Tech News - Web Development

Uber’s design and engineering team has introduced a universal system called Base Web design system, which was open sourced in 2018. Base Web is a suite of React components implementing the “base” design language quickly and easily creating web applications. At Uber, developers, product managers, operations teams, and other employees have to interact with different web applications on a daily basis. As all of these web applications function differently, it puts an additional overhead of learning how to interact with them most effectively. To reduce this time and effort, Uber wanted an universal system, which will act as “a foundation, a basis for initiating, evolving, and unifying web products”. Having a universal design system helps teams of engineers, designers, and product managers to easily work together. It also helps new engineers and designers to quickly get an hang of the possible components and design tokens used by a given engineering organization. One of the key reasons for introducing Base Web was to make it easy for developers to reuse components. Uber’s design and engineering team after talking to its engineers determined that they mainly needed access to: Style customizations The ability to modify the rendering of a component So, they introduced a unified overrides API, which comes with the following benefits: Eliminates top-level properties API overload There is no longer extra properties proxying inconsistently across the composable components Allows you to completely replace the components. Uber is now using Base Web across teams to create its web applications. “Open sourced in 2018 to enable others to experience the benefits of this solution, Base Web is now used across Uber, ensuring a seamless development experience across our web applications,” reads the announcement. To read the official announcement, visit Uber’s official website. Uber open-sources Peloton, a unified Resource Scheduler Introducing ‘Quarkus’, a Kubernetes native Java framework for GraalVM & OpenJDK HotSpot Uber and Lyft drivers strike in Los Angeles  

Yesterday, Jean-Baptiste Kempf, VideoLAN president announced dav1d 0.1.0. dav1d is an AV1 decoder from VideoLAN, the same company that offers the popular VLC Media Player. dav1d was first presented in Video Developer Days 2018. The first usable version of dav1d, dav1d 0.1.0 is dubbed as Gazelle. In this release users can use the API, ship the decoder, and expect to receive some support from the developers. New features in dav1d 0.1.0 Since the initial launch of dav1d in September 2018 there has been a lot of work done on it: All AV1 features are now supported, even the ones that are less known 8, 10, 12 bits, and all chroma sub-samplings are supported by dav1d 0.1.0 All AV1 files shared to the developers are supported Developers invested a lot of time to make dav1d 0.1.0 quick, while keeping a maintainable binary size. More assembly for desktop is added. Some assembly for ARMv8, and for older machines (SSSE3) has been merged. In single-thread, on ARMv8, dav1d is now as fast as libaom. With more threads it is even faster. Some more SSSE3 code is being merged. So, dav1d will soon be faster than other decoders, on all platforms. There is also some work being done on shaders, potentially to bring the Film Grain feature. Some benchmarks of dav1d 0.1.0 Biggest advantage dav1d has is its high scalability. The performance gets much better as the number of threads goes up. Results from a 32-core AMD Epyc processor: Source: Medium As you can see. aomdec caps out at 8 threads while dav1d keeps on scaling with higher number of threads. Performance on smartphone processors: Source: Medium On multiple cores, 1080p 30fps can be decoded by most high-end chips released in the past two years. On an Apple A12X, 1440p at 60fps and 4K at 30fps is possible! For more benchmarks and complete comparisons, visit the Medium Post. Presenting dav1d, a new lightweight AV1 decoder, by VideoLAN and FFmpeg A new Video-to-Video Synthesis model uses Artificial Intelligence to create photorealistic videos Mozilla shares how AV1, the new open source royalty-free video codec, works

Google Chrome will soon support something called LazyLoad, a feature that allows browsers to delay the loading of out-of-view images and iframes until the user scrolls near them, shared Scott Little, a Chromium developer yesterday. Why LazyLoad is introduced? Very often, web pages have images and other embedded content like ads placed below the fold and users don’t always end up scrolling all the way down. LazyLoad tries to take the advantage of this behavior to optimize the web browser by loading the important content much faster and hence reducing the network data and memory usage. LazyLoad waits to load images and iframes that are out of view until the user scrolls near them. It is up to the browser to decide exactly how “near”, but it should typically start loading the out-of-view content some distance before the content comes in view. Currently, there are few JavaScript libraries that can be used for lazy loading images or other kinds of content. But, natively supporting such feature in the browser itself will make it easier for websites to take advantage of lazy loading. Additionally, with this feature browsers will be able to automatically find and load content that are suitable for lazy loading. The LazyLoad solution will be supported on all platforms. Web pages just need to use loading="lazy" on the img and iframe elements. For Android Chrome users who have Data Saver turned on, elements with loading="auto" or unset will also be lazily loaded if Chrome finds them to be good candidates for lazy loading based on heuristics. If you set loading="eager" on the image or iframe element they will not be lazily loaded. To read more in detail about LazyLoad, check out its GitHub repository. Google’s Cloud Healthcare API is now available in beta Ian Goodfellow quits Google and joins Apple as a director of machine learning Google dissolves its Advanced Technology External Advisory Council in a week after repeat criticism on selection of members  

