Firefox 52: Better Font Fingerprinting Protection - gHacks Tech News

Firefox 52 is scheduled for March 7th this year, and it will bring better font fingerprinting protection. This means that when checking for system fonts, Firefox will only return the fonts that you have whitelisted instead of returning all fonts installed on the operating system.

Permalink

Microsoft Edge build 15002 changelog - Microsoft Edge Development

The Windows 10 build 15002 comes with a new Microsoft Edge release. It includes a number of improvements such as a preview of the Web Payments API, Flash content is now blocked by default, TCP Fast Open is now default, too, and support for Content-Security-Policy 2.0 and the WebVR API have also been added.

Permalink

The Typekit Blog | Introducing Source Serif 2.0

Do you remember or even use the font “Source Serif”? Version 2 is a major step forward. The character set was upgraded from Adobe Latin 3 to Adobe Latin 4 which means nearly double the number of characters and broader language support. The existing characters also got updates and now look even better. Last but not least, Source Serif 2 is completely open-source under the SIL Open Font License.

Permalink

Despite revoked CA's, StartCom and WoSign continue to sell certificates

I recently mentioned that most major browsers are blocking certificates from StartCom and WoSign entirely or plan to do so in the future. However, it seems that these certificate authorities still sell certificates. Don’t buy from them, their certificates will be useless by next month.

Permalink

Firefox 51 for developers - Mozilla | MDN

Say hello to Firefox 51. It ships unprefixed ::placeholder, broader ES2015 support, WebGL 2, IndexedDB v2, and tabindex for SVG. Scripts served with an image/*, video/*, audio/* or text/csv MIME type are now blocked.

Permalink

Safari 10.1

Safari 10.1 will be out soon and with it, a lot of new features will be available on Apple’s devices: fetch(), Custom Elements, CSS Grid Layout, Reduced Motion Media Query, and ES6 native modules are notable ones.

Permalink

Troy Hunt: HTTPS adoption has reached the tipping point

Thanks to browser vendors pushing it aggressively, HTTPS adoption has now reached the tipping point. Good to see, especially since man-in-the-middle traffic modifications increased a lot on non-encrypted traffic in the last few months. Sadly, these interceptions are not executed by federal authorities or hackers but by companies like Comcast, Norwegian Airlines, hotel WiFi network companies and the like.

Permalink

Incident report on memory leak caused by Cloudflare parser bug

Cloudflare experienced a memory leak caused by its document parser. Here is the incident report by Cloudflare.

Permalink

Release Notes for Safari Technology Preview 24 | WebKit

The fresh Safari Technology Preview 24 added support for PerformanceObserver and added <link preload> as an experimental feature. Furthermore, they implemented the dynamic JavaScript import operator and suspended SVG animations on hidden pages.

Permalink

The end of SHA-1 on the Public Web | Mozilla Security Blog

It was just a matter of time until browsers would stop accepting SHA-1 certificates. But this week, things took a sudden turn as Google researchers revealed the first practical collision for SHA-1, affirming the insecurity of the algorithm. As a result of this, starting from today, Mozilla will remote-update Firefox to not accept SHA-1 in certificates anymore.

Permalink

Annotation is now a web standard – Hypothesis

Web annotations are now a web standard, with a defined data model, vocabulary, and protocol. Let’s hope many of the browser vendors (Microsoft Edge) and service platforms will adopt the standard soon. For us developers it’s a huge opportunity, too, to build standardized annotations that are interoperable and to communicate with each other.

Permalink

Chromium Blog: Chrome 57 Beta: CSS Grid Layout, Improved Add to Home screen, Media Session API

Chrome 57 was released this week, and it brings us CSS Grids, the Media Session API, and Web Assembly. Also new is that Chrome will return an error for SHA1 certificates from now on.

Permalink

Firefox 52: Introducing Web Assembly, CSS Grid and the Grid Inspector ★ Mozilla Hacks – the Web developer blog

A new Firefox version was released to the public this week: Firefox 52. The new version will display a prominent warning if a user fills in their password on a non-secure page, rel="noopener" was implemented, too, just like broad support for CSS Grids, Web Assembly, and async/await. They also disabled all plugins except for Adobe Flash now.

Permalink

Samsung Internet Beta now available without sign up

The Samsung Internet browser beta is now available in the Google Play Store and via Samsung Galaxy Apps. It runs on Chromium 51, has support for progressive web apps, Service Worker, and content blockers.

Permalink

object-fit and object-position – Welcome to the Windows developer feedback site!

We waited for this update 2.5 years, now Microsoft is finally working on object-fit and object-position for Microsoft Edge. A great step towards better web compatibility and I really hope that it’ll land in an official build soon.

Permalink

Sketch 43 is coming to town with a new game. An open file format!

With Sketch 43, the app developers announced that the Sketch file format will be open-source from now on. This is great news because it means that everyone will be able to build a Windows app or a Sketch file viewer app. Since the format of choice will be JSON, we can even think of building automation for files via web services.

Permalink

New Web Features in Safari 10.1 | WebKit

Safari 10.1 was announced a while ago already, and this week it finally came to Macs and iOS devices around the world. The new Safari version ships CSS Grid Layouts, fetch(), IndexedDB2.0, Custom Elements, Form Validation, Media Capture, and much more. You can read more about what the new features are and how to use them in detail on the WebKit blog.

Permalink

Proposed Chromium policy on JavaScript dialogs  |  Web  |  Google Developers

Chromium is advising developers to not use alert(), confirm(), and prompt() methods in JavaScript anymore, and, in the future, they might even deprecate sites that still use them. The suggestion is to use the Web Notification API instead, in the hope that its asynchronous nature will prevent it from being misused against users. As a nice side effect, using the API will also speed up browser performance significantly.

Permalink

Security/Binary Transparency - MozillaWiki

This week Mozilla started with their Security/Binary Transparency project which allows third parties to verify that binaries from Mozilla match the original public source code exactly and also to check for its integrity. This is a huge step in open-source and binary app development that other applications out there would benefit from, too.

Permalink

WICG: Feature Policy

The Chromium project is implementing the WICG proposal of a Feature Policy (see launch status), an interesting concept to complete other policies such as the Content Security Policy. By allowing site owners to explicitly allow or disallow browser features such as geolocation, webcam/microphone access and similar things, sites can better protect their users from exploits.

Permalink

Angular: Angular 4.0.0 Now Available

The next major release of Angular, Angular 4.0, is now available. It’s smaller and faster than it’s predecessor and ships flat ES modules.

Permalink

Robert Haas: New Features Coming in PostgreSQL 10

Good news if you’re using PostgreSQL: The upcoming PostgreSQL 10 offers some great new features. It’ll support logical replication in addition to the already existing logical decoding, up to 4x faster parallel query, SCRAM Authentication, and a lot of other useful things.

Permalink

What’s new in Microsoft Edge in the Windows 10 Creators Update - Microsoft Edge Dev BlogMicrosoft Edge Dev Blog

With the new Windows 10 creators update, Edge 15 went live. It comes with a new tab management interface, a book reader mode, and better energy efficiency. But even more interesting for us are the implementation of the Web Payment Request API, CSS Custom Property support, Brotli support, WebRTC, async/await, and Intersection Observer.

Permalink

Uncensorable Wikipedia on IPFS - ipfs blog

The IPFS team currently works hard to provide an uncensorable version of Wikipedia via IPFS, and, following news of Turkey blocking access to Wikipedia, the Turkish version is already available.

Permalink

Announcing JSON Feed

RSS feeds are XML-based documents, and for a lot of people, they have always been a pain to write, serve, and validate. Now, there’s JSON Feed, a format that brings today’s preferred data structure format for APIs to feeds.

Permalink

Intelligent Tracking Prevention | WebKit

In an attempt to prevent privacy violations by advertisers, Apple’s Safari browser will soon come with Intelligent Tracking Prevention built in. It’s a machine-learning-driven algorithm that auto-deletes tracking cookies and other data. And to make it even cooler, the learning algorithm will run on your local device, not in the cloud.

Permalink

New in Chrome 59  |  Web  |  Google Developers

This week, Chrome 59 was released. It brings headless Chrome and native notifications for macOS.

Permalink

Safari Technology Preview 32, with WebRTC, is Now Available | WebKit

Safari’s Technology Preview 32 brings a lot of the announced features of the upcoming Safari 11 to developers already today, including WebRTC support, WebAssembly, and auto-play prevention.

Permalink

🍾🚀 webpack 3: Official Release!! 🚀🍾 – webpack – Medium

Webpack 3 was released with support for scope hoisting. This is a huge step forward as it can reduce bundle sizes significantly. Another useful feature in this new version are magic comments for dynamic imports.

Permalink

Wildcard Certificates Coming January 2018 - Let's Encrypt - Free SSL/TLS Certificates

Big news were announced this week by Let’s Encrypt: Beginning from 2018, they will offer free Wildcard Certificates as well.

Permalink

Flash

Adobe this week announced that Flash will not be updated after 2020 anymore, effectively ending the software’s life by that. Of course this doesn’t mean that it’ll immediately die but as no updates will be provided anymore, no browser will allow the plugin to execute anymore.

