Tech News - Web Development

Yesterday, Microsoft made a list of announcements at their annual Surface hardware event in New York. While the event included interesting announcements such as the new surface PRO 7, surface earbuds and more, the main highlights were the new dual-screen Microsoft Surface Neo and Windows 10 X. The dual-screen Surface Neo is expected to go on sale in 2020, before the holiday season. To enable the smooth working of dual devices, Microsoft has exclusively redesigned Windows 10 version to present the Windows 10 X, also known by the codename “Santorini”. In a statement to Verge, Joe Belfiore, head of Windows experiences said, “We see people using laptops. We see people using tablets. We saw an opportunity both at Microsoft and with our partners to fill in some of the gaps in those experiences and offer something new.” At the event, Microsoft said that they are announcing the new hardware and software early to help developers come up with exclusive applications ahead of the launch. It also added that Windows 10 X is not a new operating system, but just a more adaptable format of it. This means that Windows 10 X will only be available on dual-screen devices and not as a standalone copy of Windows 10 X. Read Also: A Microsoft Windows bug deactivates Windows 10 Pro licenses and downgrades to Windows 10 Home, users report The Surface Neo device has two separate 9-inch displays that can fold out to a full 13-inch workspace. It has an intricate hinge which will allow the device to switch into a variety of modes. The device also has a Bluetooth keyboard that flips, slides, and locks into place with magnets that can be stored and secured to the rear of the device. Surface Neo also has a Surface Slim Pen, which gets attached magnetically. Microsoft has maintained that the device is not completely ready and more developments can be expected by the time of its launch. Microsoft may modularize the Windows 10 core technology and use the Start menu to display that in HoloLens. Similarly, Windows 10 X can also put the taskbar or Start menu on either panel as needed. Users will also be able to use the Start menu on either panel, depending on the work they are doing on either of the two panels. Read Also: Microsoft Azure VP demonstrates Holoportation, a reconstructed transmittable 3D technology Windows 10 X could be used in a number of ways like note-taking, mobile presentation, portable all-in-one, laptop, and reading. The engineering lead on Windows 10X, Carmen Zlateff says, “We’re working to take the best of the applications that people need and use most — things like Mail, Calendar, and PowerPoint — and bring them over to dual screens in a way that creates flexible and rich experiences that are unique to this OS and devices.” He further adds, “Our goal is that the vast majority of apps in the Windows Store will work with Windows 10X.” Users are excited about the new Surface Neo and Windows 10 X announcements. https://twitter.com/RoguePlanetoid/status/1179447805036941312 https://twitter.com/BenBajarin/status/1179414618021748737 TensorFlow 2.0 released with tighter Keras integration, eager execution enabled by default, and more! How Chaos Engineering can help predict and prevent cyber-attacks preemptively An unpatched vulnerability in NSA’s Ghidra allows a remote attacker to compromise exposed systems

Welcome to this week's web development news bulletin. There's plenty of new software releases you might want to take note of... Web development news from the Packt Hub What's new in ECMAScript 2018? Get ready for Bootstrap 4.1. New software releases Quid has been released. It's a new tool that aims to support web component composition. Jekyll 3.8.0 has been released. The Jekyll team recently announced an update to their static website publishing tool with lots of new features. It includes some future-proofing improvements, and some bug fixes. Laravel 5.6.17 has been released. Laravel News notes that the release features "helpers to make subquery joins more straightforward, along with a few minor changes and locking Carbon at 1.25.* on the Laravel 5.6 branch." ReactiveSearch v2.6: Elasticsearch UI Components for Web. Version 2 of Google's Client library is now generally available. TypeORM 0.2.0 released - An ORM for TypeScript and JavaScript.

