Web Development Reading List #172: On Reporting Bugs, DNS Subdomain Takeovers, And Sustainable UX
- By Anselm Hannemann
- March 3rd, 2017
- Web Development Reading List
- 1 Comment
As web developers, we all approach our work very differently. And even when you take a look at yourself, you’ll notice that the way you do your work does vary all the time. I, for example, have not reported a single bug to a browser vendor in the past year, despite having stumbled over a couple. I was just too lazy to write them up, report them, write a test case and care about follow-up comments.
This week, however, when integrating the Internationalization API for dates and times, I noticed a couple of inconsistencies and specification violations in several browsers, and I reported them. It took me one hour, but now browser vendors can at least fix these bugs. Today, I filed two new issues, because I’ve become more aware again of things that work in one browser but not in others. I think it’s important to change the way we work from time to time. It’s as easy as caring more about the issues we face and reporting them back.
Further Reading on SmashingMag: Link
- Getting Ready For HTTP/2: A Guide For Web Designers And Developers1
- Front-End Performance Checklist 2017 (PDF, Apple Pages)2
- CSS Grid, Flexbox And Box Alignment: Our New System For Web Layout3
- Help The Community! Report Browser Bugs!4
News Link
- Web annotations5 are now a web standard6, with a defined data model, vocabulary, and protocol. Let’s hope many of the browser vendors (Microsoft Edge) and service platforms will adopt the standard soon. For us developers it’s a huge opportunity, too, to build standardized annotations that are interoperable and to communicate with each other.
Security Link
- Let’s have a look at how Mr. Trump was hacked via DNS subdomain takeover10, a long-known technique11 that most people who configure DNS entries for a domain aren’t aware of.
- Google Chrome now allows permitted site owners of a Chrome extension to override selected user settings12. This means that a browser extension vendor who verified their domain via Google Webmaster Tools can override user settings such as homepage or the default search provider via their website. After reading this attack scenario13, I fear this could take the DNS subdomain attack to a new level.
Web Performance Link
- Justin Avery shares how you can configure HTTP/2 Server Push to work with WordPress14.
CSS/Sass Link
- Sometimes it’s the small things that help you a lot. Did you know that you can save time and avoid confusion in CSS by using the
:not(:last-of-type)
selector instead of two different selectors, for example? Timothy B. Smith explains how this little trick works15. - Jen Simmons wrote yet another great article about the benefits of learning how to code layouts with CSS16.
Going Beyond… Link
- Vicki Boykis wrote an excellent piece called “Fix the internet by writing good stuff and being nice to people17” in which she points out one of the major issues on the internet: the fact that making money off content became worth more than the content itself.
- The free Sustainable UX conference took place two weeks ago. To get some insights into how we can achieve sustainability in tech, you can now watch the conference talks for free18.
And with that, I’ll close for this week. If you like what I write each week, please support me with a donation21 or share this resource with other people. You can learn more about the costs of the project here22. It’s available via email, RSS and online.
— Anselm
Footnotes Link
- 1 https://www.smashingmagazine.com/2016/02/getting-ready-for-http2/
- 2 https://www.smashingmagazine.com/2016/12/front-end-performance-checklist-2017-pdf-pages/
- 3 https://www.smashingmagazine.com/2016/11/css-grids-flexbox-and-box-alignment-our-new-system-for-web-layout/
- 4 https://www.smashingmagazine.com/2011/09/help-the-community-report-browser-bugs/
- 5 https://hypothes.is/blog/annotation-is-now-a-web-standard/
- 6 https://www.w3.org/blog/news/archives/6156
- 7 https://hypothes.is/blog/annotation-is-now-a-web-standard/
- 8 https://hypothes.is/blog/annotation-is-now-a-web-standard/
- 9 https://hypothes.is/blog/annotation-is-now-a-web-standard/
- 10 http://www.networkworld.com/article/3171732/security/iraqi-hacker-took-credit-for-hijacking-subdomain-and-defacing-trump-site.html
- 11 https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
- 12 https://developer.chrome.com/extensions/settings_override
- 13 https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
- 14 https://responsivedesign.is/articles/configuring-http2-push-wordpress/
- 15 https://theboldreport.net/2017/02/css-tip-use-not-to-save-time-and-lines-of-code/
- 16 http://jensimmons.com/post/feb-28-2017/benefits-learning-how-code-layouts-css
- 17 http://blog.vickiboykis.com/2016/11/20/fix-the-internet/
- 18 https://www.youtube.com/playlist?list=PLrJVv8APJhWnHo_Gzt_cVwhLpABKtQi9R
- 19 http://blog.vickiboykis.com/2016/11/20/fix-the-internet/
- 20 http://blog.vickiboykis.com/2016/11/20/fix-the-internet/
- 21 https://wdrl.info/donate
- 22 https://wdrl.info/costs/