Permalink

Malicious crossenv package on npm

This week a new big incident happened with several npm packages. An unknown author re-published a lot of common packages with very similar names and injected malware into the code, stealing all environment variables of the machine where the package gets installed. They’re pulled from the registry now but if you ever installed them somewhere by accident, it’s not easy to spot it and you should consider your data to be stolen.

Permalink

Firefox 55 for developers - Mozilla | MDN

Firefox 55 is out this week and brings Background Tasks API (requestIdleCallback), WebVR 1.1, the Intersection Observer API, a whole lot of fixes, additions and updates to existing features. This version finally restricts Geolocation API, and Storage API to secure contexts (HTTPS), allows mixed content for localhost, and makes Flash click-to-activate by default and restricts the plugin to only be loaded by the http:// and https:// scheme. On Linux, you can now run Firefox in headless mode with the -headless flag.

Permalink

Federico Viticci on Twitter: "Very nice: when sharing AMP pages to iMessage or Reading List, iOS 11 Safari automatically removes AMP’s crap from the URL. Go Apple 👍 https://t.co/aHgSMcofUv"

Federico Viticci found out that in iOS11, Apple took the effort to remove Google AMP versions of a link and redirect users to the original source URL if you use iMessage or Apple’s Reading List feature. This is a very interesting step that’s likely being done because either users have trouble with AMP URLs and/or Apple is trying to avoid using a third-party proxy that can go away any time or change the content of the original URLs.

Permalink

Chrome to force .dev domains to HTTPS via preloaded HSTS

Mattias Geniar reminds us that Chrome, according to this commit in Chromium, will very soon preload .dev domains as HTTPS via preloaded HSTS. The domain name has been bought by Google and they now want it to be exclusively accessible only via HTTPS. So if you use a .dev name in your projects—often on your local machine, registered manually via the hosts file, you should switch to the reserved .test domain name now or consider using localhost instead from now on. Once the patch lands in Chrome, you’ll not be able to access your projects anymore without a valid TLS certificate in place.

Permalink

React v16.0 - React Blog

React 16 is out now. It has a rewritten core, returns fragments and strings (so no more useless span-elements), better error handling, custom DOM attributes, and has a 30% smaller footprint now. Even better, React 16 (and 15.6.2) is now available under a full MIT license, ending the endless debate about the previously used patent-clause copyright license.

Permalink

Keybase launches encrypted git

Keybase just launched encrypted git this week. It can be used with their Keybase app, has end-to-end encryption for the complete repository and works with e.g. the Github Desktop app. The only downside to it is that there’s no web interface to it, so there are no pull requests, no wiki, no issue tracking. But for those who don’t need that, it’s great to see a fully encrypted, safe git repository remote storage.

Permalink

PostgreSQL: PostgreSQL 10 Released

Postgres 10 was released and brings quite some big news: It brings significant improvements for the “divide and conquer” strategy, logical replication, declarative table partitioning, and better support for parallelized queries.

Permalink

Introducing Visual Studio Live Share

Microsoft announced Visual Studio Live Share which enables developers using Visual Studio or Visual Studio Code to collaborate in real-time. An amazing thing that Atom just introduced similarly to their editor with Atom Teletype—opening great new ways to collaborate and pair-program in a team.

Permalink

It's more than just the words

“As we move our code to CodePen, our writing to Medium, our photographs to Instagram we don’t just run the risk of losing that content and the associated metadata if those services vanish. We also lose our own place to experiment and add personality to that content, in the context of our own home on the web.”—Rachel Andrew in “It’s more than just the words”.

Permalink

A Guide to 2017 Conferences | CSS-Tricks

In her “Guide to 2017 Conferences”, Sarah Drasner collected a vast selection of web design related events that’ll take place this year. If you can, talk to your boss, select the event(s) you like most and attend them if possible.

Permalink

Design for internationalization — John Saito

John Saito shares his thoughts on the importance of designing for internationalization.

Permalink

East Asian character emojis ㊗️ 🈶️ 🈯️ 🈳️

Chen Hui Jing gives insights into the world of East Asian character emojis. For Western people like me, this is an interesting exploration into foreign languages and how emojis can be different around the world. ㊗️, for example, is a Kanji character meaning “congratulations”.

Permalink

Using Immutable Caching To Speed Up The Web ★ Mozilla Hacks – the Web developer blog

Firefox has been supporting Immutable Caching since version 49. Now they share how efficient the technique is for Facebook and other big sites that are frequently visited by the same people.

Permalink

HTML & CSS Is Hard (But it doesn’t have to be)

So here’s something that helps beginners to start with web development and advanced people to recap some of their knowledge: Oliver James wrote “HTML & CSS Is Hard (But it doesn’t have to be)”, a friendly web development tutorial for complete beginners.

Permalink

Ana Balica - Code review checklist

How does your team review code? Ana Balica shares a useful checklist for reviewing your and your teammates code.

Permalink

Are We Breaking The Internet? | Fast Company | The Future Of Business

By analyzing the large-scale issues the web faced in the past month (think Amazon’s S3 outage causing a downtime of millions of websites, Cloudflare’s data leak that required users of very popular websites to change their passwords, or Google’s accidental WiFi reset which wiped out customers’ Internet profiles) Tristan Louis reflects on the question if we are breaking the Internet. The trend towards a few services hosting a majority of the Internet’s infrastructure is causing more and more large-scale problems. If we want to avoid issues like these, we need to rethink this new kind of centralization and fix it.

Permalink

World Wide Web, Not Wealthy Western Web (Part 1) – Smashing Magazine

Bruce Lawson wrote a full-length novel for Smashing Magazine about the World Wide Web, Not Wealthy Western Web. It’s about the bias of western web developers, about ignoring other continents, and why we need to see the bigger picture instead. A piece you should definitely take the time to read.

Permalink

The bricks we lay. — Ethan Marcotte

Ethan Marcotte wrote an important statement on “the bricks we lay”. In that, he describes a situation where people do work and say they’re only focusing on the task they do and therefore are a-political. But your work is never neutral.

Permalink

World Wide Web, Not Wealthy Western Web (Part 2) – Smashing Magazine

In the last edition of the web development reading list, I shared the first part of Bruce Lawson’s story about the “World Wide Web, Not Wealthy Western Web”. Today comes the second part of the mandatory read of this week.

Permalink

Going Indie. Step 1: Securing Privacy · Matthias Ott – User Experience Designer

Matthias Ott points out that it’s about time that we take back control, reclaim our digital future and rebuild the web so that it, finally, becomes a web for everyone. And with growing surveillance and even bigger data consolidation by a few big private players, it’s now up to us to recognize the errors we make and amend our decisions accordingly to create a better web—a web that is more accessible, more private, and more independent.

Permalink

Going Indie. Step 2: Reclaiming Content · Matthias Ott – User Experience Designer

Matthias Ott reminds us of the web for everyone and how you can set an example by turning away from centralized silos that only serve business interests but not the users. The first step towards a more decentralized web.

Permalink

The ".well-known" directory on webservers (aka: RFC 5785)

Have you already heard of the .well-known/ directory on web servers? This relatively new standard is used to announce directives to browsers. Let’s Encrypt, for example, uses it for their validation URLs.

Permalink

Assisted Writing – samim – Medium

Samim shares insights into how assisted writing tools are using machine learning to understand and generate the human language. While the article focuses on how we can reimagine word processing software with machine learning and better algorithms, we can also learn a lot about improving our own writing style.

Permalink

Docracy - Free Legal Documents

Docracy is a community-driven platform for free legal documents. It already covers a lot of categories and might become useful in future for you.

Permalink

Rendering on Google Search  |  Search  |  Google Developers

This article by Google now reveals that the search engine crawler bot is based on Chrome 41 (M41) and therefore is able to render JavaScript apps. Things to consider though are: No HTTP/2 support yet, basically no storage support such as cookies, localstorage or IndexedDB, no WebGL, and no Service Worker support.

Permalink

We Offered Matching Funds for Open Source — Here’s What Happened.

Ben Vinegar from Sentry on why companies should give back to open source projects and shares the story of matching donations of Webpack. The motto?

“What’s a few hundred a month to support the critical tools you use, compared with the cost of hiring a full time software engineer to build them for you?”

Permalink

Amazon Unveils New ‘Secret Region’ Cloud for Spies - Motherboard

Amazon is amazing, right? Their cloud is fast, big, and cheap. Their shop offers everything and delivers it quite fast to you. This week, Amazon Web Services announced something very interesting: “AWS now provides the U.S. Intelligence Community a commercial cloud capability across all classification levels: Unclassified, Sensitive, Secret, and Top Secret.” Yes, you read right — it seems like Amazon will be the responsible company for hosting U.S. Intelligence service’s Top Secret data. I’m pretty sure it’s not a good idea that government services start to fully rely on a company’s exclusive Cloud service with no option to easily switch to a competitor or their own alternative back again. Put it in relation to what Amazon is: Up to 70% of the internet traffic goes through the AWS Virginia datacenter, Amazon wants a camera and microphone in your bedroom, your living room and also a smart key of your flat or house, and it’s already impossible to not use AWS if you use the internet. What happens to the U.S. Intelligence community if this AWS secure cloud suffers from an outage as it happened this year? Can they still operate? What if it happens during an active investigation?

Permalink

open-source color scheme optimized for UI like font, background, border, etc

Open Color is an open-source color scheme optimized for UI design.