Sails v1.0 is here! Sails.js is an MVC framework for Node.js, to easily build custom, enterprise-grade Node.js apps. It combines the familiarity of working with MVC pattern of frameworks like Ruby on Rails, with the requirements of modern apps, such as data-driven APIs with a service-oriented architecture. Version 1.0 promises to provide a better developer experience over backward compatibility. Because of this, the upgrade to Sails 1.0 may include more breaking changes than previous versions. Here’s an overview of what's changed in this release and some of the new features you might want to take advantage of in your app. Sails v1.0 no longer supports Node v0.x; the earliest version it supports is Node 4.x. Sails v1.0 introduces custom builds. These custom builds provide more control over an app’s dependencies as certain core hooks are now installed as direct dependencies of an app. It also makes npm install sails run considerably faster. The new Sails also comes with several improvements in app configurations. This includes: datastores, which is by far the biggest change in app configuration. Datastores represent the data sources configured for an app. automatic install of lodash and async are now customizable to any version. view engine configuration syntax has been normalized to be consistent with the approach in Express v4+. The new blueprint API is getting expanded to include a new endpoint which might require developers to make changes in the client-side code. Most importantly, Sails v1.0 comes with a new release of Waterline ORM (v0.13). This Waterline version introduces full support for SQL transactions, picking/omitting attributes in result sets, dynamic database connections, and more granular control over query behavior. It also comes with a major stability and performance overhaul. These cover the majority of changes that Sails version 1.0 has introduced. A comprehensive list of all changes along with the necessary code files required to upgrade to the version 1.0 is available on the Sails Documentation.

Last month, the team behind Selenium silently slipped in Selenium 4 alpha on the Maven Repository without any official announcement. Alpha release means that developers can start testing out the new updates in the software but are not recommended to use it in production. Selenium 4 is a major release, which was actually planned to ship by Christmas last year, as shared by Simon Stewart, one of the Selenium lead developers and the inventor of WebDriver, at the Selenium Conference India 2018. https://www.youtube.com/watch?v=ypmrrJmgM9U&feature=youtu.be However, going by the status on SeleniumHQ GitHub repository, we can expect more delay in this release. This situation is very similar to that of Selenium 3.0 release. Back in 2013, Stewart shared that Selenium 3.0 will be released by Christmas, which ended up hitting the market after 3 years of the announcement. "I did say Christmas, but I didn't specify what year," he jokingly said in a webinar in 2016. Following are some of the updates in Selenium 4 alpha release: Native support removed for Opera and PhantomJS Starting from this release, the Opera and PhantomJS browsers will not be supported natively as the WebDriver implementations for these browsers are no longer under active development. Since Opera is built on top of the Chromium open source projects, users are recommended to test with the Chrome browsers. PhantomJS users can use Firefox or Chrome in headless mode. Updates for W3C WebDriver Spec Compliance Selenium 4 WebDriver will be completely standardized with W3C. In lieu of this, the following changes are made in this release: Changes to the Actions API This release comes with a revamped Actions API to comply with the WebDriver specifications. The Actions API serves as a low-level interface for providing virtualized device input to the web browser. Currently, Actions is only supported in Firefox natively. Other browser users can use this API by putting the Actions class into “bridge mode”. It will then attempt to translate mouse and keyboard actions to the legacy API. Alternatively, users can continue using the legacy API via the ‘lib/actions’ module. However, it should be noted that the legacy API will be deprecated and will be removed in a minor release once other browsers start supporting the new API. Other changes This release comes with support for all window manipulation commands WebElement.getSize() and WebElement.getLocation() are now replaced with a single method, WebElement.getRect(). A new method, driver.switchTo().parentFrame() method is added To read what else has been updated in this release, check out change doc on Selenium GitHub repository. Selenium and data-driven testing: An interview with Carl Cocchiaro How to work with the Selenium IntelliJ IDEA plugin How to handle exceptions and synchronization methods with Selenium WebDriver API

