Hey,
so what do we have this week? Well, it’s quite a lot actually. For example, there’s now a deal that might make Opera’s browser a Chinese business, leaving all privacy and security efforts that have recently been made in the browser uncertain. If you want to dive into learning ECMAScript 6, Wes Bos has published a huge series of ES6 screencasts this week that are absolutely worth the money. Besides, there are a few other recommendations for you to read this week. Let's get started.
News
- The new “technology preview” version of Safari now supports Google’s WebP image file format. Note that it's currently a beta test version, and the final support is unknown — however, it could be interesting since it would mean native support of the file-format for Mac OS as well, making it the first large OS supporting WebP.
- httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. This means it’s a critical vulnerability test for your php-fpm, mod_php, Python and Go CGI handlers that you should check and fix security issues immediately. Note that only serving HTTPS doesn’t help here; to mitigate the attack, you need to block proxy request headers as early as possible, and definitely before they hit your application.
Tooling
- Peermaps provides a decentralized, cooperative alternative to commercial map providers like Google Maps. Instead of fetching data from a centralized tile service, fetch map data from your peers using webtorrent.
- ZeroNet is another decentralized hosting technology, currently in development. The Bitcoin-crypto and BitTorrent-driven technology is an alternative approach to the decentralized idea of IPFS.
Security
- Firefox 48, out August 2, 2016, will block known plugin fingerprinting services thanks to a new blocklist that Mozilla developed to improve user privacy. For example, Flash files that are known for fingerprinting (or super cookies) are automatically blocked. In other news, Mozilla also announced that they will implement Tor’s privacy settings in Firefox, starting in Firefox 50 with the first features such as plugin information leaks and other techniques known to track down user behavior.
- It seems like most people are unaware of how big of an attack vector browser extensions have become. They’re still a quite unregulated territory, and although there are inherent limits to what they can do, there is little to no protection against extension malware — your antivirus can’t help you here.
- A new
require-sri-for
directive in Content Security Policy gives developers the ability to assert to the browser that every resource of a given type ought to be checked for integrity. If a resource of that type is loaded without integrity metadata, it will be rejected without triggering a network request.
Privacy
- Is Google's Project Fi nothing more than an attempt to collect even more data from users? The main goal behind getting into Wi-Fi and cellular network services business seems to be a great addition to collecting data about users’ online behavior and it attracts people by its very low pricing.
- Google adjusted their privacy settings once again. I’ll leave you with these useful links where you can adjust your privacy settings for Maps, All Account Activity, more activity controls, and finally Google Payment privacy settings which have opt-in for data sharing and analysis for advertising on by default. Note that Chrome has its own settings in the app as well. So far, privacy…
JavaScript
- Paul Irish left a note this week on Passive Event Listeners. Apparently, they’re only needed for touch and pointer-events and have no advantage when used in other cases.
Work & Life
- Andy Budd analyzes the problem of the always recurring question on “Why can’t designers solve more meaningful problems?”. An essay on how to find the right work for yourself, and why it’s sometimes challenging to acknowledge that their vision differs from the type of job they want to work in. Andy concludes that we need to create an alternative success narrative to what we have now.
Go beyond…
- The NASA has just published the first 2016 climate trend according to which we’re continuing to break all records with an average temperature 1.3 degrees Celsius (2.4 degrees Fahrenheit) warmer than the late nineteenth century.
- “I don’t have the answers, and my heart goes out to all who are grieving, afraid, hurt, feeling helpless, fed up, frustrated or angry. My only hope is that in the middle of all this sorrow, we can appreciate the gift of life that we’ve been given, and find love for our fellow human beings despite all their flaws and messiness.”—Leo Babauta in A Mindful Shift of Focus
- South Korean scientists have created solar PV cells that are 1 micrometer thick, hundreds of times thinner than most PV and half again as thin as other kinds of thin-film PV. This makes it the ideal candidate to power various things since the material will be barely noticeable and still give enough energy. We could think about integrating them into bridges, streets, or even our clothes.
- Katie Rogers asked experts what happens to our human brain when there’s a constant cycle of violent news. While it of course depends on the individual person, a higher frequency of such news increases fear and the sense of vulnerability and powerlessness. And I’m not saying you shouldn’t follow the news anymore but maybe limiting access to it for yourself is a good idea, as is filtering it on social media (use mute keywords or similar) so you don’t get flooded about violent, horrible news all the time. It’s enough to check it once per day or so and it’s unhealthy if you’re surrounded by anxiety everywhere, all the time.
Anselm