At the Chrome Web Summit 2018, Dan Dascalescu, Partner Developer Advocate at Google provided a high-level overview of ChromeOS and discussed Chrome’s core and new features available to web developers. Topics included best practices for web development, including Progressive Web Apps, and optimizing input and touch for tablets while having desktop users in mind. He specified that Chromebooks are convergence machines that run Linux, Android, and Google Play natively without emulation. He explained why ChromeOS can be a good choice for web developers. It not only powers devices from sticks to tablets to desktops, but it can also run web, Android, and now Linux applications. ChromeOS brings together your own development workflow with a variety of form factors from mobiles, tablets, desktop, and browsers on Android and Linux. Run Linux apps on ChromeOS with Crostini Stephen Barber, an engineer on ChromeOS described Chrome’s container architecture which is based on Chrome’s principle of safety, security, and reliability.  By using lightweight containers and hardware virtualization support, Android and Linux code run natively in ChromeOS. Developers can run Linux apps on ChromeOS through Project Crostini. Crostini is based on Debian stable and uses both virtualization and containers to provide security in depth. For now, they are starting out targeting web developers by providing integration features like port forwarding to localhost as a secure origin. They also provide a penguin.linux.test DNS alias, to treat a container like a separate system. For supporting more developer workflows than just web, they are soon providing USB, GPU, audio, FUSE, and file sharing support in upcoming releases. Dan also shared how Crostini is actually used for developing web apps. He demonstrated how you can easily install Linux on your Chromebook. Although Crostini is still in development, most things work as expected. Developers can run IDEs, databases like MongoDB, or MySQL. Anything can be installed with an -apt. It also has a terminal. Dan also mentioned Carlo, which is a Google project that is essentially a helpful node app framework. It provides applications with Chrome rendering capabilities. It uses a locally detected instance of chrome and it connects to your process pipe and then exposes the high-level API to render in Chrome from your NodeScript. If you don’t need low-level features, you can make your app as a PWA which works without a LaunchBar once installed in ChromeOS. Windows Chrome desktop PWA support will be available from Chrome 70+ and Mac from Chrome 72+. Dan also conducted a demo on how to run a PWA. These were the steps: Set up Crostini Install the development environment (node, npm, VSCode) Checkout a PWA (Squoosh) from GitHub Open in VSCode Run the web server Open PWA from Linux and Android browsers He also provided guidance on optimizing forms, handling touch interactions, pointer events, and how to set up remote debugging. What does the future look like for ChromeOS? Chrome team is on improving the desktop PWA support. This includes support for keyboard shortcuts, badging for the launch icon, and link capturing. They are also working on low-latency canvas contexts which are introduced in Chrome 71 Beta. This context uses OpenGLES for rastering, writes directly to the Front Buffer, which bypasses several steps of the rendering process but risks tearing. It is used mainly for high-level interactive apps. View the full talk on YouTube. Day 1 of Chrome Dev Summit 2018: new announcements and Google’s initiative to close the gap between web and native. Meet Carlo, a web rendering surface for Node applications by the Google Chrome team. Google Chrome 70 now supports WebAssembly threads to build multi-threaded web applications.

