Web Development Reading List #146: Peermaps, Passive Event Listener Note, And A Shift Of Focus

Web Development Reading List #146: Peermaps, Passive Event Listener Note, And A Shift Of Focus

So, what do we have this week? Well, it’s quite a lot actually. For example, there’s now a deal that might make Opera’s browser a Chinese business1, leaving all privacy and security efforts that have recently been made in the browser uncertain. If you want to dive into learning ECMAScript 6, Wes Bos has published a huge series of ES6 screencasts2 this week that are absolutely worth the money. Besides, there are a few other recommendations for you to read this week. Let’s get started.

News Link

  • The new “technology preview” version of Safari now supports Google’s WebP format3. Note that it’s currently a beta test version, and the final support is unknown — however, it could be interesting since it would mean native support of the file-format for Mac OS as well, making it the first large OS supporting WebP.
  • httpoxy4 is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. This means it’s a critical vulnerability test for your php-fpm, mod_php, Python and Go CGI handlers that you should check and fix security issues immediately. Note that only serving HTTPS doesn’t help here; to mitigate the attack, you need to block proxy request headers as early as possible, and definitely before they hit your application.

Tools & Workflows Link

  • Peermaps5 provides a decentralized, cooperative alternative to commercial map providers like Google Maps. Instead of fetching data from a centralized service, fetch map data from your peers using webtorrent.
  • With ZeroNet6 is another decentralized hosting technology, currently in development. The Bitcoin-crypto and BitTorrent-driven technology is an alternative approach to the decentralized idea of IPFS7.

Security Link

  • Firefox 48, out August 2, 20168, will block known plugin fingerprinting services thanks to a new blocklist that Mozilla developed to improve user privacy. For example, Flash files that are known for fingerprinting (or “super cookies”) are automatically blocked. In other news, Mozilla also announced that they will implement Tor’s privacy settings in Firefox9, starting in Firefox 50 with the first features such as plugin information leaks and other techniques known to track down user behavior.
  • It seems like most people are unaware of how big of an attack vector browser extensions have become10. They’re still a quite unregulated territory, and although there are inherent limits to what they can do, there is little to no protection against extension malware — your antivirus can’t help you here.
  • A new require-sri-for directive11 in Content Security Policy gives developers the ability to assert to the browser that every resource of a given type ought to be checked for integrity. If a resource of that type is loaded without integrity metadata, it will be rejected without triggering a network request.
Getting hacked by a Chrome extension is easier than you think. (Image source13)

Privacy Link

JavaScript Link

Work & Life Link

  • Andy Budd analyzes the problem of the always recurring question on “Why can’t designers solve more meaningful problems?22”. An essay on how to find the right work for yourself, and why it’s sometimes challenging to acknowledge that their vision differs from the type of job they want to work in. Andy concludes that we need to create an alternative success narrative to what we have now.

Going Beyond… Link

  • The NASA has just published the first 2016 climate trend according to which we’re continuing to break all records23 with an average temperature 1.3 degrees Celsius (2.4 degrees Fahrenheit) warmer than the late nineteenth century.
  • Katie Rogers asked experts what happens to our human brain when there’s a constant cycle of violent news24. While it of course depends on the individual person, a higher frequency of such news increases fear and the sense of vulnerability and powerlessness. And I’m not saying you shouldn’t follow the news anymore but maybe limiting access to it for yourself is a good idea, as is filtering it on social media (use mute keywords or similar) so you don’t get flooded about violent, horrible news all the time. It’s enough to check it once per day or so and it’s unhealthy if you’re surrounded by anxiety everywhere, all the time.

And with that, I’ll close for this week. If you like what I write each week, please support me with a donation25 or share this resource with other people. You can learn more about the costs of the project here26. It’s available via email, RSS and online.

— Anselm

Footnotes Link

  1. 1 http://www.zdnet.com/article/1-2bn-offer-for-opera-scrapped-new-600m-deal-centres-on-browser-and-consumer-business/
  2. 2 https://es6.io/
  3. 3 http://www.cnet.com/news/apple-ios-macos-tests-googles-webp-graphics-to-speed-up-web/
  4. 4 https://httpoxy.org/
  5. 5 https://github.com/substack/peermaps
  6. 6 https://zeronet.io/
  7. 7 https://ipfs.io/
  8. 8 http://www.ghacks.net/2016/07/18/firefox-48-blocklist-against-plugin-fingerprinting/
  9. 9 http://www.ghacks.net/2016/07/04/tor-privacy-settings-coming-to-firefox/
  10. 10 https://kjaer.io/extension-malware/
  11. 11 https://www.chromestatus.com/feature/5635811978510336
  12. 12 https://kjaer.io/extension-malware/
  13. 13 https://kjaer.io/extension-malware/
  14. 14 http://www.computerworld.com/article/2914838/data-privacy/project-fi-will-help-google-amass-even-more-data-about-you.html
  15. 15 https://www.wired.com/2016/06/latest-ad-tracking-move-google-gets-opt-right/
  16. 16 https://www.google.com/maps/timeline
  17. 17 https://myactivity.google.com/myactivity
  18. 18 https://myaccount.google.com/activitycontrols
  19. 19 https://payments.google.com/s/?page=privacySettings
  20. 20 https://dom.spec.whatwg.org/#dom-eventlisteneroptions-passive
  21. 21 https://twitter.com/paul_irish/status/755175394140053505
  22. 22 http://www.andybudd.com/archives/2016/07/why_cant_designers_solve_more_meaningful/
  23. 23 https://www.nasa.gov/feature/goddard/2016/climate-trends-continue-to-break-records
  24. 24 http://www.nytimes.com/2016/07/16/health/what-is-a-constant-cycle-of-violent-news-doing-to-us.html?_r=0
  25. 25 https://wdrl.info/donate
  26. 26 https://wdrl.info/costs/
SmashingConf New York

Hold on, Tiger! Thank you for reading the article. Did you know that we also publish printed books and run friendly conferences – crafted for pros like you? Like SmashingConf Barcelona, on October 25–26, with smart design patterns and front-end techniques.

↑ Back to topTweet itShare on Facebook

(Visited 4 times, 1 visits today)