Last week, the team behind the Dojo Toolkit announced the release of Dojo 5.0. This release comes with extended support for TypeScript versions from 2.6.x to 3.2.x, condition polyfills, better Build Time Rendering, and more. Dojo is a JavaScript toolkit that equips developers with everything they need to build a web app like language utilities, UI components, and more. New features and enhancements in Dojo 5.0 Conditional polyfills This release provides a better user experience by introducing an out-of-the-box solution for building and loading polyfills in Dojo applications. A polyfill is a piece of code, which implements a feature that web browsers do not support natively. The Dojo build will produce two platform bundles that will be loaded only if two key conditions are fulfilled. First, the shim module is imported somewhere in an application. Second, a user browser does not natively support the browser feature. This update means serving less JavaScript and hence improving the application performance without compromising on features. Better Build Time Rendering (BTR) This version comes with various stability and feature enhancements in BTR such as Dojo Blocks, support for StateHistory API, multiple page HTML generation, better error messaging, and more. BTR was supported in Dojo via the Dojo cli-build-app command since its initial 2.0.0 release. It provides rendering an application to HTML during the build and in-lines the critical CSS enabling the application to effectively render static HTML pages. It also comes with some advantages of server-side rendering (SSR) such as performance and SEO and eliminates the complexities of running a server to support full SSR. Dojo Blocks Dojo Blocks is a new mechanism that allows you to execute code in Node.js as part of the build. A Dojo Block module can do things like reading a group of markdown files, transforming them into VNodes, and making them available to render in the application, all at build time. The results of this Dojo module can be written to the cache that can be used at runtime in the browser. Simplifying testing with Assertion Templates Dojo 5.0 comes with Assertion Templates, that makes testing widgets easier. Earlier, developers had to manually curate each ‘expectedRender’ result per test. Assertion Templates solves this problem by allowing developers to easily modify and layer outputs for the expected render. To read the entire list of updates in Dojo 5.0, check out the official announcement. Dojo 4.0 released with support for Progressive Web Apps, a redesigned Virtual DOM, and more! npm at Node+JS Interactive 2018: npm 6, the rise and fall of JavaScript frameworks, and more Mozilla optimizes calls between JavaScript and WebAssembly in Firefox, making it almost as fast as JS to JS calls  

DPAGE is a web page builder which developers can use to get simple web pages up and running on Blockstack's decentralized internet. DPAGE is built on top of Blockstack, an infrastructure in which you can build decentralized blockchain applications. You need a Blockstack account to log into and start using DPAGE. The Blockstack ID used to log in is stored on the blockchain. All user data is stored on a Gaia node which you can choose. This decentralized setup gives users several advantages over a conventional centralized app: Your data is yours: After using DPAGE, if you don't like it then you can create your own app. Alternatively, you can use any other web page builder and all your data will be with you and not owned by any web page/app. Users are not restricted by any vendor lock-ins. A Blockstack ID is virtually impossible to block unlike centralized identities. Google or Facebook IDs can be blocked by companies. All private user data is encrypted end-to-end. Which means that no one else can read it including the DPAGE creators. The data stored is not stored with DPAGE The profile details and user data are stored on a Blockstack’s Gaia storage hub by default. DPAGE itself doesn't store any user data on its servers. You can also run your own storage hub on a server of choice. They store data with Blockstack and they store it on ‘personal data lockers built on Google, AWS, and Azure’. It is safer than some centralized web pages As all private data is encrypted, it's more difficult for hackers to steal user data from the decentralized app. There is no central database that contains all the data, so hackers also have less incentive to hack into DPAGE. However, DDOS attacks are a possibility if the hackers target a specific Gaia hub. There is no user-specific tracking DPAGE only collects non-identifiable analytics of the users for improving the service. The service itself doesn't store or read private pages. There are some positive reactions on Hacker news: “This indeed a seriously cool product, hope more people realize it.” Another comment says: “Nice, I think this is what the web needs, a Unix approach so tools can be built on top and hosts are interchangeable.” To check out DPAGE, visit their website. The decentralized web – Trick or Treat? Origin DApp: A decentralized marketplace on Ethereum mainnet aims to disrupt gig economy platforms like Airbnb and Uber Microsoft announces ‘Decentralized Identity’ in partnership with DIF and W3C Credentials Community Group

