Hey,
last week I couldn’t manage to send out a newsletter so here’s everything from the past two weeks. The previous week I spent on a client work week to meet the remote team and while they’re extremely healthy for team work, to make progress with your company but they’re also exhaustive due to the amount of communication. Still, regardless of whether you’re a remote or on-site team, I can recommend such work retreats with the complete company and discuss important generic topics on a broader level. Surely, actual development will be halted for a few days but I know this can pay out multiple times afterwards as the team is happier, and everyone in the company knows more about the product, goals and vision. But for now, I’ll leave you with the latest news summary about security, productivity, new technical JS and CSS stuff and more.
News
- npm version 6 is out and brings important security improvements. This means you now not only hav a new
npm auditcommand to audit your depenencies for vulnerabilities but npm will do this automatically and report back during dependency installs. It also bringsnpm cito make CI tasks faster, and a couple of other improvements. - Firefox 60 is coming on May, 9th 2018 and will bring the new Style/Quantum CSS engine to Firefox for Android. The CSS
align-*,justify-*andplace-contentproperties have been updated to match the latest specification andpaint-orderhas been implemented. In JavaScript you now can useArray.prototype.values()and ECMAScript 6 module support is implemented and enabled across all platforms which means we will have all major browsers supporting JavaScript modules in May 2018, leaving no support only to IE11, UC Browser, or Samsung Internet. - Node 10 is out and will become the next Long Term Support version in October 2018. It brings generators and async function support, full support for N-API and support for the Inspector protocol.
- Microsoft’s code quality ensurance tool called sonarwhal is now available as the first stable version 1.
- With Chrome 66 having been released now and the newest Firefox version coming up next, two major browser distrust all Symantec certificates issued before June 2016—and trust me when I’m saying there are a lot of sites that still haven’t changed their affected certificates and will be out of reach for users now (Chrome) or very soon (Firefox).
- Chrome 66 is now stable and brings important updates regarding Audio. And while there are many great things, they also changed how websites can access the Audio interface. Philipp Hancke from appear.in, a WebRTC service, shares why the update breaks their app and a couple of others with it with the new user-protection against annoying background-autoplay audio. Things may change soon again as this came up but right now it’s still unclear what you can do except following the advice given in the Chrome bug itself.
Generic
- The new GDPR (General Data Protection Regulation) directive is coming very soon and while our inboxes are full of privacy policy updates, one thing that’s very unclear yet is which services can already provide so called DPAs (Data Processing Agreements). Joschi Kuphal collects services that offer a DPA and shares the resource with us so we can easily look up common services and see how we can obtain a copy in order to continue using their services. Also, you can help by contributing to this resource via Pull Requests.
Security
- This week, a hijack of parts of Amazon’s Route 53 DNS service allowed the people behind it to control and potentially intercept the traffic of the customers who use the service. This is an interesting attack and while it was intended again to steal cryptocurrency, it shows the vulnerabilty of the vital part of the Internet: the DNS.
Web Performance
- Postgres 10 is there already for a while now but yet I personally struggled to find good information how to use all these amazing features it brings. Gabriel Enslein now shares Postgres 10 Performance updates in his slidedeck that give you a clue how to use the built-in JSON support, native partitioning for large datasets, or hash index resiliency and more.
Accessibility
- Marcy Sutton shares how Wikipedia built their new link preview feature in an accessible way so that people can easily use the keyboard as well as a mouse to trigger the overlay. You can also read more on how this feature was built in this post by their designer Nirzar Pangarkar.
JavaScript
- Sam Thorogood shares how we can build a “native undo & redo for the web”, as used in many text editors, games, planning or graphical software and other occasions such as a drag and drop reordering. And while it’s not necessarily easy to build, the article explains the concepts, technical aspects so we can understand this complex matter relatively easily.
- There’s a new way to implement element/container queries into your application: eqio is a tiny library using IntersectionObserver.
Work & Life
- Arestia Rosenberg shares why her number one advice for freelancers is to ‘lean into the moment’. It’s about doing work when you can and using your chance to do something else when you don’t feel you can work productively. In the end, the summary results in a happy life and more productivity. I’d personally extend this to all people who can do that but of course it’s best applicable to freelancers indeed.
- Sam Altman shares a couple of very useful productivity tips that are not just a ‘ten things to do’ list but actually really helpful thoughts about how to think about being productive.
Go beyond…
- Our world is actually built on promises and here’s why it’s so important to stick to your promises even if it’s hard sometimes.
- I’d still bet that most of you haven’t heard of Palantir yet. The company is funded by Peter Thiel and is a data-mining company that has the intention to collect as much data as possible about everybody in the world and is known to collaborate with various law enforcement authorities, has connections to military services. It’s unknown what they do with data, which data they have from us. My only hope right now is that this company will suffer a lot from the EU GDPR directive and the European Union will try to stop their uncontrolled data collection. Facebook’s data practices are nothing compared to Palantir it seems.
- Researchers are sounding the alarm after an analysis showed that buying a new smartphone consumes as much energy as using an existing phone for an entire decade. Guess I’ll not replace my iPhone7 anytime soon. Also, it’s still an absolutely great device and way enough for what I do with it.
- Anton Sten shares his thoughts on Vanity Metrics, a common way to share numbers and statistics out of context. And since he realized what relevancy they have, he thinks differently about most of the commonly readable data such as investments or usage data of services. Reading one number without having a context to compare the number with existing data doesn’t matter at all. And we should keep that in mind.
Anselm