Permalink

The 'Credit Card Number' Field Must Allow and Auto-Format Spaces (80% Don't) - Articles - Baymard Institute

Christian Holst wrote an insightful article about the importance of ‘Credit Card Number’ fields allowing and auto-formating spaces.Unfortunately, about 80% of e-commerce sites currently don’t do that. Let’s try to improve this.

Permalink

The New York Times Redesign on Behance

Various authors have taken the effort to create new designs for The New York Times. Their Behance gallery is quite good for inspiration and understanding editorial design patterns.

Permalink

No, I Don’t Want to Subscribe to Your Newsletter — Bureau of Programming

We all know the annoying overlays that prompt website visitors to take action — “sign up for the newsletter”, “like the page on Facebook”. Bureau of Programming now shares thoughts on why it was easier to get rid of annoying pop-up windows and why it’s up to us developers to not build annoying features, if we want to make the web a useful, friendly place.

Permalink

Simple Icons

Dan Leech built a great set of very simple SVG icons of popular brands. It’s available under a Creative Commons Zero license.

Permalink

The Secret Life of Comedy – Espen Brunborg – btconfDUS2017 in beyond tellerrand on Vimeo

Espen Brunborg gave a great talk at this year’s Beyond Tellerrand conference about “The Secret Life of Comedy.” Worth watching.

Permalink

Better Web Typography for a Better Web | Better Web Type

Matej Latin created an online course to teach you better web typography in ten free lessons.

Permalink

Designing The Perfect Date And Time Picker – Smashing Magazine

Vitaly Friedman did an exhaustive research on datepicker modules and shares the probably perfect design of a date and time picker.

Permalink

Product Design for Sustainability – uxdesign.cc

Artiom Dashinsky explores how we can build products today that can make the world more sustainable tomorrow by designing the product for sustainability. He explores options that software and websites could show to users that are more practical, healthy and sometimes even more convenient: Promoting direct flights in a flight search, promoting remote jobs at LinkedIn, preferring walking, biking and public transport over car on a map app, and similar things.

Permalink

You’re Offline | Max Böck - Frontend Web Developer

Max Böck shares his thoughts on how we should not only blindly provide our website offline, but how we should design for real offline usage. While it’s nice to have a website displaying its content offline, we should indicate that a form cannot be submitted while offline or that a video can’t be played currently.

Permalink

Jan Östlund on Twitter: "Edit any text with Chrome Dev Tools. Sketch or check if you menu breaks with longer text. document.designMode = 'on'

There’s a neat setting hidden in most modern browsers: document.designMode='on'; which will give you the power of a text editor on a currently opened website. It means you can edit any text on the page live, and, with that, test your design against variable (user) content.

Permalink

Best practices for site search design | Webflow Blog

John Moore Williams shares the best practices for site search design that are important if you want to provide an impactful, powerful search experience to your users.

Permalink

Spectral: A New Screen-First Typeface - Library - Google Design

With Spectral, there’s a new screen-first serif typeface available under an open source license.

Permalink

Containers from Scratch — Eric Chiang

Eric Chiang explains Container archictecture from scratch so you might finally be able to understand what all the container virtualization is about.

Permalink

Harry Roberts on Twitter: "Create a Git commit template file (left) and link it through your .gitconfig (right) to have a standard commit message format every time."

Harry Roberts shares a simple trick to set up a git commit message template. First, create a file .git-commit-template with the content (i.e. [refs #0000] Subject line) and save it to your project root. Then add [commit] template = {pathtoyour .git-commit-template file} to your .gitconfig file.

Permalink

Hosting a Jekyll site on GitLab Pages — Chen Hui Jing

We all know how to host a Jekyll site on GitHub, but Chen Hui Jing now explores and documents what it takes to host a Jekyll site on gitlab pages.

Permalink

SurviveJS - Introduction

Juho Vepsäläinen wrote a book about Webpack. It’s available for free, but to support the author, you can also buy the book. A great documentation of Webpack that offers a lot of insights into the tool.

Permalink

Ack for CSS Developers – CSS Wizardry – CSS, OOCSS, front-end architecture, performance and more, by Harry Roberts

Harry Roberts shares why he prefers to use ack over grep in the command line to search for strings or regular expressions in files.

Permalink

Building Efficient Dockerfiles - Node.js - bitJudo

Many of our projects are using Docker nowadays. But many Dockerfiles are written inefficiently, especially if you’re using npm. David Weinstein shares why you should use caching to improve the performance of your Docker container.

Permalink

Docker Introduction by Tobias Tom

Tobias Tom explores Docker and explains from scratch how to use it, including how to clean up your computer when you don’t need the image anymore.

Permalink

Using SSH securely — Anne’s Blog

Anne van Kesteren shares tips on using SSH securely in the context of a CI service such as Travis CI or Circle CI.

Permalink

preload-webpack-plugin

Addy Osmani wrote the Webpack plugin preload-webpack-plugin for wiring up <link rel='preload'> (and prefetch) automatically.

Permalink

New Tool Takes Mere Minutes to Create Dark Web Version of Any Site - Motherboard

With the Enterprise Onion Toolkit, you can finally deploy HTTP and HTTPS onion sites at scale. While the project is still in its early days, the tool makes it easy to provide access to your web service via a hidden Tor service, which in some countries can be essential for journalists and activists.

Permalink

Rembrandt by imgly

Rembrandt.js is an image comparison tool based on node-canvas running on a server or in the client. Great for visual regression testing, for example.

Permalink

A Detailed Introduction To Webpack – Smashing Magazine

Joseph Zimmerman introduces us to Webpack. What I really like about this article is that it’s not another article sharing pre-built sets of configurations but that it explains every detail step-by-step.

Permalink

Oh, shit, git!

Oh, shit, git! Don’t be afraid of git anymore thanks to this emergency guide that helps you solve the most common problems with the versioning system.

Permalink

CSS Remynification: A completely crazy idea that worked -- Remy Luisant's whimsical take on squishy computing science things

Remy Luisant came up with a tool that optimizes your CSS output just a little bit better than you’re used to: CSS Remynification.

Permalink

Introduction · Bit - distributed component manager

Bit is an interesting concept of a distributed virtual component repository that combines a lot of existing strategies into one universal component manager.

Permalink

Use all the Databases - GraphQL Part 1&2 - Loren Sands-Ramshaw at Compose

Loren Sands-Ramshaw wrote a two-step guide on GraphQL (Part 1, Part 2), a relatively new query language that has better performance and is easier to handle as REST.

Permalink

How to install and use Headless Chrome on OSX | Object Partners

Google Chrome can now be run in headless mode, replacing PhantomJS or SlimerJS. Jim Cummins explains how to set it up on Mac OS. For Windows and Linux it should be similar using bash and a few adaptions to the local commands.

Permalink

Announcing GVFS (Git Virtual File System) | Microsoft Application Lifecycle Management

Microsoft announced GVFS, a Git Virtual File System that allows the company to work on what is probably the world’s largest git repository with over 270GB in size.

Permalink

Little Things I Like to Do with Git – CSS Wizardry – CSS Architecture, Web Performance Optimisation, and more, by Harry Roberts

Harry Roberts shares some useful tips on how to get more out of git with aliases and other rather unknown options.

Permalink

Wes Bos on Twitter: "🔥 Use `git checkout -` to quickly jump back to your last git branch

Wes Bos has a clever git trick for you: Use git checkout - to quickly jump back to your last git branch.

Permalink

Automated testing with Headless Chrome  |  Web  |  Google Developers

Eric Bidelman shares how we can use headless Chrome for automated testing, in this case to run your Mocha and Chai tests via the Karma test runner. As a bonus, he also explains how this works on a CI-server.

Permalink

GitHub - tebelorg/TagUI: General purpose tool for automating web interactions

TagUI is a general purpose tool for automating web interactions. The author is currently working on the Chrome headless support to make this great tool even better. With the help of TagUI, you can easily write automated tests with a simple click and other actions.

Permalink

Chain - Dynamic color relations in Sketch

With Chain you can create dynamic color relations in Sketch. The handy plugin is great to apply gradient transformations to objects in a matter of seconds.

Permalink

Puppeteer headless Chrome node.js API

Puppeteer is a Node.js library providing an API to control headless Chrome. It can also be configured to use full (non-headless) Chrome.

Permalink

Setup your Own L2TP/IPsec VPN Server with Raspberry Pi — Rita Zhang

Rita Zhang from Microsoft explains how you can set up your own L2TP/IPsec VPN Server on a Raspberry Pi, which can be useful to do in your home network so you’ll be able to connect to it when you’re traveling and using public WiFi.

Permalink

The MongoDB hack and the importance of secure defaults | Snyk

If you have a MongoDB installation, now is the time to check if it’s secure. Tim Kadlec from Snyk explains why it’s important that tools provide and use secure defaults to protect users from such kind of attacks.

Permalink

GitHub's post-CSP journey

A few months ago, Github shared their learnings from using the Content Security Policy at github.com. Now they share more learnings in “GitHub’s post-CSP journey”. The focus lies on img-src, form nonces, same-site cookies, and more.

Permalink

Researchers warn of fingerprint theft from ‘peace’ sign

Whoops. We already knew that fingerprint mechanisms are easy to circumvent due to their design. However, with high-quality cameras on most smartphones, researchers now warn that your fingerprint could get stolen when you flash a ‘peace’ sign in a photo. This type of attack is pretty similar to what the speaker Ursel presented at a Chaos Computer Club event in 2014 about iris scan theft from photos.