CASL has released a new version 2.0 bringing with it several compelling opportunities for enhancing web app authorization methods. CASL is an isomorphic authorization JavaScript library which allows you to fix user abilities in the system. It grants you to set permissions in order to access the required resources in the system. You need to define the permissions in a single location since you cannot duplicate them across UI components, API services, and database queries. Some of the noteworthy changes available in CASL 2.0 are: Package Refactoring Refactoring is a process of changing a software system to improve the internal structure of the code without altering the external performance.   The lerna project has refactored CASL 2.0 to monorepo. Because of which MongoDB related functionality is moved into a different package, thus decreasing the core library size. You can find the core package at casl/ability and MongoDB related functionality at casl/mongoose, while helper function at casl/ability/extra. You don’t need to worry about updating your dependencies, thanks to renovate bot. CASL procures Frontend frameworks CASL now has complementary packages for leading frontend frameworks such as React, Vue, Angular and Aurelia. You can now integrate CASL into different single page applications with ease.   For more details, you can refer the README file for each library: CASL Vue package CASL React package CASL Angular package CASL Aurelia package Set abilities per fields Now you can set permissions per field of your application. For example if you want certain users with the ability to change the name of the product but not the product description. You can see suitable form fields for different roles in the admin panel Demo Examples If you want demo tutorials as per CASL 2.0 and complementary packages you can visit: Integrate CASL authorization in Vuejs2 application using CASL and Vue Integrate CASL authorization in React application using CASL and React Integrate CASL authorization in Aurelia application using CASL and Aurelia Integrate CASL authorization in Expressjs application using CASL and Expressjs Integrate CASL authorization in Feathersjs application using CASL and Feathersjs If you want to start implementing CASL library in your project or work, you can visit the GitHub page.

After facing a device fingerprinting bug and security breach, Stack Overflow was again in the news on Thursday. This time it was about its homepage that showcased its new proprietary products while hiding away the primary feature it is widely known for: open, public Q&A. How the updated Stack Overflow homepage looked like? The updated homepage showed the various products Stack Overflow provides. However, it did not show any straightforward way to reach the Q&A site. Here is how the updated UI looked like: Source: Stack Overflow A Stack Overflow user wrote, how he felt when he first saw this homepage: Private Q&A. Oh, this one of those exclusive sites, maybe a forum, where you get to discuss stuff in private, probably need to pay for it, it says coworker, flagship, those are pricey words. Jobs? Oh, this must be like LinkedIn. Probably only professionals and such that only elevate themselves and talk boring stuff. You probably need to pay for exposing your account or something, as you need to on those other job sites to stand a chance. Create an account? And next they'll ask for my credit card, right? No thanks, I'll move on to TechNet or wherever. Other regular users also found this abrupt change frustrating and confusing. A Stack Overflow user compared the updated homepage to that of Facebook and LinkedIn where you require to have an account to post things. He wrote, "Today before I logged in I saw the new home page, and it immediately felt the same to me as going to Facebook or LinkedIn before you have an account. There's a big wall of gibberish that essentially says, "You can't do anything here until you start handing over information about yourself.” It is understandable that Stack Overflow is looking for new avenues for revenues. In 11 years of its existence, it has become much more than a Q&A site with voting and editing functionalities. It provides Stack Overflow for Teams, a private place for your team members to exchange questions and answers about your proprietary software. Another one is, Stack Overflow Talent that helps employers post job listings and discover talents around the globe for their organizations. Stack Overflow for Enterprise provides a platform for building a standalone Q&A community. Despite these new incredible offerings, for most people the Q&A site is what Stack Overflow is, rest all is just an addition to the main product. Hiding the actual feature for which developers visit the site behind a hamburger, while giving the actual screen space to proprietary products is what has turned off many developers. How Stack Overflow responded? After facing backlash, Stack Overflow responded with a workaround for the moment and is currently reviewing the feedback it is getting from the users. Stack Overflow said, “Overall changes in design will not be made at this moment (we are still collecting the feedback you are all posting - thanks for that). And we are carefully reviewing it and will make them later if it's necessary, however, we do want to make it easier to get to the open Q&A as fast as possible, and that means not changing the design right now.” To make it somewhat easier for the users to reach the Q&A section, it has hyperlinked the "open community" in the description. Also, the blue button which was earlier called “Create an account” now goes directly to the Q&A page. Source: Stack Overflow Developers also suggested what Stack Overflow can do to fix this problem, while also showcasing its proprietary products. Here's what a user recommended: “If you're really serious about improving it, then I have some recommendations. 1) reduce the size of the hero banner by ~50%. 2) Remove the "for developers, by developers" section and have the "Developers" button at the top go straight to stackoverflow.com/questions. 3) Remove the section on SO for Teams pricing -- that belongs as a click-through page via the "Private Q&A" link on the "For business by developers" section. On that subject, "Private Q&A" should say "Teams (Private Q&A)". 4) Remove redundant .talent-slope div and .py64 div below it.” Providing teams and enterprises a private area to discuss their coding problems is an incredible idea and there is no wrong in advertising these products to people who love using Stack Overflow. However, it does feel a little overboard to make it the main centerpiece of the homepage, when Stack Overflow is mainly known for its free Q&A feature. Also, considering the huge user base, the whole outcry could have been avoided by a little consultation from the users. Approx. 250 public network users affected during Stack Overflow’s security attack Do Google Ads secretly track Stack Overflow users?