In a meeting conducted last month, the CSS Working Group has agreed on introducing a few trigonometry functions in CSS. Created in 1997 by the World Wide Web Consortium (W3C), the CSS Working Group is responsible for discussing new features and tackling issues in CSS. Currently, they have approved the following 10 functions: Sine: sin() Cosine: cos() Tangent: tan() Arccosine: acos() Arcsine: asin() Arctangent: atan() Arctangent of two numbers x and y: atan2() Square root: sqrt() Square root of the sum of squares of its arguments: hypot() Power of: pow() CSS is no longer just limited to changing colors or fonts. Developers have been slowly relying on CSS for implementing much more complex tasks. CSS 3, its overhauled version, comes with several web animations, gradients, certain selectors, and more. However, CSS lacked the ability to work with angles and perform much more advanced mathematical operations than adding, subtracting, multiplying, or dividing two values. This decision comes after multiple requests by web developers to introduce trigonometric functions for simplifying implementations of many use cases that involve angles. These will be very handy in cases like syncing rotation angles, converting between angles and x/y dimensions, and more. Currently, for implementing these use cases developers had to either hardcode, use JavaScript, or a preprocessor, which is a pain. Explaining the need of trigonometric functions in CSS, one of the developers said, “In static markup, the solution is to hard-code approximate values, but that often leaves pixel gaps or discontinuities from rounding errors. In dynamic situations, as others have mentioned, the only solution is JavaScript (with lots of converting back and forth between radians for the JS functions and degrees or turns for my design and for SVG properties, which is the only time I usually need Math.PI!).” Developers are also requesting for reciprocal functions for calculating cotangent, secant, and cosecant. These will be very convenient but are currently not a priority. Read the discussion by CSS Working Group, check out its GitHub repository. Erlang turns 20: Tracing the journey from Ericsson to Whatsapp How you can replace a hot path in JavaScript with WebAssembly Bootstrap 5 to replace jQuery with vanilla JavaScript

Yesterday, the Cloud Native Computing Foundation (CNCF) announced the general availability of gRPC-Web, which means that it is stable enough for production use. It is a JavaScript client library that allows web apps to directly communicate with backend gRPC services, without the need for an intermediate HTTP server. This serves as an alternative to the REST paradigm of web development. What is gRPC? Source: gRPC Initially developed at Google, gRPC is an open source remote procedure call (RPC) framework that can run in any environment. gRPC allows a client application to directly call methods on a server application on a different machine as if it was a local object. gRPC is based on the idea of defining a service, specifying the methods that can be called remotely with their parameter and return types. To handle the client calls the server then implements this interface and runs a gRPC server. On the client side, the client has a stub that provides the same methods as the server. One of the advantages of using gRPC is that gRPC clients and servers can be written in any of the languages supported by gRPC. So, for instance, you can easily create a gRPC server in Java with clients in Go, Python, or Ruby. How gRPC-Web works? With gRPC-Web, you can define a service “contract” between client web applications and backend gRPC servers using .proto definitions and auto-generate client JavaScript. Here is how gRPC-Web works: Define the gRPC service: The first step is to define the gRPC service. Similar to other gRPC services, gRPC-Web uses protocol buffers to define its RPC methods and their message request and response types. Run the server and proxy: You need to have a gRPC server that implements the service interface and a gateway proxy that allows the client to connect to the server. Writing the JavaScript client: After the server and gateway are up and running, you can start making gRPC calls from the browser. What are the advantages of using gRPC-Web? Using gRPC-Web eliminates some of the tasks from the development process: Creating custom JSON serialization and deserialization logic Wrangling HTTP status codes Content type negotiation The following are its advantages: End-to-end gRPC gRPC-Web allows you to officially remove the REST component from your stack and replace it with pure gRPC. Replacing REST with gRPC will help in scenarios where a client request goes to an HTTP server, which interacts with five backend gRPC services. Tighter coordination between frontend and backend teams As the entire RPC pipeline is defined using Protocol Buffers, you no longer need to have your “microservices teams” alongside your “client team.” The interaction between the client and the backend is just one more gRPC layer amongst others. Generate client libraries easily With gRPC-Web, the server that interacts with the “outside” world is now a gRPC server instead of an HTTP server. This means that all of your service’s client libraries can be gRPC libraries. If you need client libraries for Ruby, Python, Java, and 4 other languages, you no longer have to write HTTP clients for all of them. You can read CNCF’s official announcement on its website. CNCF accepts Cloud Native Buildpacks to the Cloud Native Sandbox Cortex, an open source, horizontally scalable, multi-tenant Prometheus-as-a-service becomes a CNCF Sandbox project Google Cloud hands over Kubernetes project operations to CNCF, grants $9M in GCP credits