Permalink

Certbot and HTTP Public Key Pinning (HPKP) — Joschi Kuphal · Web architect · Nuremberg / Germany

Joschi Kuphal explains how to implement HPKP with Certbot, the Let’s Encrypt client.

Permalink

Return of the Unauthenticated, Unfirewalled protocols

In response to the recent MongoDB ransom attack, Mattias Geniar shares his thoughts on the return of unauthenticated, unfirewalled protocols.

Permalink

Everything you need to know about HTTP security headers - Appcanary

Max Veytsman summarized everything you need to know about HTTP security headers. An all-embracing but concise guide to security headers and when and how to use them.

Permalink

How Etsy Manages HTTPS and SSL Certificates for Custom Domains on Pattern - Code as Craft

Two engineers at Etsy recently shared how they offer their merchants TLS-certificates for their custom domains on the Etsy-platform. The tricky part here is scale: How to store the massive amount of certificates in a secure way? How to negotiate the connection?

Permalink

Introducing Docker Secrets Management - Docker Blog

The latest Docker release offers a great solution to store your secrets securely in containers. The Docker Secrets Management is a solid approach to do so.

Permalink

php.internals: [RFC][Vote] Libsodium vote closes; accepted (37-0)

PHP (probably 7.2) will get an implementation of Libsodium, one of the most modern and best cryptographic libraries available. This is a huge step forward that’ll improve security for millions of users.

Permalink

Cross-Site Request Forgery is dead!

Mitigating Cross-Site Request Forgery attacks has never been easy. Luckily, it seems that we now got a proper solution for it: Same-Site Cookies. The only thing you need to do to make it work is adding SameSite to your existing Set-Cookie header. Of course, you should know how same-site cookies differ from “normal” cookies, but for most sites this should be easy to implement.

Permalink

Hostile Subdomain Takeover using Heroku/Github/Desk

Let’s have a look at how Mr. Trump was hacked via DNS subdomain takeover, a long-known technique that most people who configure DNS entries for a domain aren’t aware of.

Permalink

Settings Overrides - Google Chrome

Google Chrome now allows permitted site owners of a Chrome extension to override selected user settings. This means that a browser extension vendor who verified their domain via Google Webmaster Tools can now override user settings such as homepage or the default search provider via their website. After reading this attack scenario, I fear this could take the DNS subdomain attack to a new level.

Permalink

Spammers expose their entire operation through bad backups | CSO Online

We know backups are crucial in IT operations. But what we often don’t think about is the backup’s security. A company that’s responsible for a lot of email spam recently exposed their backups to the public for over a month. Initially, we might think that’s great as this mishap makes it relatively easy to bring their operations to a halt, but then others have probably already picked up all the data to use it for their operations and, thus, producing an increase of spam.

Permalink

Thou shalt not depend on me: analysing the use of outdated JavaScript libraries on the web | the morning paper

Tobias Laudinger and some of his co-workers conducted the first comprehensive study of client-side JavaScript library usage and the security implications it brings along. Based on data from over 133K websites, they found that 37% of websites include at least one library with a known vulnerability. Time to reconsider our use of external dependencies and how we can keep them up-to-date.

Permalink

JWT (JSON Web Tokens) is a Bad Standard That Everyone Should Avoid — Scott Arciszewski

Scott Arciszewski explains why JOSE (Javascript Object Signing and Encryption) is a bad standard that everyone should avoid. Note that JOSE is part of JSON Web Tokens to which not all of the complaints and issues apply.

Permalink

Researchers Break MAC Address Randomization and Track 100% of Test Devices

Researchers just broke MAC address randomization and tracked 100% of the test devices, including Android and Apple devices.

Permalink

Chromium Dev: Intent to Deprecate and Remove: Trust in existing Symantec-issued Certificates

The Chrome team concluded an investigation on the Symantec Root Certificate Authority and now discusses when and how to distrust the entire authority due to having misissued over 30.000 certificates. If the entity is mistrusted, GeoTrust, Thawte, and other certificate authorities will be affected by the decision as well since they’re operated by Symantec.

Permalink

CRLite: A Scalable System for Pushing All TLS Revocations to All Browsers [PDF]

A new paper from a joint venture of universities and Akamai Technologies introduces CRLite, a scalable system for pushing all TLS revocations to all browsers (PDF, 1.3MB). Currently, no major browser fully checks for TLS/SSL certificate revocations, but that could be changing soon if vendors agree with this research paper and start implementing the system.

Permalink

A new security header: Expect-CT

There’s a new security header called Expect-CT. Scott Helme explains when and how you should use it.

Permalink

CAA checking becomes mandatory for SSL/TLS certificates

There’s a new DNS resource record: CAA. The Certificate Authority Authorization Record lets you specify which certificate authority is allowed to issue a certificate for your domain. From September 2017 on, CAs are required to check against these records, so you should consider adding that record to your DNS records as soon as possible.

Permalink

CODASPY17_Kranch_Reed_IdentifyingHTTPSNetflix.pdf

Andrew Reed and Michael Kranch explain how they managed to identify HTTPS-protected Netflix videos in real time (PDF, 0.7MB). A technical write-up about HTTPS issues that aren’t easy to fix.

Permalink

Design flaws in Lastpass 2FA implementation - Martin Vigo

Martin Vigo shares his findings from analyzing Lastpass’ Two Factor Authentication implementation. The article is a great reference to help you check your own implementation for the same fallacies and avoid the same design flaws.

Permalink

Researchers steal data from CPU cache shared by two VMs • The Register

Clémentine Maurice and other researchers found a way to steal data from the CPU cache shared by two Virtual Machines. This was demonstrated on Amazon Web Services but affects all Virtual Machine-based environments. A clear evidence that we still have little idea of how secure or insecure cloud environments actually are.

Permalink

Web Developer Security Checklist – Simple Security

Michael O'Brien shares a security checklist for web developers so that you don’t forget anything crucial in your next projects.

Permalink

SecureLogin — Forget About Passwords – Egor Homakov – Medium

Egor Homakov published SecureLogin, an open-source authentication implementation that wants to be convenient, secure, and independent of social media services. A promising technology.

Permalink

OSX/MacRansom Objective-See

Patrick Wardle found evidence that there’s a macOS ransomware spreading and wrote up the key facts about it. This shows that the Mac platform is growing and attackers start targeting users as well. Better be safe and have a valid, usable backup.

Permalink

How to defend your website with ZIP bombs

Christian Haschek found an interesting way to defend a website with gzip “bombs” against rogue clients.

Permalink

Troy Hunt: Introducing 306 Million Freely Downloadable Pwned Passwords

Troy Hunt, known for his service haveibeenpowned now released another cool thing: To match the latest NIST Digital Identity Guidelines, you should not allow users to use a password that previously appeared in a data breach. To do that, Troy released the data of his service in an anonymous way and you can now check online or get the data dump to implement the NIST guidelines. Note that there’s no requirement to implement this for non-federal agencies.

Permalink

Biohackers Encoded Malware in a Strand of DNA | WIRED

Researchers seem to have real fun in our current times. Biohackers have now found a way to encode malware into a strand of DNA, so that once the gene sequencer analyzing the DNA will get infected.

Permalink

A Simple Design Flaw Makes It Astoundingly Easy To Hack Siri And Alexa

Some researchers found a way to control voice assistants from Apple, Google, Amazon, Microsoft, Samsung, and Huawei. It not only affects the smart home boxes but also every iPhone, MacBook, Windows 10 PC, or Samsung Galaxy phone. By using ultrasonic frequencies they could control the devices and call people, open websites, and re-routed a navigation system of an Audi Q3 car.

Permalink

security.txt

For security researchers or people who found a security issue on a website, it can be hard to find a way to communicate about it appropriately. As a result, a lot of issues aren’t reported and others are disclosed without the team knowing about it before. To improve that situation, security.txt defines a standard to help organizations define the process for security researchers to securely disclose security vulnerabilities.

Permalink

Uber concealed huge data breach - BBC News

This week’s revelations about Uber’s data breach in 2016 shows prominently how companies with enough money in the backyard don’t care about their users, about laws and why they rather try to solve all their issues with money in order to succeed. If you read that they preferred paying 100k USD to hackers and risk another fine of about 20k for the violation of not reporting the data breach to authorities it’s easy to see the reason why: The amount of money to get the chance that probably none of their customers or media will know about the security issue which would be negative PR for Uber is neglectable. It’s the same amount of money they pay some of their engineers a year and a cheap way to keep the company’s reputation. Even now that it came out, they already made much more money since the breach from the people who didn’t leave the service as they might have done if they had known about the exposure of their data to hackers. It’s the issue of public reputation and making money, growing the asset value of the company being more important than any customer.

Permalink

How our password check works — Colloq

Tobias Tom shares how at Colloq they implemented a password check that prevents users from choosing a password that has been exposed in a public data breach. It’s based on the amazing dataset by Troy Hunt and shares some interesting data on how to check against a 40GB Postgres dataset without affecting your site’s performance.

