is the time zone it refers to. Without knowing this hidden information the time could be misinterpreted by anywhere up to a full day.

So what time is what? I mean take the following example:

Android forums not specifying the time zone

Was this posted in the middle of my day? Or is it American and that time is actually very early morning for me? Or British and it’s my evening? It’s an Android development forum appealing to a global audience so there’s no clear assumption that can be made about the time zone; it’s totally ambiguous.

Back to Stack Overflow and once again, they get it right:

Stack Overflow specifying the time zone

Ok, it requires the user to actively place the cursor on the time but at least the time zone is readily discoverable. Extra points also for this truly global site choosing coordinated universal time (which you probably know as UTC) rather than favouring a single culture-specific time zone.

Other times it makes sense to represent times in a fashion that’s context sensitive to the user. In ASafaWeb, I allow people to schedule scans at a specific time of the day and in a case like this, it makes a lot of sense to allow them to specify their time of day – not someone else’s. Here’s what happens in the user profile:

ASafaWeb allowing a time zone to be chosen

All of these time zones come out of the TimeZoneInfo class in .NET which means it’s dead easy to convert local times to UTC and vice versus whilst still getting daylight saving right (with a few odd exceptions). That last point is important and there are a lot of idiosyncrasies and instabilities around how time zones are structured so you really don’t want to be manually constructing these yourself.

Speaking of which, don’t do this:

Mailgun showing odd time zones

This is Mailgun’s implementation and it’s, uh, odd. Yes, yes, I know it’s the list from the tz database, but it doesn’t make any sense to most humans. There is no time zone in Australia for “South” or “West” or any number of the regional centres they list. The seven time zones for Antarctica further up the list are also a bit odd! It’s not just Australia, there are time zones for dozens and dozens of “America” locations and other odd names. In short, keep these relevant!

9. Don’t deprioritise your international audiences

Sometimes, online services are designed to target a very specific geographic demographic. For example, a grocery store can assume an audience in the immediate vicinity – in fact it’s probably preferable – to take some shortcuts and assume a local audience in contexts such as the contact page:

Woolworths showing locally targeted info

Assuming you’re calling from inside national borders this is just fine, and the opening hours clearly imply local time as well so no problems there.

But take a service such as the very excellent IFTTT (If This Then That) which allows you to orchestrate the interaction between a whole bunch of different autonomous online services. Anyone can sign up to IFTTT; it’s free, it’s in no way targeted at a single geographic audience and indeed it’s designed in such a way that anyone anywhere can get up and running very quickly. But there’s a problem when you create a Date & Time Channel:

IFTTT prioritising US time zones

Why, when you cast your mind back to those 40 time zones, are eight of them clumped together at the beginning totally out of their natural chronological sequence? Because they’re American. Now that would be quite ok if IFTTT was an American site – but it’s not. Unfortunately, what this means is that this (otherwise) very excellent service polarises the audience; you’re either American or you’re a second class usability citizen.

Of course the counter-argument will be “Oh, we’re predominantly used by folks in the US”. Americans are quite possibly the single largest audience based purely on population and internet take-up of its citizens combined with the fact that the Chinese audience (who would otherwise trump the American one on both fronts a couple of times over) tend to stick to local websites. But what advantage does this realistically provide the US audience? Less scrolling on one menu for a one-time process? That’s a bit of a pointless argument because if we apply the same ordering to the drop down list in Chrome but insert the US time zones in their natural positions, it looks like this:

Properly ordered time zones on IFTTT

Every single one of the US entries appears “above the fold” of the list and all time zones are living harmoniously in their natural order. This is always preferable to clearly indicating that audiences within your target demographic but outside your country of choice should receive a downgraded UX experience.

10. The wonderful world of Qihoo’s 360 Safe Browser

I take it by now that you’re ditching your Chromes and your Firefoxes and upgrading to the 360 Safe Browser, right? I mean this is the browser that has gone from less than 3% market share in May to 26% only two months later:

The 360 Safe Browser with huge penetration in China

That’s right folks, its China time again and in case this is new to you, this little guy is taking the far east by storm:

The 360 Safe Browser logo (near identical to Internet Explorer)

This is probably a somewhat familiar logo to you in the same way that when buying a car in Beijing, a BYD, RIICH, ARASH or HAIMA might be a familiar logo. But the issue of familiarity aside, the fact remains that 360 has achieved enormous popularity with some sources quoting it at up to 57% of the market share already. Remember also that this is in a country with 512M internet users as of today; that’s more than the US, India and Japan combined (the next three most populous countries by internet users).

Whilst the Chinese internet audience tends to be pretty self-contained within national borders (thanks in part to the great firewall), as a developer you probably should be asking yourself the question: “Will my site play nice on the browser currently being used by a quarter of a billion internet users?”

Some pragmatic advice

Much of this of this comes down to understanding the target demographic; if you’re building websites for Indonesians you should probably be taking a different approach than if they’re building them for the Chinese. But even if you’re not explicitly targeting a single culture, awareness of the diversity that exists in the internet landscape is still important so as not to isolate audiences.

Many times, playing nice on a global scale detracts nothing from the primary audience and has the added benefit of not marginalising the rest of the world. Would using one more character in your dates so that they weren’t ambiguous really hurt your usability? Or presenting time zones in their logical order genuinely mess up your US audience? Of course not, so play nice with your customers wherever they may be – especially if they’re in China!

Published at DZone with permission of Troy Hunt, author and DZone MVB. (source)

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)