Yesterday, Apollo introduced its Apollo GraphQL Platform for product engineering teams. It is built on Apollo's core open source GraphQL client and server and comes with additional open source devtools and cloud services. This platform is a combination of open source components, commercial extensions, and cloud services. The following diagram depicts its architecture: Source: Apollo GraphQL The Apollo GraphQL platform consists of the following components: Core open source components Apollo Server: It is a JavaScript GraphQL server used to define a schema and a set of resolvers that implement each part of that schema. It supports AWS Lambda and other serverless environments. Apollo Client: It is a GraphQL client that manages data and state in an application. It comes with integrations for React, React Native, Vue, Angular, and other view layers. iOS and Android clients: These clients allows to query a GraphQL API from native iOS and Android applications. Apollo CLI: It is a command line client that provides access to Apollo cloud services. Cloud services Schema registry: It is a central registry that acts as a central source of truth for a schema. It propagates all changes and details of your data,allowing multiple teams to collaborate with full visibility and security on a single data graph. Client registry: It is a registry that enables you to track each known consumer of a schema, which can include both pre-registered and ad-hoc clients. Operation registry: It is a registry of all the known operations against the schema, which similarly can include both pre-registered and ad-hoc operations. Trace warehouse: It is a data pipeline and storage layer that captures structured information about each GraphQL operation processed by an Apollo Server. Apollo Gateway GraphQL gateway is the commercial plugin for Apollo Server. It allows multiple teams to collaborate on a single, organization-wide schema without mixing everyone’s code together in a monolithic single point of failure. To do that, the gateway deploys “micro-schemas” that reference each other into a single master schema. This master schema then looks to a client just like any regular GraphQL schema. Workflows In addition to these components, Apollo also implements some useful workflows for managing a GraphQL API. Some of these workflows are: Schema change validation: It checks the compatibility of a given schema against a set of previously-observed operations using the trace warehouse, operation registry, and (typically) the client registry. Safelisting: Apollo provides an end-to-end mechanism for safelisting known clients and queries, a recommended best practice that limits production use of a GraphQL API to specific pre-arranged operations. To read the full announcement check out Apollo’s official announcement. Apollo 11 source code: A small step for a woman, and a huge leap for ‘software engineering’ 7 reasons to choose GraphQL APIs over REST for building your APIs Baidu open sources ApolloScape and collaborates with Berkeley DeepDrive to further machine learning in automotives

On Tuesday, The Linux Foundation announced that Facebook’s GraphQL project has been moved to a newly-established GraphQL Foundation, which will be hosted by the non-profit Linux Foundation. This foundation will be dedicated to enable widespread adoption and help accelerate the development of GraphQL and the surrounding ecosystem. GraphQL was developed by Facebook in 2012 and was later open-sourced in 2015. It has been adopted by many companies in production including Airbnb, Atlassian, Audi, CNBC, GitHub, Major League Soccer, Netflix, Shopify, The New York Times, Twitter, Pinterest, and Yelp. Why GraphhQL Foundation has been created? The foundation will provide a neutral home for the community to collaborate and encourage more participation and contribution. The community will be able to spread responsibilities and costs for infrastructure which will help in increasing the overall investment. This neutral governance will also ensure equal treatment in the community. The co-creator of GraphQL, Lee Byron said: “As one of GraphQL’s co-creators, I’ve been amazed and proud to see it grow in adoption since its open sourcing. Through the formation of the GraphQL Foundation, I hope to see GraphQL become industry standard by encouraging contributions from a broader group and creating a shared investment in vendor-neutral events, documentation, tools, and support.” The foundation will also provide more resources for the GraphQL community which will benefit all contributors. It will help in organizing events and working groups, formalizing governance structures, providing marketing support to the project, and handling IP and other legal issues as they arise. The Executive Director of The Linux Foundation, Jim Zemlin believes that this new foundation will ensure the long-term support for GraphQL: “We are thrilled to welcome the GraphQL Foundation into the Linux Foundation. This advancement is important because it allows for long-term support and accelerated growth of this essential and groundbreaking technology that is changing the approach to API design for cloud-connected applications in any language.” In the next few months, The Linux Foundation with Facebook and the GraphQL community will be finalizing the founding members of the GraphQL Foundation. Read the full announcement on The Linux Foundation’s website and also check out the GraphQL Foundation’s website. Introducing Apollo GraphQL Platform for product engineering teams of all sizes to do GraphQL right 7 reasons to choose GraphQL APIs over REST for building your APIs Apollo 11 source code: A small step for a woman, and a huge leap for ‘software engineering’