Developers will now find it easier to build interactive web applications using R, with RStudio formally announcing that the release of Shiny 1.1.0 is on the horizon. This is expected to be a major release, with support for asynchronous operations and quite a few other important feature updates. What’s new in Shiny 1.1.0 Shiny 1.1.0 brings asynchronous programming capabilities to R, with the integration of the promises package. The main aim of this is to move away from R’s single-threaded nature and increase the scalability and overall responsiveness of the web application. This is quite an important enhancement, considering a web application traditionally designed in R was quite slow and one-dimensional. Users running a long calculation or task on a web app using Shiny would bring the process to a halt for other users. This will not be the case anymore, with the introduction of asynchronous programming features. Some of the other significant features introduced in this release include: The functions extractStackTrace and formatStackTrace are deprecated and will be removed in the future versions of Shiny Improved support for JavaScript, with a new function for comparing version strings called Shiny.compareVersion() Improved functionality of stack traces and support for deep stack traces for efficient memory allocation File drag and drop feature breaking in the presence of jQuery 3.0 has been fixed Improved error handling Bug fixes for significant performance improvement, and a lot more. You can check the full changelog for Shiny 1.1.0 on Shiny’s official Github page. Shiny has been R’s premier package for designing interactive graphics for web applications, and has been rivalling the likes of Tableau and other Business Intelligence tools. It will be interesting to see how users receive the new features introduced in 1.1.0, especially the asynchronous programming features allowing the web apps to perform faster and more efficiently. Introducing R, RStudio, and Shiny When do we use R over Python? Top 5 programming languages for crunching Big Data effectively

D3.js, the popular javascript library is now available in version 5.0. This version D3 5.0, introduces only a few non-backward-compatible changes. D3.js is a JavaScript library for manipulating documents based on data. D3 combines powerful visualization components and a data-driven approach to DOM manipulation. It helps bring data to life using HTML, SVG, and CSS without restriction to a proprietary framework. Here are the most notable changes available in D3 5.0: D3 5.0 now uses Promises instead of asynchronous callbacks to load data. Promises simplify the structure of asynchronous code, especially in modern browsers that support async and await. D3 now also uses the Fetch API instead of XMLHttpRequest where the d3-request module has been replaced by d3-fetch. D3 5.0 also deprecates and removes the d3-queue module. Developers can use Promise.all to run a batch of asynchronous tasks in parallel, or a helper library such as p-queue to control concurrency. D3 no longer provides the d3.schemeCategory20 categorical color schemes. It now includes d3-scale-chromatic, which implements excellent schemes from ColorBrewer, including categorical, diverging, sequential single-hue and sequential multi-hue schemes. It also provides implementations of marching squares and density estimation via d3-contour. There are two new d3-selection methods: selection.clone for inserting clones of the selected nodes, and d3.create for creating detached elements. In addition, D3’s package.json no longer pins exact versions of the dependent D3 modules. This fixes an issue with duplicate installs of D3 modules. As a developer you can be assured that the API has been very stable since the release of 4.0. The only significant breakage will be in adopting modern asynchronous patterns i.e. promises and Fetch. You can download the latest version from d3.zip. The latest release can also be linked directly by copying this snippet: <script src="https://d3js.org/d3.v5.min.js"></script> The list of entire changes and code files are available in the release notes.

Today, Amazon released Smoke Framework, a lightweight server-side service framework written in the Swift programming language. The Smoke Framework uses SwiftNIO for its networking layer by default. This framework can be used for REST-like or RPC-like services and in conjunction with code generators from service models such as Swagger/OpenAPI. The framework also has a built-in support for a JSON-encoded request and response payloads. Working of Swift-based Smoke Framework The Smoke Framework provides the ability to specify handlers for operations the service application needs to perform. When a request is received, the framework will decode the request into the operation's input. When the handler returns, its response (if any) will be encoded and sent in the response. Each invocation of a handler is also passed an application-specific context, allowing application-scope entities such as other service clients to be passed to operation handlers. Using the context allows operation handlers to remain pure functions (where its return value is determined by the function's logic and input values) and hence easily testable. Parts of the Smoke framework The Operation Delegate The Operation Delegate handles specifics such as encoding and decoding requests to the handler's input and output. The Smoke Framework provides the JSONPayloadHTTP1OperationDelegate implementation that expects a JSON encoded request body as the handler's input and returns the output as the JSON encoded response body. The Operation Function By default, the Smoke framework provides four function signatures that this function can conform to ((InputType, ContextType) throws -> ()): Synchronous method with no output. ((InputType, ContextType) throws -> OutputType): Synchronous method with output. ((InputType, ContextType, (Swift.Error?) -> ()) throws -> ()): Asynchronous method with no output. ((InputType, ContextType, (SmokeResult<OutputType>) -> ()) throws -> ()): Asynchronous method with output. Error handling By default, any errors thrown from an operation handler will fail the operation and the framework will return a 500 Internal Server Error to the caller (the framework also logs this event at Error level). This behavior prevents any unintentional leakage of internal error information. Testing The Smoke Framework has been designed to make testing of operation handlers straightforward. It is recommended that operation handlers are pure functions (where its return value is determined by the function's logic and input values). In this case, the function can be called in unit tests with appropriately constructed input and context instances. To know more about this in detail, visit Smoke framework’s official GitHub page. ABI stability may finally come in Swift 5.0 Swift 4.2 releases with language, library and package manager updates! What’s new in Vapor 3, the popular Swift based web framework