Permalink

1.4 Billion Clear Text Credentials Discovered in a Single Database

4iQ, an identity safeguarding company, has found a leaked database containing 1.4 billion clear text credentials in the Dark Web. It’s probably the biggest available, known resource yet and shows the importance of using unique passwords for each service and for services to protect their users from using leaked passwords.

Permalink

WhatsApp, Facebook and Google face tough new privacy rules under EC proposal | Technology | The Guardian

The current revision of the European Union ePrivacy law tries to protect communication confidentiality, block nonconsensual tracking, and lessen cookie warnings. A step in the right direction to make the web a safer, clearer place. For us developers it’s also great since the annoying cookie warnings are now questioned.

Permalink

DuckDuckGo: Is Private Browsing Really Private?

DuckDuckGo published the results of a study they conducted on the question if private browsing really is private. Interestingly, most people have no idea about what the private mode in browsers exactly does and 84% of Americans would consider trying another major web browser if it offered more features to help protect their privacy. The full PDF-paper gives interesting insights into how people actually use search engines and how they try to protect their privacy.

Permalink

Vault7 — CIA Hacking Tools Revealed

Another big data leak was revealed by WikiLeaks this week, this time it’s called “Vault7—CIA Hacking Tools Revealed”. And, well, it does, in fact, confirm the worst fears privacy researchers had: The CIA is spying on Samsung TVs, and it’s extremely likely that Amazon’s Alexa is no exception, just like a lot of other centralized, not end-to-end-encrypted services, too. The findings also caused a lot of discussion about whether messaging apps like Whatsapp and Signal are safe since their encryption was reportedly broken as well. But you need to differentiate here, because, in the case of the messaging apps, the encryption was broken by infecting only selected targeted devices with malware. Together with this news about decrypted PGP messages, the published data shows that apps like Signal do indeed work as expected: They prevent third parties from mass-capturing private data and instead force them to target individual devices.

Permalink

Senate Republicans Vote to Allow ISPs to Sell Your Private Data - Motherboard

Whoops, there we go: As expected, the US Senate voted to allow Internet Service Providers to sell customers’ private data to third parties without opt-in consent. What a world we live in, where money seems to be everything that counts.

Permalink

Amazon Wants to Put a Camera and Microphone in Your Bedroom - Motherboard

Amazon announced “Echo Look”, an improved Alexa device that does not only listen to a room’s activity but also has a camera to see what’s happening. The purpose? To give you a style check. And as you would expect from Amazon, they say they store the captured data for an indefinite amount of time in their cloud. I bet that a lot of people will buy this device despite of this, even those who claim to care about their privacy.

Permalink

Google now mingles everything you've bought with everywhere you've been • The Register

Google is now able to mingle your “offline” purchases with your digital profile by matching credit card data, GPS location, and your browsing data. An interesting summary of what Alphabet Inc. is capable of doing with what is probably the largest combined set of personal data in the world.

Permalink

The tin foil hat conspiracy – Matteo Spinelli's Cubiq.org

Matteo Spinelli sets some facts straight for a debate on legal differences between the real world and the digital world, especially when it’s about people’s privacy. Necessarily, this article targets Whatsapp and Facebook but gives good examples on why all of us want some privacy—we just often do not think about it. But the solution can’t be to go back to telegraph, but instead Matteo asks for transparency—people should just know what they can expect from a service.

Permalink

Uber Doesn’t Want You to See This Document About Its Vast Data Surveillance System

We’ve read a couple of stories about Uber already, now Kashmir Hill writes about the one legal document that reveals probably all the hidden techniques the company used to target state officials, specific users, and even regulatory companies.

Permalink

Invisible Manipulation: – Privacy International – Medium

Privacy International shares new insights into how we’re being manipulated invisibly with our own data, like banks deciding on creditworthiness by using data of our transaction content, connected cars being hacked while the owner doesn’t know which data is recorded, evaluated or sent to whom—concatenated into one big article with links to the deeper stories if you’re interested.

Permalink

Crafting a high-performance TV user interface using React

Ian McKay from Netflix shares insights from crafting a high-performance TV user interface with React. A lot of valuable insights into the performance of React.js that everyone using the library should keep in mind.

Permalink

Modernizing our Progressive Enhancement Delivery | Filament Group, Inc., Boston, MA

Scott Jehl shares how they improved and modernized their Progressive Enhancement delivery at Filament Group. With HTTP/2, Service Worker, and web app manifests, there are new tools that can speed up delivery of a site non-destructively.

Permalink

Building Zero protocol for fast, secure mobile connections | Engineering Blog | Facebook Code | Facebook

Not too long ago, I mentioned an article about QUIC, Google’s protocol that uses UDP instead of TCP to make transfers to a client even faster than HTTP/2. Now Facebook shares details about their even faster Zero protocol that builds on top of QUIC while still being compatible with TCP. I like that there’s now an alternative to Google’s approach and that people think about innovating the core of the Internet, the network itself, again.

Permalink

How much data should my Service Worker put upfront in the offline cache?

Nicolas Hoizey analyzes why it’s not a good idea to just hook up Service Workers and save all resources offline. Given the fact that a lot of users might never come back or that they simply won’t read through all the pages of a website, downloading megabytes of data on first load might be a very bad practice — especially when we keep data plan costs in mind. Looking at these numbers, the 3MB of an average web page are nearly negligible if a Service Worker loads 16MB of useless data on initial page load without further ado.

Permalink

Google Student Blog: Intern Impact: Brotli compression for Play Store app downloads

During her internship at Google last year, Anamaria Cotîrlea integrated Brotli into the Google Play app store saving Google 1.5 petabytes of traffic each day.

Permalink

Base64 Encoding

Harry Roberts explains why you shouldn’t use base64 in CSS, and shares why base64 and gzip don’t work well together. He also dives deeper into performance differences to help you figure out the best solution.

Permalink

Configuring HTTP2 Push with Wordpress | Responsive Web Design

Justin Avery shares how you can configure HTTP/2 Server Push to work with Wordpress.

Permalink

Introducing Zero Round Trip Time Resumption (0-RTT)

Nick Sullivan from Cloudflare explains how they enabled Zero Round Trip Time Resumption for all free users, now serving TLS 1.3 for better performance.

Permalink

Kornel on Twitter: "@helloanselm It's 100 times slower and only supports ~"90%" quality, so it can't replace MozJPEG in most situations."

This week, Google announced their project Guetzli, a new open source JPEG encoder that can save up to 35% of file size. This is great, but to put things into perspective, we also have to consider that it’s up to 100 times slower as Mozilla’s mozJPEG encoder and in many cases it doesn’t achieve the same quality at the same file size either.

Permalink

Send messages when you're back online with Service Workers and Background Sync

Phil Nash wrote a guide on how to use Service Workers and the Background Sync API to send messages when a user is back online.

Permalink

How we fine-tuned HAProxy to achieve 2,000,000 concurrent SSL connections

Sachin Malhotra shares how they fine tuned HAProxy to achieve 2 million concurrent SSL connections at ‘Hike’.

Permalink

Performance and Resilience: Stress-Testing Third Parties – CSS Wizardry – CSS Architecture, Web Performance Optimisation, and more, by Harry Roberts

Harry Roberts dives into the world of using third parties on a website and analyzes the performance and resilience. The article has great notes and insights into common issues with modern web projects and shows how request blocking through ad blockers or other techniques can be tested by developers and how you can avoid the most common pitfalls with third parties easily.

Permalink

Offline POSTs with Progressive Web Apps – Web Dev @ Microsoft – Medium

Andreya Grzegorzewski shares how we can use the Cache API to do offline POST requests in Progressive Web Apps. This super cool trick allows us to queue POST requests, such as a form submission/data upload, cache it and once the user is back online, send it to the server.

Permalink

Compression Decompressed | The website of Jack Preston, Computerer

Jack Preston has written up a nice visual explanation of how Compression works.

Permalink

Essential Image Optimization

Essential Image Optimization by Addy Osmani is a free ebook that explains nearly everything you can and should know about image optimization for the web. Something you should definitevely have a look at when you find some time for it.

Permalink

ARM Takes Wing: Qualcomm vs. Intel CPU comparison

Vlad Krasnov took the privileged chance of being able to compare the newest server processors at Cloudflare and wrote up what he found out. The result is pretty interesting: Qualcomm achieves a similar performance to the fastest Intel processors but only needs about 30% less power, sometimes even less. So while there might be some issues with software incompatibilities with the newer chips by Qualcomm, it’s going to be interesting what happens on the server market. Because at large data centers it’s quite important to save energy—not only because our planet benefits from less power consumption but also because it’s simply cheaper.

Permalink

Understanding The Vary Header – Smashing Magazine

Andrew Betts took all his knowledge about the great feature in HTTP and summed it up in his article “Understanding The Vary Header”.

Permalink

Network based image loading using the Network Information API in Service Worker | justmarkup

Michael Scharnagl explains how we can use Service Workers (which are basically a web proxy) to load images based on the Network Information API

Permalink

The Fallacies of Distributed Computing (Applied to Front-End Performance) – CSS Wizardry – CSS Architecture, Web Performance Optimisation, and more, by Harry Roberts

Harry Roberts often finds the right words to uncover issues that aren’t obvious to a lot of people. The Fallacies of Distributed Computing (Applied to Front-End Performance) is about as developer making assumptions for users, about actively neglecting or overthinking problems such as network performance.