Yesterday, Google announced that it has teamed up with the creator of Robots Exclusion Protocol (REP), Martijn Koster and other webmasters to make the 25 year old protocol an internet standard. The REP, better known as robots.txt, is now submitted to IETF (Internet Engineering Task Force). Google has also open sourced its robots.txt parser and matcher as a C++ library. https://twitter.com/googlewmc/status/1145634145261051906 REP was created back in 1994 by Martijn Koster, a software engineer who is known for his contribution in internet searching. Since its inception, it has been widely adopted by websites to indicate whether web crawlers and other automatic clients are allowed to access the site or not. When any automatic client wants to visit a website it first checks for robots.txt that shows something like this: User-agent: * Disallow: / The User-agent: * statement means that this applies to all robots and Disallow: / means that the robot is not allowed to visit any page of the site. Despite being used widely on the web, it is still not an internet standard. With no set in stone rules, developers have interpreted the “ambiguous de-facto protocol” differently over the years. Also, it has not been updated since its creation to address the modern corner cases. This proposed REP draft is a standardized and extended version of REP that gives publishers fine-grained controls to decide what they like to be crawled on their site and potentially shown to interested users. The following are some of the important updates in the proposed REP: It is no longer limited to HTTP and can be used by any URI-based transfer protocol, for instance, FTP or CoAP. Developers need to at least parse the first 500 kibibytes of a robots.txt. This will ensure that the connections are not open for too long to avoid any unnecessary strain on servers. It defines a new maximum caching time of 24 hours after which crawlers cannot use robots.txt. This allows website owners to update their robots.txt whenever they want and also avoid the overloading robots.txt requests by crawlers. It also defines a provision for cases when a previously accessible robots.txt file becomes inaccessible because of server failures. In such cases the disallowed pages will not be crawled for a reasonably long period of time. This updated REP standard is currently in its draft stage and Google is now seeking feedback from developers. It wrote, “we uploaded the draft to IETF to get feedback from developers who care about the basic building blocks of the internet. As we work to give web creators the controls they need to tell us how much information they want to make available to Googlebot, and by extension, eligible to appear in Search, we have to make sure we get this right.” To know more in detail check out the official announcement by Google. Also, check out the proposed REP draft. Do Google Ads secretly track Stack Overflow users? Curl’s lead developer announces Google’s “plan to reimplement curl in Libcrurl” Google rejects all 13 shareholder proposals at its annual meeting, despite protesting workers

Yesterday, Google released Chrome 76 beta with number of features which includes blocking Flash by default, a dark mode, and making it harder for sites to detect when you’re using Incognito Mode to get around paywalls. https://twitter.com/GoogleChromeDev/status/1139246837024509952 Blocks Flash by default The Chrome 76 beta by default blocks Flash in the browser. Users still have the option to switch back to the current “Ask first” option in [chrome://settings/content/flash]. Per this option, explicit permission is required for each site after every browser restart. Changes to Payments API Chrome 76 has released a fix in the FilesystemsAPI to address how websites are able to detect if you’re using Incognito to get around a paywall. FileSystem API is updated so that “detect private mode” scripts can no longer take advantage of that indicator. Chrome 76 Beta now also makes it easier to use the payments APIs for self-signed certificates on the local development environment. https://twitter.com/paul_irish/status/1138471166115368960   Additionally, PaymentRequestEvent has a new method called changePaymentMethod() and the PaymentRequest object now supports an event handler called paymentmethodchange. You can use both to notify a merchant when the user changes payment instruments. The former returns a promise that resolves with a new PaymentRequest instance. Improvements for Progressive Web Apps Chrome 76 Beta makes it easier for users to install Progressive Web Apps on the desktop by adding an install button to the omnibox. On mobile, developers can now replace Chrome’s Add to Home Screen mini-infobar with their own prompt. PWAs will also check for updates more frequently starting with Chrome 76 - checking every day, instead of every three days. New Dark mode Chrome 76 Beta also adds the Dark Mode. Websites can now automatically enable dark modes and respect user preference by adding a little bit of extra code in the prefers-color-scheme media query. Other improvements Browsers prevent calls to abusable APIs (like popup, fullscreen, vibrate, etc.) unless the user activates the page through direct interactions. However, not all interactions trigger user activation. Going forward, the escape key is no longer treated as a user activation. Chrome 76 beta introduces a new HTTP request header that sends additional metadata about a request's provenance to the server to allow it to make security decisions. Lazyload feature policy has been removed. This policy was intended to allow developers to selectively control the lazyload attribute on the iframe and img tags to provide more control over loading delay for embedded content and images on a per origin basis. The stable release of Chrome 76 is tentatively scheduled for July 30th. You can read about additional changes on Google’s Chromium blog post. Is it time to ditch Chrome? Ad blocking extensions will now only be for enterprise users. Google Chrome will soon support LazyLoad, a solution to lazily load below-the-fold images and iframes. Mozilla puts “people’s privacy first” in its browser with updates to Enhanced Tracking Protection, Firefox Lockwise and Monitor