Last week, Eagle, a Taiwan based startup, launched an application that helps designers better organize and manage their digital assets. These assets allow designers to use design mockups, inspirational images, pictures, screenshots, and user interfaces, easily on their desktops. The Eagle App is similar to the image version of ‘Evernote’ application. Eagle allows the use of folders, tags, colors and many other factors to manage, categorize and sort images. When in need of these images, users may use the powerful search engine to easily locate the desired image quickly. The application also supports Mac and Windows operating systems. The Eagle app helps users to keep their design files neat and tidy. It works with formats such as JPG, PNG, GIF, EPS, TIF, SVG, Photoshop, Adobe Illustrator, Keynote, PowerPoint, MP4, PDF, CINEMA 4D, and more. Augus Chen, Founder of Eagle, says, “Eagle helps you manage pictures, screenshots, user interfaces and designs that make your lightbulb shine. If you are a designer, you will definitely love this. It’s super easy to sync it through Google Drive, Dropbox, OneDrive or any other cloud storage service. Browser plug-ins and filtering functions save a lot of time for designers.” Key Features of Eagle App include: Browser Extension to save images and screenshots from any website. Save a bunch of images at once from a website. Drag & Drop images from other apps. Handy Clipboard to copy and paste any image you like. Add Tags to any image or a group of images to find them faster Smart Folders to organize and automatically filter images by name or tags Annotate ideas and suggestions on a specific area of an image Advanced Filter to search for images based on keywords, colors, image formats, etc. To know more about Eagle App in detail, visit its official website. NGINX Hybrid Application Delivery Controller Platform improves API management, manages microservices and much more! GNOME 3.32 says goodbye to application menus Netlify raises $30 million for a new ‘Application Delivery Network’, aiming to replace servers and infrastructure management

