The Evergreen List

Welcome to The Evergreen List!
You can find useful links and articles to each category here that stay relevant for a longer time.
Learn more about how and why The Evergreen List is created.

News #

  • CSS Function Syntaxes (color and otherwise) - Tab Completion

    There’s a big change coming up for how we write colors in CSS. Tab Atkins recently changed the color functions syntax in the CSS specification. So in future, we will write rgb(0 255 0 / 50%) instead of rgba(0, 255, 0, 50%). This might sound awkward after years of doing it differently, but the reason for it are the new color functions available in CSS Colors Level 4, including color(). You can read more about this in Tab’s blog post, but for now be assured that the old syntax is likely to be supported forever in our browsers thanks to legacy support.

  • Introducing FlyWeb

    FlyWeb is a new experimental Web API that allows web pages to host local web servers for exposing content and services to nearby browsers. It also adds the ability to discover and connect to nearby local web servers to the web browser itself. This might be a bit hard to grasp now, but imagine this in combination with a decentralized service picking the nearest edge server via FlyWeb. You wouldn’t need any complex external CDN solutions that choose the “nearest” edge server via geolocation resolution or similar unreliable technologies anymore. Another use case could be an “off-grid on-the-fly network” with devices that use FlyWeb together with Bluetooth and WiFi chips to find other devices in the vicinity and hereby introduce a whole new area of network reliability. As FlyWeb is a technology experimentally developed by Mozilla, you need to have Firefox Nightly installed to test this out.

Generic #

Concept & Design #

Tools & Workflows #

Security #

Privacy #

  • From Radio to Porn, British Spies Track Web Users’ Online Identities

    This pretty frightening article, released last week by The Intercept, shows how intelligence companies have broken our web and can spy nearly everyone by tracking all metadata from everyone using online music networks, cookies, video sites, blogging platforms, calls, or photos and online ads. In light of this development, it’s important that we give more focus on privacy for our users by implementing HTTPS (with HSTS, HPKP), limit advertising network’s data grabbing and prevent MITM attacks by using resource integrity hashing for our CDNs.

  • Ethics of Algorithms at a glance

    With the growing usage of algorithms in our everyday lives, we need to raise the question of ethics. Our human brain can make irrational and emotional decisions. And sometimes that is a necessary and good thing. But algorithms and computers can’t. This being the biggest challenge for artificial intelligence, we need to face this fact for already existing mechanisms like the Facebook news feed collection, or hiring algorithms. A good way would be to make such algorithms transparent, to give users a possibility to improve them and to make them more objective.

  • What every Browser knows about you

    Today, as developers, we have many great features built into the browser. On the darker side, many of the features are affecting privacy and security of the user, as a site can read most of the information available even without user noticing anything. A demonstration shows what information a site can get about you without your confirmation. An eye-opener to re-think browser UIs and how much responsibility we, as developers, have to do the right thing. Be it educating the product owners or your own product where you voluntarily display a dialog to give a choice and notice about sending such data to your servers, we should embrace ethics. As a user, I tried to access the demo with a default Chrome setting (revealing horribly much sensitive data) and Firefox with Strict Tracking Protection, uBlock Origin, Disconnect and 3rd party cookies disabled. Despite all blockers, the latter reveals ‘only’ the data about my browser, its active plugins, my hardware and my local and public IP address.

  • Alexa, Cortana, and Siri aren’t novelties anymore. They’re our terrifyingly convenient future.

    A.I. assistants can give you the news, order you a pizza, and tell you a joke. All you have to do is trust them — completely. An interesting story about the new listen-to-us devices that can scare the hell out of you if they surprise you. Reading George Orwell’s “Nineteen Eighty-Four” currently, I keep asking myself how we can still want to have such devices that are fully controlled by some company that only has follow-up commercial interest in selling such devices.

  • How sites can comply with Do Not Track

    This guide explains how websites and apps can comply with the Do-Not-Track settings (newer link: DNT Guide) of users and how to use the Consent API to let people opt-out of tracking. I would love to see every website that tracks something providing it.

  • Facebook’s new ads will track which stores you visit - Recode

    Facebook wants to prove that its ads lead to actual purchases. That’s why Facebook advertisers can now add their physical store locations, and Facebook will then track users by their phone locations and report if they have visited the store. Of course, Facebook is not the first company doing that: Google folks are proud of having done the same already for quite some time. I’m glad I don’t have apps of these brands on my phone anymore.

  • Uh Oh: Google Expands Its Ad Tracking. But, Yay: It’s Opt-In | WIRED

    Google adjusted their privacy settings once again. I’ll leave you with these useful links where you can adjust your privacy settings for Maps, All Account Activity, more activity controls, and finally Google Payment privacy settings which have opt-in for data sharing and analysis for advertising on by default. Note that Chrome has its own settings in the app as well. So far, privacy…

  • Battery Status readout as a privacy risk

    The Battery Status API in general sounds like a great addition to our web platform. Initially built by Mozilla to complete the API-set on the web, we can use it on websites to reduce the amount of interactivity and animation or serve videos in low resolutions when the battery is nearly empty, for example. Lukasz Olejnik, however, found out that this API is actually already used as a user tracking identifier by ad networks and others. And last but not least, it can also be used to charge more for a service when a user’s battery is low — as reportedly done by Uber.

  • Oversharing with the browser’s autofill

    Stoyan Stefanov explains why using autocomplete fields in forms is great for some fields but can easily lead to data oversharing when used on fields that aren’t required.

Web Performance #

HTML & SVG #

Accessibility #

JavaScript #

CSS/Sass #

Work & Life #

Going beyond… #