The 6th Chrome Dev Summit 2018 is being hosted on the 12th and 13th of this month in San Francisco. Yesterday, Day 1 of the summit was opened by Ben Galbraith, the director of Chrome, to talk about “the web platform’s latest advancements and the evolving landscape.” Leading web developers described their modern web experiences as well. Major Chrome Dev Summit 2018 announcements included web.dev, a new developer resource website, and a demonstration of VisBug, a browser-based visual development tool. The summit also included a demo of a new web tool called Squoosh that can downsize, compress, and reformat images. The Chrome Dev Summit 2018 also highlighted some of the browser APIs currently in development, including Web Share Target, Wake Lock, WebHID and more. It also featured a Writable File API currently under development, which would allow web apps to edit local files. New web-based tools and resources web.dev The web.dev resource website provides an aggregation of information for modern Web APIs. It helps users monitor their sites over time to ensure that they can keep their site fast, resilient and accessible. web.dev is created in partnership with Glitch, and has a deep integration with Google’s Lighthouse tool. VisBug Another developer tool VisBug helps developers easily edit a web page using a simple point-and-click and drag and drop interface. This is an improvement over Firebug, Google’s previous tool, which used the website’s source code. VisBug is currently available as a Chrome extension that can be installed from the main Chrome Web Store. Squoosh The Squoosh tool allows you to encode images using best-in-class codecs like MozJPEG, WebP, and OptiPNG. It works cross-browser and offline, and ALL codecs supported even in a browser with no native support using WASM. The app is able to do 1:1 visual comparison of the original image and its compressed counterpart, to help users understand the pros and cons of each format. Closing the gap between web and native Google is also taking initiatives to close the gap between the web and native and make it easy for developers to build great experiences on the open web. Regarding this, Chrome will work with other browser vendors to ensure interoperability and get early developer feedback. Proposals will be submitted to the W3C Web Incubator Community Group for feedback. According to Google, this open development process will be “no different than how we develop every other web platform feature.” The first initiative in this aspect is the writable files API. The Writable Files API Currently, under development, the writable files API is designed to increase the interoperability of web applications with native applications. Users can choose files or directories that a web app can interact with on the native file system. They don’t have to use a native wrapper like Electron to ship their web app. With the Writable Files API, users can create a simple, single file editor that opens a file, allows the user to edit it, and save the changes back to the same file. People were surprised that it was Google who jumped on this process rather than Mozilla which has already implemented version of a lot of these APIs. A hacker news user said, “I guess maybe not having that skin in the game anymore prevented those APIs from becoming standardized? But these are also very useful for desktop applications. Anyways, this is a great initiative, it's about time a real effort was made to close that gap.” Here’s a video playlist of all the Chrome Dev Summit sessions so far. Tune into Google’s livestream to follow the rest of the sessions of the day and watch this space for more exciting announcements. Meet Carlo, a web rendering surface for Node applications by the Google Chrome team. Google Chrome 70 now supports WebAssembly threads to build multi-threaded web applications. #GoogleWalkout demanded a ‘truly equitable culture for everyone’; Pichai shares a “comprehensive” plan for employees to safely report sexual harassment

