I shut down my browser on Wednesday, accidentally having a setting switched on that clears history and all sessions. First, I was sad to have lost many tabs with articles I stored “for later”. At the same time, it felt refreshing, liberating to have a clean browser window with zero tabs open. So my new goal is to start work in the morning with a completely clean browser window at least once a week.
In other news: I spent several hours fixing broken links this week, and as a result I can’t say how happy I am that archive.is and archive.org exist to prevent content from disappearing forever. Still, some of the resources I found broken have left forever. So remind yourself about redirecting content.
- There’s a big change coming up for how we write colors in CSS. Tab Atkins recently changed the color functions syntax in the CSS specification. So in future, we will write
rgb(0 255 0 / 50%)instead of
rgba(0, 255, 0, 50%). This might sound awkward after years of doing it differently, but the reason for it are the new color functions available in CSS Colors Level 4, including
color(). You can read more about this in Tab’s blog post, but for now be assured that the old syntax is likely to be supported forever in our browsers thanks to legacy support.
- Opera 39 and Chromium 52 hit the streets this week and with them a couple of new features: The Fetch API now supports a custom referrer policy, Performance Observer is supported, just like alpha channel for RGB colors in hex notation (
#ffffff50) is supported, and CSP 3’s
strict-dynamicdirective is now available as well.
- The new Docker for Mac and Windows is finally production-ready after several months in beta. Great news for all who eagerly awaited it and always had issues with the previous version (i.e. disk and permission management problems).
- Big news from Mozilla this week: With Firefox 48, the multi-process engine e10s is now enabled for many users, making Firefox much more robust, faster and more reliable. Also, protection against harmful downloads has been improved and unsigned/unverified add-ons won’t load anymore. Web Extensions support including CSP enforcements for web extensions is also new, just like the
about:debuggingdeveloper page. For developers, the DevTools come with an improved font inspector,
calc()is now supported for
line-heightand can be nested, and, last but not least, support for the CSP directive
upgrade-insecure-requestshas been added.
async\await, and support for
- In our industry, it’s important to have a connected workflow between design and development to make sure we’re aligned and to make real collaboration possible. Subjects like “avoiding assumptions, team up with our peers or sharing knowledge” will help us work together in a better way, says Simon Colijn.
- Users don’t care what tools we use; they care when we ship something useful. A great presentation by Liz Abinante on the simplicity of tooling, and reasonable choices.
- We take GitHub for granted. We pay for it and we use it as the primary end point for our git-repositories. Now Fabio Akita shares why it’s the more expensive option and how you can use the open-source alternative gitlab on a pre-configured VPS that is cheaper and more flexible. At least worth reading.
- Proofpoint published a very interesting in-depth analysis of a big malvertising network that they found in the wild and that hid itself from plain sight by using steganography and file whitelisting. There’s evidence that they targeted a daily traffic of 1-5 million high-quality client hits.
- Mathy Vanhoef and Tom Van Goethem presented a new HEIST-attack on HTTPS pages to steal SSNs, email addresses, and more. You can view the slides [pdf], or read the write-up [pdf] to understand the attack and what you can do to prevent it.
- Mike West, one of the main persons pushing security web standards at the moment, proposes to introduce an origin-wide policy manifest to reduce the risk that security policies aren’t applied to specific resources. The proposal suggests to use a file in the
/.well-known/origin-policy/[name-goes-here]directory on the origin server, adapting an already used folder name and path.
- The well-known security researcher Jonathan Zdziarski found an issue in Whatsapp’s iOS app, that seems wide-spread in iOS apps in general: Deleted chats aren’t being deleted, which means that forensic experts could reconstruct them. Any app that uses SQLite on iOS has the same issue since deleted entries are only set “free” to be overwritten instead of actually deleted. In fact, Apple’s Messages app faces the same issues, and cloud sync makes this even worse as it spreads the deleted information to other devices. Jonathan finally shows how to implement an SQLite database in an iOS app to prevent this issue.
- The Battery Status API in general sounds like a great addition to our web platform. Initially built by Mozilla to complete the API-set on the web, we can use it on websites to reduce the amount of interactivity and animation or serve videos in low resolutions when the battery is nearly empty, for example. Lukasz Olejnik, however, found out that this API is actually already used as a user tracking identifier by ad networks and others. And last but not least, it can also be used to charge more for a service when a user’s battery is low—as reportedly done by Uber.
- Mattias Geniar had a look at Google’s new QUIC protocol that uses UDP instead of TCP and manages to be more reliable and faster—an ideal candidate as a successor to the TCP protocol. While it’s still at an early stage, the IETF is considering to make it a standard, Google uses it for some of their services already, and several server and browser vendors have plans to implement it, too.
- For very big websites, we often tend to use a CMS, as this seems to be the best option at first glance. But what about choosing a static site generator for better performance and less security risks? Stefan Baumgartner shares his experience with using static site generators at scale and how they even build built something like a content management system around it.
- React is a bit different when it comes to technical design decisions. Chris James Hycner looks into SVG icon systems for React.js and how to build a well-working module for it.
Work & Life
- Hannah Rosefield puts exhaustion, the ‘status symbol’ of today, into perspective.
- Tom Bartel shares some great thoughts on re-calibrating your productivity sensors as a developer. Reframe your work, whether it’s managing people, talking to others, or actual coding work whenever you think you’re not productive. Most of the time it’s simply untrue.
- Simon St. Laurent on decentralizing the web. Some useful thoughts about our current lock-in on technology, service providers, and centralized solutions, and how we might be able to break that up again to unlock the real power of the web.
- Katharine Viner writes about how social media swallowed the news and how the consequences of this go far beyond journalism. An interesting essay on how well-done social marketing has an enormous influence on the decisions people make—no matter if it’s about buying a product or making a political decision.
- Since the financial crisis, the private equity industry has become hugely influential. The New York Times curated a lovely, interactive story about how private equity plays out in your daily life.