The Evergreen

Welcome to The Evergreen List!
You can find useful links and articles to each category here that stay relevant for a longer time.
Learn more about how and why The Evergreen List is created.

News #

  • CSS Function Syntaxes (color and otherwise) - Tab Completion

    There’s a big change coming up for how we write colors in CSS. Tab Atkins recently changed the color functions syntax in the CSS specification. So in future, we will write rgb(0 255 0 / 50%) instead of rgba(0, 255, 0, 50%). This might sound awkward after years of doing it differently, but the reason for it are the new color functions available in CSS Colors Level 4, including color(). You can read more about this in Tab’s blog post, but for now be assured that the old syntax is likely to be supported forever in our browsers thanks to legacy support.

  • Introducing FlyWeb

    FlyWeb is a new experimental Web API that allows web pages to host local web servers for exposing content and services to nearby browsers. It also adds the ability to discover and connect to nearby local web servers to the web browser itself. This might be a bit hard to grasp now, but imagine this in combination with a decentralized service picking the nearest edge server via FlyWeb. You wouldn’t need any complex external CDN solutions that choose the “nearest” edge server via geolocation resolution or similar unreliable technologies anymore. Another use case could be an “off-grid on-the-fly network” with devices that use FlyWeb together with Bluetooth and WiFi chips to find other devices in the vicinity and hereby introduce a whole new area of network reliability. As FlyWeb is a technology experimentally developed by Mozilla, you need to have Firefox Nightly installed to test this out.

  • Introducing Visual Studio Live Share

    Microsoft announced Visual Studio Live Share which enables developers using Visual Studio or Visual Studio Code to collaborate in real-time. An amazing thing that Atom just introduced similarly to their editor with Atom Teletype — opening great new ways to collaborate and pair-program in a team.

  • Official Google Webmaster Central Blog: Using page speed in mobile search ranking

    This week also brings us news from Google’s web search team: Starting July 2018, the well known Pagespeed tool will become a ranking factor for mobile searches. This marks a point in history as it basically means that finally a lot more webstandards and best practices are enforced by this change and leads to better web performance and better adoption of web standards and also accessibility features.

  • Secure Contexts Everywhere | Mozilla Security Blog

    The announcement with the highest impact (probably this year) comes from Mozilla: Starting immediately, Firefox will require HTTPS for all new features built into the browser from now on. So this means not only privacy or security relevant information such as Geolocation API require HTTPS to work but for example the next CSS property or a new JavaScript feature will only be usable if a site is served via HTTPS. Google Chrome made a similar announcement last year, but the team hasn’t clarified when they will do this. The impact, as you can imagine is quite big, and while it might lead to an even faster adoption of HTTPS, there’s also a risk that new features are not adopted by developers as fast anymore. As an effect of this change, we might temporarily see even more “optimized for Chrome” messages on websites until this browser follows the same strategy. One thing at least is for sure: This week marks a quite important point in the history of the web — no matter what the feedback will be, it’ll definitely be interesting and change the way we build all our websites.

  • Google Online Security Blog: A secure web is here to stay

    The big news from browser vendors don’t stop coming in: Google Chrome now announced that starting in Chrome 68 (to be releaded in July 2018) the browser will mark non-secure sites (HTTP) as “not secure”, marking the end of non-HTTPS websites. I just imagine all the clients with their small business sites and portfolios desperate about this change. It’s great to see the shift to a more secure web but sometimes I feel like those who decide don’t think enough about the impact of small entities using the Internet as well.

Generic #


Tooling #

Security #

Privacy #

  • From Radio to Porn, British Spies Track Web Users’ Online Identities

    This pretty frightening article, released last week by The Intercept, shows how intelligence companies have broken our web and can spy nearly everyone by tracking all metadata from everyone using online music networks, cookies, video sites, blogging platforms, calls, or photos and online ads. In light of this development, it’s important that we give more focus on privacy for our users by implementing HTTPS (with HSTS, HPKP), limit advertising network’s data grabbing and prevent MITM attacks by using resource integrity hashing for our CDNs.

