So, what do we have this week? Well, it’s quite a lot actually. For example, there’s now a deal that might make Opera’s browser a Chinese business1, leaving all privacy and security efforts that have recently been made in the browser uncertain. If you want to dive into learning ECMAScript 6, Wes Bos has published a huge series of ES6 screencasts2 this week that are absolutely worth the money. Besides, there are a few other recommendations for you to read this week. Let’s get started.
- The new “technology preview” version of Safari now supports Google’s WebP format3. Note that it’s currently a beta test version, and the final support is unknown — however, it could be interesting since it would mean native support of the file-format for Mac OS as well, making it the first large OS supporting WebP.
- httpoxy4 is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. This means it’s a critical vulnerability test for your php-fpm, mod_php, Python and Go CGI handlers that you should check and fix security issues immediately. Note that only serving HTTPS doesn’t help here; to mitigate the attack, you need to block proxy request headers as early as possible, and definitely before they hit your application.
Tools & Workflows Link
- Peermaps5 provides a decentralized, cooperative alternative to commercial map providers like Google Maps. Instead of fetching data from a centralized service, fetch map data from your peers using webtorrent.
- With ZeroNet6 is another decentralized hosting technology, currently in development. The Bitcoin-crypto and BitTorrent-driven technology is an alternative approach to the decentralized idea of IPFS7.
- Firefox 48, out August 2, 20168, will block known plugin fingerprinting services thanks to a new blocklist that Mozilla developed to improve user privacy. For example, Flash files that are known for fingerprinting (or “super cookies”) are automatically blocked. In other news, Mozilla also announced that they will implement Tor’s privacy settings in Firefox9, starting in Firefox 50 with the first features such as plugin information leaks and other techniques known to track down user behavior.
- It seems like most people are unaware of how big of an attack vector browser extensions have become10. They’re still a quite unregulated territory, and although there are inherent limits to what they can do, there is little to no protection against extension malware — your antivirus can’t help you here.
- A new
require-sri-fordirective11 in Content Security Policy gives developers the ability to assert to the browser that every resource of a given type ought to be checked for integrity. If a resource of that type is loaded without integrity metadata, it will be rejected without triggering a network request.
- Is Google’s Project Fi nothing more than an attempt to collect even more data from users? The main goal behind getting into Wi-Fi and cellular network services business seems to be a great addition to collecting data about users’ online behavior14 and it attracts people by its very low pricing.
- Google adjusted their privacy settings once again15. I’ll leave you with these useful links where you can adjust your privacy settings for Maps16, All Account Activity17, more activity controls18, and finally Google Payment privacy settings19 which have opt-in for data sharing and analysis for advertising on by default. Note that Chrome has its own settings in the app as well. So far, privacy…
- Paul Irish left a note this week on Passive Event Listeners20. Apparently, they’re only needed for touch and pointer-events21 and have no advantage when used in other cases.
Work & Life Link
- Andy Budd analyzes the problem of the always recurring question on “Why can’t designers solve more meaningful problems?22”. An essay on how to find the right work for yourself, and why it’s sometimes challenging to acknowledge that their vision differs from the type of job they want to work in. Andy concludes that we need to create an alternative success narrative to what we have now.
Going Beyond… Link
- The NASA has just published the first 2016 climate trend according to which we’re continuing to break all records23 with an average temperature 1.3 degrees Celsius (2.4 degrees Fahrenheit) warmer than the late nineteenth century.
- Katie Rogers asked experts what happens to our human brain when there’s a constant cycle of violent news24. While it of course depends on the individual person, a higher frequency of such news increases fear and the sense of vulnerability and powerlessness. And I’m not saying you shouldn’t follow the news anymore but maybe limiting access to it for yourself is a good idea, as is filtering it on social media (use mute keywords or similar) so you don’t get flooded about violent, horrible news all the time. It’s enough to check it once per day or so and it’s unhealthy if you’re surrounded by anxiety everywhere, all the time.
And with that, I’ll close for this week. If you like what I write each week, please support me with a donation25 or share this resource with other people. You can learn more about the costs of the project here26. It’s available via email, RSS and online.
- 1 http://www.zdnet.com/article/1-2bn-offer-for-opera-scrapped-new-600m-deal-centres-on-browser-and-consumer-business/
- 2 https://es6.io/
- 3 http://www.cnet.com/news/apple-ios-macos-tests-googles-webp-graphics-to-speed-up-web/
- 4 https://httpoxy.org/
- 5 https://github.com/substack/peermaps
- 6 https://zeronet.io/
- 7 https://ipfs.io/
- 8 http://www.ghacks.net/2016/07/18/firefox-48-blocklist-against-plugin-fingerprinting/
- 9 http://www.ghacks.net/2016/07/04/tor-privacy-settings-coming-to-firefox/
- 10 https://kjaer.io/extension-malware/
- 11 https://www.chromestatus.com/feature/5635811978510336
- 12 https://kjaer.io/extension-malware/
- 13 https://kjaer.io/extension-malware/
- 14 http://www.computerworld.com/article/2914838/data-privacy/project-fi-will-help-google-amass-even-more-data-about-you.html
- 15 https://www.wired.com/2016/06/latest-ad-tracking-move-google-gets-opt-right/
- 16 https://www.google.com/maps/timeline
- 17 https://myactivity.google.com/myactivity
- 18 https://myaccount.google.com/activitycontrols
- 19 https://payments.google.com/s/?page=privacySettings
- 20 https://dom.spec.whatwg.org/#dom-eventlisteneroptions-passive
- 21 https://twitter.com/paul_irish/status/755175394140053505
- 22 http://www.andybudd.com/archives/2016/07/why_cant_designers_solve_more_meaningful/
- 23 https://www.nasa.gov/feature/goddard/2016/climate-trends-continue-to-break-records
- 24 http://www.nytimes.com/2016/07/16/health/what-is-a-constant-cycle-of-violent-news-doing-to-us.html?_r=0
- 25 https://wdrl.info/donate
- 26 https://wdrl.info/costs/
Hold on, Tiger! Thank you for reading the article. Did you know that we also publish printed books and run friendly conferences – crafted for pros like you? Like SmashingConf Barcelona, on October 25–26, with smart design patterns and front-end techniques.