Back in March this year, the Brave team shared their plans of replacing their desktop Muon runtime, with a more comprehensive Chromium stack for the desktop browser. Yesterday, the team shared a report on performance improvements in Brave Core, which refers to the newly redesigned browser for desktop operating systems. It uses Chromium’s native interface and supports nearly all Chrome features and extension APIs. Brave is a free and open source web browser, founded by the inventor of Javascript and co-founder of Mozilla, with the main focus on privacy and performance. By switching to the Chromium code base, the browser has become the latest addition to the Chromium bandwagon, which now includes Google Chrome, Vivaldi, Opera, and most recently, Edge. This evaluation of Brave Core’s performance was done based on two critical metrics: how quickly it loads pages and how much resources it consumes. Brave 0.24.0 was compared against Brave Core 0.55.12 Beta release. For this comparison, they considered Alexa News Top 10, as they are frequently visited by a lot of people and are run by reputable companies that pay attention to their readers. Results of the performance comparison between Brave Core and Muon-based Brave The team arrived at the following results after comparing the upcoming Brave Core browser with the current version of Muon-based Brave on a desktop computer: Load time savings on common desktops: Brave Core showed a load time savings of 10%-34% on the tested popular media websites with the same page content and blocking. Also, it showed a 22% average and 18% median load time savings. Performance on slower processors: On slower environments, similar to today’s average Android device on a fast 3G connection, the browser showed savings ranging up to 44%. Better CPU utilization: Brave Core showed better CPU utilization with all computationally intensive tasks running faster across all tested websites and configurations. These time savings were a result of several improvements across HTML parsing, JavaScript execution, page rendering, etc. To read more in detail about the performance analysis of Brave, check out their original post. Introducing Basilisk, an open source XUL based browser and “close twin” to pre-Servo Firefox Google’s V8 7.2 and Chrome 72 gets public class fields syntax; private class fields to come soon Google Chrome announces an update on its Autoplay policy and its existing YouTube video annotations

Yesterday, Microsoft released the first preview builds of its Chromium-powered Edge browser for Windows 10. This comes after Microsoft announced last year in December that it will be adopting the Chromium open source project in the development of Microsoft Edge for desktop. You can download these preview builds for testing from the Microsoft Edge Insider site. The new builds are available through three different Microsoft Edge Insider Channels: Beta, Canary, and Developer. Canary builds are the ones that will receive updates every night. Developer builds are much more stable than the Canary builds and will be updated weekly. Beta builds are the most stable ones as compared to the three and will receive updates every 6 weeks. Source: Microsoft Right now, Microsoft is only opening the Developer and Canary channels. Though the company was not so clear about the timeline in the announcement, it does promises that the Beta builds and support for Mac and all the other supported versions of Windows will come in the future. However, there is no mention of whether this new overhauled Microsoft Edge will support Linux. In these preview builds, the team has mostly focussed on the fundamentals. So, current users will not see an extensive range of features and language support. These new Chromium-based Microsoft Edge preview builds do look strikingly similar to Google Chrome. Among the similarities include subtle design finishes, a dark mode, and the ability to manage your sign-in profile. In this Chromium-based Edge implementation, Microsoft has removed or replaced about 50 services that are included in Chromium. Some of them are Google Now, Google Cloud Messaging, and Chrome-OS related services. More details regarding the updates will be shared during a BlinkOn 10 keynote today. These preview builds also bring support for an expanded selection of extensions. Users will no longer have to just choose from the limited set of extensions available on Microsoft’s store as extensions from other third-party stores like Chrome Web Store are also supported. Since this is based on Chromium, it also comes with support for Progressive Web Apps and supports the same developer tools as Chromium. Microsoft is working closely with the team at Google and hopes to work with the broader Chromium community going forward. Their latest contributions to the Chromium open source project includes in areas like accessibility, touch, ARM64, and others. In the future, it plans to introduce smooth scrolling, a reading view free of distractions, grammar tools, and Microsoft Translator integration. Users who have tested these preview builds are finding it unsurprisingly very similar to Chrome. One of the users are Reddit remarks, “To the surprise of no one, its basically chrome. Even my google account came in logged in automatically, same recent sites etc. I wonder if the roadmap will include things like dark mode, I never used the annotations feature so can't vouch much for it. I'm yet to try to make a MS Teams call but looking good so far.” The Verge, after testing the preview builds, shared that the Chromium-powered Edge is showing even better performance than Google Chrome. Many users are also saying that instead of joining hands with Google, Microsoft could have instead gone with Firefox to make the web fair and accessible. “I wish they've would have gone with Firefox's Quantum, in order to try and at least balance out web market shares. MSFT no longer has any leverage in the web, so trying to keep it fair and accessible (no browser monopolies) should be a priority for them (especially since they have quite a few web platforms like office 365),” adds a redditor. To read the official announcement, check out the Microsoft blog. Microsoft’s #MeToo reckoning: female employees speak out against workplace harassment and discrimination Microsoft, Adobe, and SAP share new details about the Open Data Initiative Microsoft reportedly ditching EdgeHTML for Chromium in the Windows 10 default browser