Last week, the team at Rocket released Rocket 0.4, a web framework for Rust which focuses on usability, security, and performance. With Rocket, it is possible to write secure web applications quickly and without sacrificing flexibility or type safety. Features of Rocket 0.4 Typed URIs Rocket 0.4 comes with uri! macro that helps in building URIs to route in the application in a robust, type-safe, and URI-safe manner. The type or route parameter that is mismatched are caught at compile-time. With the help of Rocket 0.4, changes to the route URIs get reflected in the generated URIs, automatically. ORM agnostic database support. Rocket 0.4 comes with a built-in, ORM-agnostic support for databases. It provides a procedural macro that helps in connecting Rocket application to databases through connection pools. Rocket 0.4 gets databases configured individually through configuration mechanisms like Rocket.toml file or environment variables. Request-local state Rocket 0.4 features request-local state which is local to a given request and is carried along with the request. It gets dropped once the request is completed. Whenever a request is available, a request-local state can be used. Request-local state is cached which lets the stored data to be reused. Request-local state is used for request guards which get invoked multiple times during routing and processing of a single request. Live template reloading In this version of Rocket, when an application is compiled in debug mode, templates automatically get reloaded on getting modified. To view the template changes, one has to simply refresh and there is no need of rebuilding the application. Major Improvements Rocket 0.4 introduces SpaceHelmet that provides a typed interface for HTTP security headers. This release features mountable static-file serving via StaticFiles. With this version of Rocket, cookies can automatically get tracked and propagated by client. This version also introduces revamped query string handling that allows any number of dynamic query segments. Rocket 0.4 comes with transforming data guards that transform incoming data before processing it via an implementation of the FromData::transform() method. This version comes with Template::custom() which helps in customizing template engines including registering filters and helpers. With this version, applications can be launched without a working directory. In Rocket 0.4, the log messages refer to routes by name. A default catcher for 504: Gateway Timeout has been added. All derives, macros, and attributes are individually documented in rocket_codegen. To retrieve paths relative to the configuration file, Rocket 0.4 has added Config::root_relative() The private cookies are now set to Http and are also given an expiration date of 1 week by default. What can be expected from Rocket 0.5? Support for Rust Rocket 0.5 will run and compile on stable versions of the Rust compiler. Asynchronous Request Handling Rocket 0.5 will feature the latest asynchronous version that will support asynchronous request handling. Multipart Form Support The lack of built-in multipart form support makes handling file uploads and other submissions difficult. With Rocket 0.5 it will be easy to handle multipart forms. Stronger CSRF and XSS Protection Rocket 0.5 will protect against CSRF using effective robust techniques. It will come with added support for automatic, browser-based XSS protection. Users have been giving some good feedback on the Rocket 0.4 release and are highly appreciative of the Rocket team for the efforts they have taken. A user commented on HackerNews, “This release isn't just about new features or rewrites. It's about passion for one's work. It's about grit. It's about uncompromising commitment to excellence.” Sergio Benitez, a computer science PhD student at Stanford, has been appreciated a lot for his efforts towards the development of Rocket 0.4. A HackerNews user commented, “While there will ever be only one Sergio in the world, there are many others in the broader Rust community who are signaling many of the same positive qualities.” This release has also been appreciated for its feel which is similar to Flask and for its capability of using code generation and function's type signatures to automatically check the incoming parameters. The fact that the next release will be asynchronous has created a lot of curiosity in the developer community and users are now looking forward to Rocket 0.5. Read more about Rocket 0.4 in the official release notes. Use Rust for web development [Tutorial] Introducing ‘Pivotal Function Service’ (alpha): an open, Kubernetes based, multi-cloud serverless framework for developer workloads Kotlin based framework, Ktor 1.0, released with features like sessions, metrics, call logging and more

In November last year, Mozilla filed a case against the FCC (Federal Communications Commission), opposing their decision of retracting the net neutrality protection rules. This was in the order of FCC’s decision to classify the ISPs as Title II (common carrier services) service providers under the Communications Act of 1934. The Title II classifier, unlike Title I, allowed the FCC to have regulatory power over the ISPs. On the other hand, Mozilla and other companies, trade groups, states, and organizations protested this decision as an unethical move by FCC. [box type="shadow" align="" class="" width=""]Net neutrality compels ISPs to treat all the data on the internet as equal. This means that all the data on the internet should be presented at the same rate, without any discrepancy. In a non-net neutrality scenario, the ISPs can create data in fast and slow lanes, block sites, or even charge companies more money to prioritize their content.[/box] Read Also: The future of net neutrality is being decided in court right now, as Mozilla takes on the FCC The latest development in this issue came last week when a U.S. court of appeals for the D.C. Circuit supported the FCC’s decision of revoking the net neutrality rules. The Chairman of the FCC, Ajit Pai, lauded this decision and asserted it as a victory for consumers and broadband deployments. He added, “The court also upheld our robust transparency rule so that consumers can be fully informed about their online options. Since we adopted the Restoring Internet Freedom Order, consumers have seen 40% faster speeds and millions more Americans have gained access to the Internet.” https://twitter.com/AjitPaiFCC/status/1179046254833262597 States can pass their own net neutrality laws Notably, the court has also restricted FCC from preemptively ceasing the states from adopting their own, stricter rules. According to Mozilla, the three-judge panel disagreed with FCC’s argument about preempting state net neutrality legislation across the board. The judges affirmed, “States have already shown that they are ready to step in and enact net neutrality rules to protect consumers, with laws in California and Vermont among others.”  https://twitter.com/mozilla/status/1179107413699497984 This rule paves the way for the 34 U.S. states who have already introduced or passed net neutrality rules. Last year, California’s legislature had passed the Internet Consumer Protection and Net Neutrality Act of 2018 which is dubbed as the strongest net neutrality law in the country. The bill bans internet providers from blocking and throttling legal content and prioritizing sites or services over others. These restrictions are applied to both home and mobile connections. Soon after the bill was passed, the FCC and Department of Justice (DoJ) had filed lawsuits blocking its implementation. Following on the same lines, Vermont had also passed a bill to establish consumer protection and net neutrality standards applicable to internet service providers. However, the Vermont Attorney General’s Office has said that despite the federal appeals court giving states more power to regulate internet providers, the state will not be able to implement the law until the appeals process in the federal case is fully resolved. Verge reports that the judges on the panel criticized FCC for exhibiting “disregard of its duty” by not evaluating how its rule would affect public safety. The court has also asked the FCC to consider the impact that reclassification will have on pole attachments. It also added that the FCC has not sufficiently addressed the concerns about how the change would affect the Lifeline internet access program for low-income Americans. Commenting on allegations, Pai said that they are working on addressing “the narrow issues” that the court has identified. In a blog post, Mozilla said the court’s decision clearly “underscores the frailty of the FCC’s approach” as the judges have questioned the FCC’s reclassification of broadband internet access from a ‘telecommunications service’ to an ‘information service.’ Mozilla has maintained that they are looking forward to continuing this fight with the FCC. If either of the party now decides to appeal, Congress may have to step in to settle the issue. With the Democrats vowing to restore the protections and the Republicans opposing the bill, this battle may end up as a bipartisan compromise. Many U.S. Senators have extended their support for net neutrality on Twitter. https://twitter.com/SenatorBennet/status/1179070818267078656 https://twitter.com/SenMarkey/status/1179111199121772544 US Supreme Court ends the net neutrality debate by rejecting the 2015 net neutrality repeal allowing the internet to be free and open again Spammy bots most likely influenced FCC’s decision on net neutrality repeal, says a new Stanford study Google Project Zero discloses a zero-day Android exploit in Pixel, Huawei, Xiaomi and Samsung devices The OpenJS Foundation accepts NVM as its first new incubating project since the Node.js Foundation and JSF merger An unpatched security issue in the Kubernetes API is vulnerable to a “billion laughs” attack