  • Ethics of Algorithms at a glance

    With the growing usage of algorithms in our everyday lives, we need to raise the question of ethics. Our human brain can make irrational and emotional decisions. And sometimes that is a necessary and good thing. But algorithms and computers can’t. This being the biggest challenge for artificial intelligence, we need to face this fact for already existing mechanisms like the Facebook news feed collection, or hiring algorithms. A good way would be to make such algorithms transparent, to give users a possibility to improve them and to make them more objective.

  • What every Browser knows about you

    Today, as developers, we have many great features built into the browser. On the darker side, many of the features are affecting privacy and security of the user, as a site can read most of the information available even without user noticing anything. A demonstration shows what information a site can get about you without your confirmation. An eye-opener to re-think browser UIs and how much responsibility we, as developers, have to do the right thing. Be it educating the product owners or your own product where you voluntarily display a dialog to give a choice and notice about sending such data to your servers, we should embrace ethics. As a user, I tried to access the demo with a default Chrome setting (revealing horribly much sensitive data) and Firefox with Strict Tracking Protection, uBlock Origin, Disconnect and 3rd party cookies disabled. Despite all blockers, the latter reveals ‘only’ the data about my browser, its active plugins, my hardware and my local and public IP address.

  • Alexa, Cortana, and Siri aren’t novelties anymore. They’re our terrifyingly convenient future.

    A.I. assistants can give you the news, order you a pizza, and tell you a joke. All you have to do is trust them — completely. An interesting story about the new listen-to-us devices that can scare the hell out of you if they surprise you. Reading George Orwell’s “Nineteen Eighty-Four” currently, I keep asking myself how we can still want to have such devices that are fully controlled by some company that only has follow-up commercial interest in selling such devices.

  • How sites can comply with Do Not Track

    This guide explains how websites and apps can comply with the Do-Not-Track settings (newer link: DNT Guide) of users and how to use the Consent API to let people opt-out of tracking. I would love to see every website that tracks something providing it.

  • Facebook’s new ads will track which stores you visit - Recode

    Facebook wants to prove that its ads lead to actual purchases. That’s why Facebook advertisers can now add their physical store locations, and Facebook will then track users by their phone locations and report if they have visited the store. Of course, Facebook is not the first company doing that: Google folks are proud of having done the same already for quite some time. I’m glad I don’t have apps of these brands on my phone anymore.

  • Uh Oh: Google Expands Its Ad Tracking. But, Yay: It’s Opt-In | WIRED

    Google adjusted their privacy settings once again. I’ll leave you with these useful links where you can adjust your privacy settings for Maps, All Account Activity, more activity controls, and finally Google Payment privacy settings which have opt-in for data sharing and analysis for advertising on by default. Note that Chrome has its own settings in the app as well. So far, privacy…

  • Battery Status readout as a privacy risk

    The Battery Status API in general sounds like a great addition to our web platform. Initially built by Mozilla to complete the API-set on the web, we can use it on websites to reduce the amount of interactivity and animation or serve videos in low resolutions when the battery is nearly empty, for example. Lukasz Olejnik, however, found out that this API is actually already used as a user tracking identifier by ad networks and others. And last but not least, it can also be used to charge more for a service when a user’s battery is low — as reportedly done by Uber.

  • Oversharing with the browser’s autofill

    Stoyan Stefanov explains why using autocomplete fields in forms is great for some fields but can easily lead to data oversharing when used on fields that aren’t required.

  • Respecting Users | foobartel Ltd. | Web Design

    Holger Bartel takes Vitaly Friedman’s article “̦Respect Always Comes First” as opportunity to highlight the importance of respecting users by asking a very interesting question: Everyone wants to create better experiences, but what are you willing to do for it? It’s not easy to find an answer and to blaze the trail for this in our work but an important part of building products.

  • #youbroketheinternet So We Got Tracked Anyway

    Guess what? Our simple privacy enhancing tools that delete cookies are useless, as this article shows and explains. There are way more clever and secure ways to track a user via TLS session tracking and we have not much power to do anything against this, so be aware that someone might be able to track you regardless of how many countermeasurements you have enabled in your browser.

Web Performance #


Accessibility #

JavaScript #


Work & Life #

Go beyond… #