On Monday, Django 2.1.2 was released, which has addressed a security issue regarding password hash disclosure. Along with that, this version fixes several other bugs in 2.1.1 and also comes with the latest string translations from Transifex. Users password hash visible to “view only” admin users In Django 2.1.1, the admin users who had permissions to change the user model could see a part of the password hash in the change form. Also, admin users with “view only” permission to the user model were allowed to see the entire hash. This could prove to be a big problem if the password is weak or your site uses weaker password hashing algorithms such as MD5 or SHA1. This vulnerability has been named CVE-2018-16984 since 13th September, 2018. This issue has been solved in this new security release. Bug fixes A  bug is fixed where lookup using F() on a non-existing model field didn't raised FieldError. The migrations loader now ignores the files starting with a tilde or underscore. Migrations correctly detects changes made to Meta.default_related_name. Support for cx_Oracle 7 is added. Quoting of unique index names is now fixed. Sliced queries with multiple columns with the same name will not result in crash on Oracle 12.1 anymore. A crash is fixed when a user with the view only (but not change) permission made a POST request to an admin user change form. To read the release notes of Django, head over to its official website. Django 2.1 released with new model view permission and more Python web development: Django vs Flask in 2018

Earlier this month, Dirk Lewandowski, Professor of Information Research & Information Retrieval  at Hamburg University of Applied Sciences, Germany, published a proposal for building an index of the Web. His proposal aims to separate the infrastructure part of search engine from the services part. Search engines are our way to the web, which makes them an integral part of the Web’s infrastructure. While there are a significant number of search engines present in the market, there are only a few relevant search engines that have their own index, for example, Google, Bing, Yandex and Baidu. Other search engines that pull results from these search engines, for instance, Yahoo, cannot really be considered search engines in the true sense. The US search engine market is split between Google and Bing with roughly two thirds to one-third, respectively, In most European countries, Google covers the 90% of the market share. Highlighting the implications of Google’s dominance in the current search engine market, the report reads, “As this situation has been stable over at least the last few years, there have been discussions about how much power Google has over what users get to see from the Web, as well as about anti-competitive business practices, most notably in the context of the European Commission's competitive investigation into the search giant.” The proposal aims to bring plurality in the search engine market, not only in terms of the numbers of search engine providers but also in the number of search results users get to see when using search engines. The idea is to implement the “missing part of the Web’s infrastructure” called searchable index. The author proposes to separate the infrastructure part of the search engine from services part. This will allow multitude of services, whether existing as search engines or otherwise to be run on a shared infrastructure. The following figure shows how the public infrastructure crawls the web for indexing its content and provides an interface to the services that are built on top of the index. The indexing stage is split into basic indexing and advanced indexing. Basic indexing is responsible for providing the data in a form that services built on top of the index can easily and rapidly process the data. Though services are allowed to do their further indexing to prepare the documents, the open infrastructure also provides some advanced indexing. This provides additional information to the indexed documents, for example, semantic annotations. This advanced indexing requires an extensive infrastructure for data mining and processing. Services will be able to decide for themselves to what extent they want to rely on the pre-processing infrastructure provided by the Open Web Index. A common design principle can be adopted is allowing services a maximum of flexibility. Credits: arXiv Many users are supporting this idea. One Redditor said, “I have been wanting this for years...If you look at the original Yahoo Page when Yahoo first started out it attempted to solve this problem.I believe this index could be regionally or language based.” Some others do believe that implementing an open web index will come with its own challenges. “One of the challenges of creating a "web index" is first creating indexes of each website. "Crawling" to discover every page of a website, as well as all links to external sites, is labour-intensive and relatively inefficient. Part of that is because there is no 100% reliable way to know, before we begin accessing a website, each and every URL for each and every page of the site. There are inconsistent efforts such "site index" pages or the "sitemap" protocol (introduced by Google), but we cannot rely on all websites to create a comprehensive list of pages and to share it,” adds another Redditor. To read more in detail, check out the paper titled: The Web is missing an essential part of infrastructure: an Open Web Index. Tim Berners-Lee plans to decentralize the web with ‘Solid’, an open-source project for “personal empowerment through data” Google Cloud Next’19 day 1: open-source partnerships, hybrid-cloud platform, Cloud Run, and more Dark Web Phishing Kits: Cheap, plentiful and ready to trick you