Permalink

Performance Calendar » Progressive Image Loading using Intersection Observer and SQIP

Dean Hume explores pretty interesting paths how to load images progressively using Intersection Observers and SQIP, a tool that builds SVG-based image placeholders automatically.

Permalink

Document Outlines in HTML 5.1

Ire Aderinokun explains what you have to keep in mind to create a valid document outline in HTML 5.1, which has been officially released in early December 2016.

Permalink

Align SVG Icons to Text and Say Goodbye to Font Icons

SVG icons often have one problem: They don’t align well to the text surrounding them. Elliot Dahl explains how to fix that.

Permalink

Toggle Buttons

Sometimes a user interface requires a clear “On”/“Off” switch. It’s usually a great idea when you want to show optional settings but indicate more as a checkbox does by default and in a simpler way as two radio options could provide it. Heydon Pickering now shares the technical approach to building semantic, accessible and easy-to-use toggle buttons.

Permalink

Implementing system fonts on Booking.com — A lesson learned.

Stuart Frisby from Booking.com shares what they learned from using system fonts and the improvements they made to a default stack which many of us are using.

Permalink

General Principles: Principles: ARIA Landmarks Example

The W3C now has a web page that explains the general principles of ARIA.

Permalink

WCAG 2.0 AA Is the New Accessibility Standard for Federal Agency Websites | ADA Title III

Federal agency websites now need to comply with Web Content Accessibility Guidelines 2.0 Levels A and AA as their accessibility standard and it’s expected that the Department of Justice will likely adopt this as the standard for public accommodations websites as well. Be prepared or, even better, comply early to save yourself trouble later.

Permalink

Differences between ARIA 1.0 and 1.1: Additions to ‘role’

ARIA 1.1 was published and there have been some additions to the role attribute. New, for example, are role=term, role=feed, and role=switch.

Permalink

Managing focus in SVG - ally.js

Rodney Rehm updated his focus management library ally.js with SVG support and wrote a tutorial on how to manage focus in your SVG code.

Permalink

Responsive Design for Motion | WebKit

The WebKit team recently implemented reduced motion media queries and now shares how you can use them.

Permalink

Accessibility feedback from Twitter

Hampus Sethfors and Hugo Giraudel collected a bunch of real-world experiences regarding accessibility on websites. These two articles give a lot of insight on how to understand accessibility and usability of websites better.

Permalink

What’s New in WCAG 2.1 | Adrian Roselli

Adrian Roselli explains what’s new in WCAG2.1 and what you need to know about it to match the latest accessibility criteria.

Permalink

Building an accessible auto-complete

Russ Weakley shares in his slideshow how to build an accessible auto-complete field.

Permalink

Build your first Node.js microservice - Max Stoibers Blog

Max Stoiber explores what it takes a front-end developer to build their first Node.js microservice.

Permalink

ES proposal: import()

Dr. Axel Rauschmayer on the ECMAScript proposal import() that would enable dynamic loading of ECMAScript modules, in contrary to the currently specified static ECMAScript modules.

Permalink

React "Aha" Moments — Tyler McGinnis

Tyler McGinnis shares his React “Aha” moments. A concise list that reminds us how we should write code when using React.

Permalink

The global object in Javascript: a matter of platforms, unreadable code and not breaking the internet - Contentful

Stefan Judis wrote about the global object in JavaScript, variables and the issues around it. This is not only useful for people with beginner or intermediate JavaScript knowledge but also for advanced users who want to understand the topic better.

Permalink

Ultimate Angular: Angular 2 Fundamentals

Todd Motto published an “Angular 2+ Fundamentals” video course in which he explains Angular, Typescript, component architecture, and other modern programming concepts.

Permalink

Building a fully-accessible help tooltip

Sara Soueidan shows how to build a fully accessible help tooltip, and why CSS-only methods sound neat but often aren’t.

Permalink

ECMAScript regular expressions are getting better! · Mathias Bynens

Mathias Bynens shares what’s currently happening at the TC39 in regards to Regular Expressions and shows what the proposals could look like and what problems they would solve.

Permalink

Bricolage | Typefaces: The easiest way to self-host open-source fonts

Kyle Mathews published typefaces, a self-host font-face loading package that makes it simple to host web fonts on your own. He also explains why self-hosting web fonts is faster and why it even works offline.

Permalink

Detecting text in an image on the web in real-time - Tales of a Developer Advocate by Paul Kinlan

Paul Kinlan explains how you can use the Shape Detection API to detect text in an image on the web in real-time with the Shape Detection API. An experiment that would be great for web applications to ease the user experience. You could, for example, provide a very easy sign-up form and read the name and address from a business card using this API and a device’s camera.

Permalink

JavaScript Start-up Performance — Addy Osmani

In his essay about JavaScript start-up performance, Addy Osmani explains what slows our web apps from booting up.

Permalink

Firefox 52 setTimeout() Changes - wanderview

Firefox 52 hit the release channel last week, and it includes a few changes to setTimeout() and setInterval(). Please read this update post and check if your code still works as expected.

Permalink

Regular Expressions in a post-ES6 world

Nicolás Bevacqua wrote about regular expressions in latest ECMAScript, including the new Unicode flag, the matchAll function, and assertions.

Permalink

Prepack · Partial evaluator for JavaScript

Prepack is a JavaScript source code optimizer that tries to simplify your code on the compile-time to make it faster on the run-time. By pre-resolving calculations and assignments where possible, for example.

Permalink

Progressive Web Apps with React.js: Part 2 — Page Load Performance

Addy Osmani published his second part of “Progressive Web Apps with React.js—Page Load Performance”, focusing on page load performance. An insightful read for everyone who wants to optimize their React.js applications.

Permalink

Generating Images in JavaScript Without Using the Canvas API

Alastair Coote shares how to generate images in JavaScript without using the Canvas API. At The Guardian, they make use of this technology to display images in Web Notifications.

Permalink

This in JavaScript | Zell Liew

Zell Liew wrote an entire article explaining this in JavaScript. As it depends on certain conditions and in which environment it’s used, this can sometimes be confusing. Zell shares his knowledge with us so we can learn more about the keyword.

Permalink

AR.js — Jerome Etienne

Jerome Etienne has built an open source Augmented Reality web library called AR.js. With it, you can recognize marker tags with your website and act on it. It’s built upon WebRTC and WebGL, and has great performance. And for those who’re new to AR, there is a collection of blog articles with tutorials available.

Permalink

Lazy loading images using Intersection Observer | Dean Hume

Dean Hume shares how we can use Intersection Observer to lazy load images, a relatively new technique that’s landing in more and more browsers right now and brings several advantages over the existing approaches of lazy loading images.

Permalink

deeplearn.js

deeplearn.js is a a hardware-accelerated machine intelligence library for the web. You can build and train neural networks in your browser with it, or play color sequences, or detect objects in images.

Permalink

Go beyond console.log with the Firefox Debugger – Mozilla Hacks – the Web developer blog

Dustin Driver explains on the basis of the Firefox Debugger how to use a browser’s debugger and go beyond console.log.

Permalink

Dynamic import()  |  Web  |  Google Developers

Safari has dynamic JavaScript import() support already in the preview builds, and Chrome 63 will support it as well. Mathias Bynens explains what this means and how we can use it. import() basically is import on fire and lets you load entire JavaScript modules on the fly only when you really need them.

Permalink

await vs return vs return await - JakeArchibald.com

Jake Archibald explains the subtle but vital difference between await vs return vs return await and gives advice when to use which one.

Permalink

i is="the walrus"

Brian Kardell wrote an important post about how we soon can use Custom Elements as extension of a common native element. This is especially great as we then don’t need to build everything from scratch but can extend native elements with customizations and still have the full accessibility and usability inherited from the native element. Apart from that, this feature allows to build great progressively enhances Custom Elements.

Permalink

ColorMe / CSS Color Level 4 | CSS-Tricks

CSS is getting more and more flexible. With the CSS Color Level 4 specification, we will get a feature to define colors dynamically based on functions (e.g. color(#eb8fa9 alpha(75%) blackness(20%));), as this article by Chris Coyier shows.

Permalink

The end of the clearfix hack?

Rachel Andrew explains the new display property value flow-root that was added to Chrome and Firefox (both Nightly/Canary only) and why it will finally replace the old clearfix hacks that we’re currently using to fix parent box sizes when floating inner elements.

Permalink

CSS Tip: Use :not to Save Time and Lines of Code :: The Bold Report

Sometimes it’s the small things that help you a lot. Did you know that you can save time and avoid confusion in CSS by using the :not(:last-of-type) selectors, for example? Timothy B. Smith explains how this little trick works.

Permalink

A Complete Guide to CSS Grid | Codrops CSS Reference

Since this week, we’re able to play around with CSS Grids in a lot more public browsers (Chrome, Firefox, Edge with the old spec). When you do, this quite complete guide to CSS grid might come in handy.

Permalink

Linting HTML using CSS

Did you know you can use CSS to lint your HTML markup? Ire Aderinokun shared a couple of use cases and some very neat tricks—how to check for unlabelled form elements or inaccessible viewport attributes, for example.

Permalink

Building performant expand

Paul Lewis and Stephen McGruer summarized how you can build performant ‘expand’ and ‘collapse’ animations, for menus, for example.

