Web Development Reading List #156: Browser News, Webpack 2, And Lessons Learned From HPKP

Is a person who is sitting by herself in a room alone? From an outside perspective, it might seem so, but the human brain is way more interesting in these regards. We carry a map of relationships inside ourselves, and it depends on this map if the person actually does feel alone or not.

I just read “Stress and the Social Self: How Relationships Affect Our Immune System¹”, and I feel that we can learn a lot from it. In fact, I might see social media from a different perspective now. We’re social beings, I love sharing good content with you, so, without further ado, here’s this week’s web dev reading list.

News Link

• Opera 41 and Chrome 54 are out², and they come with some interesting new features. The updates now support Custom Elements v1 as well as some new and convenient JavaScript methods like ParentNode.prototype.append() or unprefixed CSS user-select. On the other hand, they removed TouchEvent.prototype.initTouchEvent (you’ll need to use the constructor from now on), and KeyboardEvent.prototype.keyIdentifier has been replaced by KeyboardEvent.prototype.key.
• Following a suggestion by other major browser vendors, Mozilla will distrust WoSign and StartCom certificates³ from January 1st, 2017 due to backdated certificates and non-disclosure and denial of an acquisition of the two companies. A great step for better CA security.
• Node.js v6 transitioned to the current LTS version⁴ this week and Node.js v7 has been released⁵, too. It covers 98% of ES6, brings the new V8 engine, improved reliability and performance, and a new URL-parser based on the WHATWG URL standard.

General Link

• With the upcoming Chrome 55⁶ (now in beta), the browser will finally get support for Pointer Events. It will also support JavaScript async/await-functions and revive the CSS hyphens property after years of absence in Chromium browsers. The once Event Listener option will also be added and, to improve load times and prevent failed navigations, cross-origin and parser-blocking scripts injected using document.write() will no longer load over 2G connections (which also means that 3rd-party fallbacks as used by the HTML5Boilerplate⁷ won’t work anymore in upcoming Chrome versions).

Tools & Workflows Link

• Jack Franklin explains how to migrate from the current Webpack 1 to the upcoming Webpack 2⁸ and where the differences between the two lie.
• Similar to the already showcased Boxy SVG Editor⁹, Vectr¹³¹²¹⁰ is a new online/desktop vector graphics editor with real-time sharing.

¹¹

Security Link

• Paragon Initiative Enterprises share a comprehensive guide to automatic security updates for PHP developers¹⁴ that everyone developing with PHP should be aware of.
• Last week, Smashing Magazine had to deal with an expiring SSL certificate. While this is usually an easy thing to renew, problems may arise if you have HTTP Public Key Pinning (HPKP) enabled and set to a long expiry date (which usually is intended). Mathias Biilmann Christensen now wrote about the lessons learned from this and why you should be aware (and afraid!) of HPKP¹⁵ and how to issue a new certificate with an old key¹⁶ so that the site won’t break for your users with HPKP enabled.

Privacy Link

• Mattias Geniar shares how you can easily block ads and trackers from your entire home network¹⁷ using Pi-Hole¹⁸, a DNS-based blacklist for Raspberry Pi.

Web Performance Link

• Brian Armstrong from Canopy explains why you shouldn’t rely on default DNS settings¹⁹, as the recent Dyn DNS outage has shown. He covers how to configure DNS the right way, why a longer TTL is important, and why having different nameservers from different providers can save your service’s uptime.

²⁰

JavaScript Link

• Fuse.js²² is a new and light-weight JavaScript fuzzy-search library.

CSS/Sass Link

• Roman Komarov wrote about conditions in CSS Custom Properties²³, about solutions, challenges, and how you can benefit from preprocessors when it comes to more complex conditions. The article also mentions a couple of interesting ideas on how the web standard could be extended.

Work & Life Link

• Cal Newport shares his thoughts on how deep breaks during work can help your mind recharge and, thus, improve your productivity²⁴.

Going Beyond… Link

• It’s really interesting to see this kind of back-story: Katie Singer reveals the real amount of energy used to power the internet²⁵ and puts these figures into perspective by comparing how much power anyone of us would need to generate to power a website.

And with that, I’ll close for this week. If you like what I write each week, please support me with a donation²⁶ or share this resource with other people. You can learn more about the costs of the project here²⁷. It’s available via email, RSS, and online.

— Anselm

Footnotes Link

1. 1 https://www.brainpickings.org/2015/10/07/esther-sternberg-stress-relationships/
2. 2 https://dev.opera.com/blog/opera-41/
3. 3 https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/
4. 4 https://medium.com/@nodejs/node-js-v6-transitions-to-lts-be7f18c17159
5. 5 https://nodejs.org/en/blog/release/v7.0.0/
6. 6 https://blog.chromium.org/2016/10/chrome-55-beta-input-handling.html
7. 7 https://github.com/h5bp/html5-boilerplate/blob/master/src/index.html#L26
8. 8 http://javascriptplayground.com/blog/2016/10/moving-to-webpack-2/
9. 9 https://wdrl.info/archive/135/boxy-svg-editor
10. 10 https://vectr.com/
11. 11 https://vectr.com/
12. 12 https://vectr.com/
13. 13 https://vectr.com/
14. 14 https://paragonie.com/blog/2016/10/guide-automatic-security-updates-for-php-developers
15. 15
16. 16
17. 17 https://ma.ttias.be/pi-hole-dns-based-blacklist-ads-tracking-raspberry-pi/
18. 18 https://pi-hole.net/
19. 19 https://medium.com/@brianarmstrong/youre-probably-doing-dns-wrong-like-we-were-6625efaed390
20. 20 https://medium.com/@brianarmstrong/youre-probably-doing-dns-wrong-like-we-were-6625efaed390
21. 21 https://medium.com/@brianarmstrong/youre-probably-doing-dns-wrong-like-we-were-6625efaed390
22. 22 http://fusejs.io/
23. 23 http://kizu.ru/en/fun/conditions-for-css-variables/
24. 24 http://calnewport.com/blog/2016/09/14/on-deep-breaks/
25. 25 http://www.electronicsilentspring.com/real-amount-energy-power-internet/
26. 26 https://wdrl.info/donate
27. 27 https://wdrl.info/costs/

↑ Back to topTweet itShare on Facebook