While clicking on a link or opening a new browser tab, sometimes, audible video or audio starts playing automatically which is a distraction for many users. Mozilla is trying to solve this problem by introducing an autoplay blocking feature in Firefox 66 for desktop and Android. Firefox 66, expected to roll out on 19th March 2019, will now block audible audio and video by default. Lately, Mozilla has been working towards blocking all auto-playing content. Last year, Mozilla announced that Firefox will no longer allow auto-playing audio in order to cut down on annoying advertisements. Microsoft's Edge, Google's Chrome and, Apple's Safari browser also have taken steps in order to limit auto-playing media. Firefox 66 will allow a site to play audio or video aloud only via the HTMLMediaElement API, once a web page has some kind of user interaction (such as mouse click on the play button) to initiate the audio. In this case, any playback that happens before the user has interacted with a page via a mouse click, printable key press, or touch event, will be counted as autoplay and will be blocked if it is audible. Firefox expresses a blocked play() call to JavaScript by rejecting HTMLMediaElement.play() with a NotAllowedError. This is how most browsers function to express a block. Muted autoplay is still allowed as the script can set the “muted” attribute on HTMLMediaElement to true, and autoplay will work. The existing block autoplay implementation in Android and desktop will be replaced with this new feature. According to Mozilla’s official blog post, “In general, the advice for web authors when calling HTMLMediaElement.play(), is to not assume that calls to play() will always succeed, and to always handle the promise returned by play() being rejected.” Users can still opt out of this blocker, for sites that they don't mind playing media by default. There will be an icon which will pop up in the URL bar to indicate that auto-playing media has been blocked, and clicking on it will bring up a menu that will allow users to change the settings. In order to avoid having the audible playback blocked, website owners should only play media inside a click or keyboard event handler, or on mobile in a touchend event. Firefox 66 will also automatically allow autoplaying video on sites that the user has granted access to their cameras and microphones. Since these sites are typically for video conferencing, it would make sense allow if they work uninterrupted. Mozilla is also working on blocking autoplay for Web Audio content, but have not yet finalized the implementation. The autoplay Web Audio content blocking is expected to be shipped some time this year. Mozilla releases Firefox 65 with support for AV1, enhanced tracking protection, and more! Firefox now comes with a Facebook Container extension to prevent Facebook from tracking user’s web activity Mozilla disables the by default Adobe Flash plugin support in Firefox Nightly 69