Permalink

Breaking Out With CSS Grid Layout - Cloud Four

Tyler Sticka shares a technique that uses CSS Grid to break out of a fixed width container. This simplifies the markup and styling of layouts that mix full width and limited width containers.

Permalink

Methods for Contrasting Text Against Backgrounds | CSS-Tricks

Ana Tudor explores the various ways to use new CSS techniques to contrast text against backgrounds.

Permalink

70% Repetition in Style Sheets: Data on How We Fail at CSS Optimization · Jens Oliver Meiert

Jens Oliver Meiert conducted a study to find out how often we repeat declarations in our style sheets. The result: in 70% of cases. An article with great insights into how we can do better when optimizing CSS.

Permalink

Grid layout, grid layout everywhere!

To help us better understand how Grid differs from Flexbox, Stefan Baumgartner wrote a concise introduction to Grid layouts.

Permalink

a11y: focus-within

The :focus-within CSS pseudo-selector is a nice way to enhance your form sections further. Browser support is still a bit limited so far but it’s already worth thinking about adding it to your code to improve design and usability for those whose browser support the selector already.

Permalink

Box alignment: justify-content: space-evenly

The CSS Flexbox Module specification now has a new value justify-content: space-evenly. This new setting places even space between and to the outer of the elements—a feature we all wanted to have very much in Flexbox. It already works in Firefox, and Safari Tech Preview and Chrome Canary have the support as well.

Permalink

Shapes in clipping and masking – and how to use them ★ Mozilla Hacks – the Web developer blog

Belén Albeza shares the difference between clipping and masking shapes in CSS with the clip-path and mask properties with understandable demos. Sadly, the browser support could be way better but you can already play with it and await the future.

Permalink

Understanding the WebView Viewport in iOS 11 / the iPhone X

Darryl Pogue gives you insights how we can fix website issues with the new kind of viewport introduced by the iPhone X, announced this week by Apple. With CSS options like setting main background-color to the body, using viewport-fit=cover or the safe-area-inset-* prop

Permalink

CSS Grid PlayGround | Terminology | Mozilla

Mozilla built a CSS Grid playground that helps you understand and build CSS Grid layouts.

Permalink

Tabbed Interfaces

Heydon Pickering adds a new reference article to the Inclusive Components blog that explains how we can build tabbed interfaces in an inclusive, accessible way.

Permalink

CSS element() function - Vincent De Oliveira

Vincent De Oliveira shares about the amazing CSS element() function, currently only available in Firefox but that might change. And it’s not even a new function, but it allows us to use images from the HTML DOM in our CSS e.g. for a background-image.

Permalink

7 tricks to have very successful conference calls | Christian Heilmann

When you work remotely with a team, you will have conference calls from time to time. To make them successful and enjoyable for everyone, make sure to follow Chris Heilmann’s tricks for conference calls: Be on time and stick to the duration, have a meeting agenda and stick to it, avoid unnecessary sounds and more.

Permalink

The Human In The Machine — A project about Productivity

Alex Duloz, the head behind The Pastry Box project, has now started a new project. “The Human In The Machine” will be a 365 articles in one year project, about how humans define and deal with ‘productivity’.

Permalink

On Better Meetings | Lara Hogan

Lara Hogan on how to hold better meetings. A concise list of tips and tricks to make your meetings a lot more efficient and interesting.

Permalink

Productivity has a Personality

With tons of productivity articles out there, it’s easy to feel overwhelmed or even bad about how you get work done. But each one of us is an individual, and, thus, productivity is not only a subjective matter but also has a personality.

Permalink

Depend less on each other — Jason Fried

Jason Fried wrote about depending less on each other in a company to ensure that team members don’t slow each other down.

Permalink

Why we choose profit — Jason Fried

Basecamp gives insights into why they chose profit as their route to a healthy work environment and a sustainable business.

Permalink

It's not how many hours of sleep you get…

Lots of celebrities from presidents to actors and many others recommend getting only six hours of sleep, so you have 18 hours of the day to get things done. But Sara Soueidan disagrees and shares her experiences, including dealing with burnout.

Permalink

Slow the fuck down

Eric Karjaluoto shares why we need to slow down, and why taking pride in how busy we are is one of the worst ideas we ever had. What if the best thing you can do for your career—and life—is to press pause, set your number one priority, and then rethink your way of working?

Permalink

Remote Managing A Side-Project Across The Globe | Colloq

How can you successfully manage a side project in a distributed team across the globe? I wrote up how we did it at Colloq, my newest project, and share details on working remote, virtual office calls, and how to fix common Scrum issues.

Permalink

What Makes Work Meaningful

Cassie Marketos shares her concerns and discoveries about “What Makes Work Meaningful.” In search of the answer to the common question if what we do matters at all, this article reveals some thoughts that set our sense of urgency right again.

Permalink

Quit measuring employee engagement – Signal v. Noise

“If you can’t measure it, you can’t manage it.” Claire Lew explains why she thinks it’s time to break with that statement when it comes to assessing emplyee performance. Instead of measuring meaningless numbers, it should be all about getting insights. “You want truth, not graphs.”

Permalink

Tobias T– | … that's what…

“[…] that’s what Continuance is all about: the perseverance and commitment between where we are and where we want to be.” The quote from Continuance, the film (via Tobias Tom) reminds us that we should pursue our dream projects and not give up. Because dream projects shape us and our personalities.

Permalink

What’s that mystery in your inbox costing you? – Signal v. Noise

Jason Fried elaborates on the mystery of your inbox. For most of us, the inbox is the center of everything, the place we work from every day. And yet, most inboxes, most notifications, lack the most important bits of information. A good read on what an insufficient inbox can cost you.

Permalink

How I Tricked Myself Into Meditating – Time Dorks – Medium

Jake Knapp shares how he tricked himself into meditating. An honest article on why it’s hard to convince yourself to try it out and why it probably is still worth it.

Permalink

On Quiet Developers – Seán Hanson – Medium

Seán Hanson shares a great insight post on why not all people are extroverts, share their stories, their findings or contribute to open source. But this doesn’t mean they’re not good or aren’t interested in their job, it just means they focus on other things than sharing.

Permalink

Taking a break – and so should you | Christian Heilmann

Christian Heilmann on why he wants to take a break and change his work life to focus on coaching others and real production instead of showing attendance at too many conferences. This article is about going on vacation without taking any computer, and why Christian wants to focus on teaching other developers as in the old times again.

Permalink

Ted Neward on Twitter: "Every. Single. Software developer. Must. Take. Note. YOU can go to jail for the code YOUR BOSS tells you to write. https://t.co/3MZGHqI4dy"

Ted Neward shares how important it is that we as developers must make reasonable and legally correct decisions in our work regardless of what our bosses tell us.

Permalink

'Our minds can be hijacked': the tech insiders who fear a smartphone dystopia | Technology | The Guardian

More and more people working at Google, Twitter, Facebook and other tech giants disconnect themselves from smartphones. By radically limiting the featureset to a normal wireless phone, they want to gain back control over their lives. Paul Lewis spoke to some people and researched why tech insiders who actually build the apps and operating systems for smartphones and other smart devices fear a smartphone dystopia. A good read on mental health issues.

Permalink

200 universities just launched 560 free online courses. Here’s the full list.

200 universities just launched 560 free online courses. And here’s the full list.

Permalink

Against Productivity – The Message – Medium

“There was a time when you could write a few poems, die of TB, and call it a life well lived”. Quinn Norton published a thought “Against Productivity” about the weird strive in all of us for more productivity in life.

Permalink

To Grow Talent, Don’t Move Fast and Break Things — Move Slow and Build Them

Alida Miranda-Wolff broaches the issue of why “move fast and break things” is a bad idea when it comes to people because then the “thing” being broken is a person. The issue of working hours, happiness at work, growing talent and why it’s tempting to follow hurtful patterns for our lives at work.

Permalink

How to ask good questions - Julia Evans

Julia Evans on how to ask good questions. Some great considerations we should follow before asking questions to make communication more effective and generally better.

Permalink

A Visual Introduction to Machine Learning

This visual introduction to machine learning explains how computers apply statistical learning techniques to automatically identify patterns in data. If you’re not familiar with how machine learning works, this will give you a rough idea.

Permalink

No Hoax: 2016 Was the Hottest Year on Record

As we’ve seen in statistics and data from the NASA before, this is, unfortunately, the truth: 2016 was the hottest year on record. The consequences: Nearly a quarter of the Great Barrier Reef died, Canada had to deal with the costliest wildfires ever, and the Arctic sea ice has been at its smallest winter maximum for two years now. And do you remember Hurricane Matthew? Such weather events are mostly driven by the climate change that we’re facing right now, with no trend of change over the upcoming years. Fortunately, there’s something everyone of us can do: The UN shows how we can take action, even from the couch at home.

Permalink

Thinking with paper — Ben Sauer

Ben Sauer questions the use of digital media for everything and asks himself if embracing paper to share information in a team is a better idea.

Permalink

A Crack in an Antarctic Ice Shelf Grew 17 Miles in the Last Two Months - The New York Times

In only 1 1⁄2 months a gigantic crack developed in the Antarctic ice shelf, and it’s likely to break apart in the next few months, setting free about 2,300 square miles of ice into the sea. But the key is not this tiny piece of ice but the much bigger ice shelves that’ll follow. A video captured by the NASA back in November shows the crack in detail.

Permalink

NINETEEN EIGHTY-FOUR (1984) by George Orwell: PDF

If you haven’t read “Nineteen Eighty-Four (1984)” by George Orwell yet, here’s your chance: The entire book is available for free as PDF, eBook and Audio versions. I personally recommend it to everyone who is only slightly interested in just one of these topics: social change, politics, technology.

Permalink

AIR-INK: The world's first ink made out of air pollution — MIT Media Lab

A team at the MIT Media Lab invented a device that captures air pollution and now turns the pollution into safe, high-quality ink for art.

Permalink

Computing Solutions Group: Projects | Institute for Energy Efficiency

The Institute For Energy Efficiency’s computing solutions group has a couple of interesting projects and data to share. For example, they try to figure out solutions to selectively shut down unnecessary components while retaining access to critical data. This is only one of their ambitious projects and shows how much potential there is when it comes to improving energy efficiency in our networks.

Permalink

Fix the internet by writing good stuff and being nice to people · Woman. Legend.Blog

Vicki Boykis wrote an excellent piece called “Fix the internet by writing good stuff and being nice to people” in which she points out one of the major issues on the internet: the fact that making money off content became worth more than the content itself.

Permalink

SustainableUX Conference 2017 - YouTube

The free Sustainable UX conference took place two weeks ago. To get some insights into how we can achieve sustainability in tech, you can now watch the conference talks for free

Permalink

Lithium-Ion Battery Inventor Introduces New Technology for Fast-Charging, Noncombustible Batteries | The University of Texas at Austin

A team around the co-inventor of Lithium-ion batteries has developed the first all-solid-state battery cells that could lead to safer, faster-charging, longer-lasting rechargeable batteries.

Permalink

Shell took a good long look at climate change. And then went back to looking for oil

Jelmer Mommers recently stumbled across a video from the oil company Shell that shows that they were aware of the dangers that global warming brings along already more than 25 years ago. Unfortunately, they decided to focus on short-term solutions nevertheless, for financial reasons. This great article shows how money can make us ignore important facts. I really believe that you and me, we can do better than Shell.

Permalink

Ethics can’t be a side hustle — Mike Monteiro

It’s interesting to see that a growing number of people now seem to ask themselves how to do good work, and I think it’s because we realize that current developments are so bad that we as individuals think about what we can do to improve our society again. Mike Monteiro is one of those people who care deeply about ethics, now he explains why ethics can’t be a side hustle and why you can’t shuffle yourself out of responsibility if you’re doing a non-ethical job as your main work. It’s true that you have to start somewhere, and doing simple things in your daily life can already help to improve our society, but, in the end, if you’re getting paid for non-ethical work, you’re actively helping and promoting this work. And nothing can make this undone.

Permalink

Silicon Valley Would Rather Cure Death Than Make Life Worth Living | WIRED

Emily Dreyfuss from WIRED wrote an article about why Silicon Valley contributes to inequality by focusing on cool technological innovation instead of targeting real-world problems. The piece is titled “Silicon Valley Would Rather Cure Death Than Make Life Worth Living”—a provocative but probably accurate title. And while there sure are exceptions (as there are always exceptions), we should remember to not blindly glorify tech, especially if it doesn’t engage with real problems.

Permalink

“Slower structural developments that shape society”: A Q

Ken Doctor wrote about “slower structural developments that shape society,” charting out what’s in between the extremes that we see in the news.

Permalink

Sleep Country — Real Life

Linda Besner wrote about living in a globalized yet fragmented world, where sleep is one of the few bodily experiences we seem to share. A thoughtful piece about what the Internet achieved and where it struggles to connect people.

Permalink

Systems Smart Enough To Know When They're Not Smart Enough | Big Medium

Josh Clark on why the smart algorithm systems that power Google, Siri, Alexa and other “intelligent” AI services should know when they’re not smart enough and indicate that to users.

Permalink

Is It Time to Break Up Google? - The New York Times

Jonathan Taplin wrote an essay about the tech moguls dominating the free market today and why it’s important that we as consumers are aware of the huge influence monopolies have not only on our lives but on politics, too.

Permalink

Research Blog: Federated Learning: Collaborative Machine Learning without Centralized Training Data

Iterating on their already existing, centralized AI technology, Google researchers shared their vision of federated machine learning. This basically means that every Google device will contribute to the training data by locally processing the information—a much more efficient and less costly approach for Google. The technology is already being tested on Android via Google’s software keyboard. Let’s see how this will work out when it comes to dealing with fake news, spam content or violence promotion in Google’s search results

Permalink

Build a Better Monster: Morality, Machine Learning, and Mass Surveillance

Maciej Ceglowski published a transcript of his new talk “Build a Better Monster” in which he describes how the Internet’s economic basis is built upon surveillance. He shows who makes money with user data, how this influences people and politics, and why it’s so hard (but also so important) to face and change this practice of making money of other people.

Permalink

Honesty is the Best Policy – Signal v. Noise

Nathan Kontny shares a nice story on why honesty is the best policy you can establish, both as an individual and as a company.

Permalink

The Dark Secret at the Heart of AI - MIT Technology Review

Will Knight questions the dark secret at the heart of Artificial Intelligence (AI): The algorithms fuelling AI-driven technologies are often uncontrolled, and even engineers don’t really know what they’ll do and how they’ll decide things.

Permalink

Drop a Tech Giant; my ranking - jeena.net

After taking a quiz that the New York Times published about which tech giant you would drop if you had to decide, Jeena pointed out how dependent we are on Apple, Alphabet, Facebook, Microsoft, and Amazon. I also summarized my personal results, and if you have a different opinion, why not share it with the world by publishing them as well?

Permalink

The Barbarians Are at Etsy’s Hand-Hewn, Responsibly Sourced Gates - Bloomberg

Etsy is a special kind of company. It’s one of the few public market B-Corps, and that turns out to be an issue now. See how a company pursuing the way of building a sustainable and caring work environment can be forced to change by their investors.

Permalink

The Grip of Now

Ben Callahan’s essay on ‘Good things come to those who wait’ is a truly mindful writing that asks what we are preparing for in our work and a question to the ephemerality of things we build.

Permalink

The Disaster Factory

“The Disaster Factory” is an essay by Greg Knauss about programmers living in worst case scenarios and why we have responsibility in our jobs and would be happy to be hugged by friends.

Permalink

Germany unveils zero-emissions train that only emits steam | The Independent

In Germany, towards the end of this year, a couple of interesting new trains will start to appear: The Coradia iLint is the world’s first zero-emission passenger train to be powered by hydrogen and it’ll be interesting to see if the experiment works and how many other states and countries will adopt these trains as well in the next years.

Permalink

Is Social Media The New Tobacco? – NewCo Shift

John Battelle about our addiction to social media which he compares to tobacco. But this is not how we want to raise our children.

Permalink

Stop Spending So Much Time In Your Head - Darius Foroux - Pocket

Darius Foroux on why you should spend less time in your head and exercise pragmatism. On mastering your mind and realizing that most of our thoughts cannot make it into practice.

Permalink

Why Meaning Is A Competitive Advantage | The Story of Telling

Bernadette Jiwa on why meaning is a competitive advantage in which she tells us the story of an older generation to show how fortunate we are that we can pursue our passion in our work, and why we’re still often not able to appreciate this fact.

Permalink

To Understand Rising Inequality, Consider the Janitors at Two Top Companies, Then and Now - The New York Times

Neil Irwin analyzed the janitors’ job conditions at two top companies, back in in the 80s and now—namely Kodak and Apple. The article tries to help you understand the rising inequality and how our system and company-culture helps growing the inequality. A sad story of how so called “successful” companies achieve their success, taken at one (probably even better) example.

Permalink

The Intimidating Zero

Jason Fried’s “The Intimidating Zero” is an important reminder to all of you that numbers don’t matter if you have an idea for something to publish. Follow your ideas and don’t let your thoughts be dictated by statistics.

Permalink

Where are the programmers who give a shit? – Hacker Noon

Jeremy Nagel scrutinizes the lack of initiative by programmers to solve real problems. He says that “right now, entrepreneurs are trying to fix things that aren’t broken” while at the same time so many things are that could be fixed with technology—health care, education, food waste, climate change, and much more.

Permalink

Entropy: Why Life Always Seems to Get More Complicated

James Clear explains why life always seems to get more complicated and what we can do to not feel overwhelmed by this feeling.

Permalink

100 Must-Read Books Of 2017. – Do Lectures – Medium

The people from the great Do Lectures series have shared 100 books of 2017 they recommend us to read. And while I won’t be able to read all the hundred books, there are some great tips in the list which qualify as a nice end-of-year read.

Permalink

Former Facebook exec says social media is ripping apart society - The Verge

In the past months I’ve read more and more articles from people who work or have worked for social media companies and now talk about how such services are contributing massively to rip apart our society. This is another one showing the problem of misinformation, AI-influenced aggregated “timelines” that only make things worse instead of unifying society and helping people. While there is much value in social media, there’s a constantly rising underlying issue in most big services: In strive for more revenue and new features, these services try to match interests to people and fail horribly because they match the interests quite good instead of providing eye-opening, neutral and objective content to users that would make them reflect their views and interests.

Permalink