Tech News - Web Development

Yesterday, Mozilla announced the first preview of a redesigned version of Firefox for Android, called Firefox Preview. It is powered by the GeckoView rendering engine and will eventually replace the current Firefox app for Android. Why Mozilla is introducing a new Firefox for Android Back in 2016, Mozilla introduced Firefox Focus, a privacy-focused mobile browser for Android and iOS users. It was initially launched as a tracker-blocking application and then was developed into a minimalistic browser app. The team has been putting their efforts into improving the Firefox Focus app. However, the demand for a full-fledged private and secure mobile browsing experience has increased in recent years. The team realized this could be best addressed by launching a new browser app that is similar to Focus, but provides all the "ease and amenities of a full-featured mobile browser." Sharing the idea behind the new browser, Firefox Mobile Team said, "With Firefox Preview, we’re combining the best of what our lightweight Focus application and our current mobile browsers have to offer to create a best in class mobile experience." What features does Firefox Preview come with Unlike some of the major browsers that use the Blink rendering engine, Firefox Preview is backed by GeckoView. This gives Firefox and its users the independence of making decisions for what they want in the browser instead of enforcing whatever Google decides. GeckoView also accounts for “greater flexibility in terms of the types of privacy and security features" Mozilla can offer its mobile users.” Following are some of the features Firefox Preview offers: Up to two times faster: It is up to two times faster as compared to the previous versions of Firefox for Android. Minimalistic design: It comes with a minimalist start screen and bottom navigation bar to enable you get things done faster on the go. Includes Collections, a new take on bookmarks: Its Collections feature allows you to save, organize, and share collections of sites. Tracking Protection on by default: It comes with Tracking Protection on by default giving you freedom from advertising trackers and other bad actors. As a side effect, this also gives a faster browsing experience. This is an early version of the experimental browser for Android users based on GeckoView, which means there are many features like support for ad blocking extensions, Reader Mode is not yet available. You can try it out and provide feedback for improvements to the team via email or on Github. Check out the official announcement by Mozilla to know more. Mozilla introduces Track THIS, a new tool that will create fake browsing history and fool advertisers Mozilla releases Firefox 67.0.3 and Firefox ESR 60.7.1 to fix a zero-day vulnerability, being abused in the wild Mozilla to bring a premium subscription service to Firefox with features like VPN and cloud storage

Web visualization has been one of the most interesting themes to have emerged in the last 4-5 years. It allows developers to create interesting insight based apps, interactive maps business intelligence based charts & reports and then compile them right in your browser. Three.js, D3.js, Chart.js are few of the top libraries and frameworks that are most popular presently. The latest addition to this list is P5.js. P5.js is a JavaScript library that acts as a software sketchbook and allows the developers to use the whole browser as a canvas. The main goal of P5.js is to make coding accessible for artists, designers, entrepreneurs and others who want to create their own browser based visualizations with a custom touch. The inherent technology behind P5.js is Processing which is a sketch software/language for artists. To include a larger set of developers and designers into the fold, P5.js has incorporated coding in JavaScript. You can use it with DOM and hence this is as developer friendly as it is easily accessible by artists. P5.js has also add-on libraries that make it easier to interact with other HTML5 objects including text, video, webcam, sound etc. You can get started with P5.js by downloading the complete set-up file or the minified version of it from the official P5.js page. You can also start from one of the online versions of P5.js stored in CDN. It comes packed with the Sublime text code editor by default but you can use any code editor of your choice. Other good editor options include Brackets, Atom and OpenProcessing. If you are not using the p5 web editor, then Notepad++ or Eclipse might be good choices for you. P5.js comes with an option to customize the mouse and touch options while you are drawing. Unless a particular touch behavior is declared, the mouse touch assumes the touch of a mobile device which is intuitive and practical. P5.js also allows for Asynchronous JavaScript calls and functions. Loading images, external files, and URLs are generally handled by async functions which makes the overall process faster. There are a few variables and functions that make browser interaction easier, many more to come! windowWidth / windowHeight displayWidth / displayHeight winMouseX / winMouseY fullscreen() Any native JS function can be used easily with you p5.js sketch. One of the core ideas behind p5.js is that your sketch is not just the graphics canvas but the you can draw using the complete length and breadth of your browser. For this reason, there is the p5.dom library that makes it easy to interact with other HTML5 objects, including text, hyperlink, image, input, video, audio, and webcam. There is also a p5.sound library that provides a friendly interface to HTML5 web audio API for loading, playing, and synthesizing sounds. 8 ways to improve your data visualizations Getting started with Data Visualization in Tableau What is Seaborn and why should you use it for data visualization?

Yesterday, the team behind Pale Moon, an open-source web browser introduced Basilisk, which is supposedly a “close twin to Mozilla's Firefox”. Basilisk is an open source web browser which is based on Mozilla’s XML User Interface Language (XUL). It is being introduced as primarily a reference application for development of the XUL platform it builds upon. It features Firefox-style interface and operation. What are the features of Basilisk? It uses Goanna as layout and rendering engine, which is forked off of the Firefox’s browser engine called Gecko. Builds on UXP, a XUL platform in development. As it does not uses Rust or Photon user interface, users can expect the user interface to be similar to Firefox between v29 and v56. It does not use Electrolysis or e10s, which aims to bring multi-process architecture to Firefox. It splits the Firefox browser into a single process for the UI, and several processes for web content, media playback, plugins, etc. It does not require walled-garden extension signing. To provide users a modern web browsing experience it supports the ECMAScript 6 standard of JavaScript. Supports all NPAPI plugins such as Unity, Silverlight, Flash, Java, authentication plugins, etc. Supports XUL/Overlay Mozilla-style extensions. Comes with experimental support for WebExtension. Supports ALSA on Linux Supports WebAssembly Supports advanced Graphite font shaping features Supports modern web cryptography such TLS 1.3, modern ciphers, HSTS, etc. Basilisk is still in its development phase or in beta, which means that it may have some bugs and is provided as-is, with potential defects. Many developers are confused about how Basilisk differs from the Pale Moon browser the team offers and also why anyone would want to use pre-Servo Firefox. While some users say, “My interpretation is that this is mostly a project for the die-hard users who lost support for niche extensions they really liked when XUL left mainstream Firefox... it reads mostly like they intend to maintain it as a time capsule. "No different from last time" is exactly the main selling feature.” To read more in detail, visit Basilisk’s official website. Anti-paywall add-on is no longer available on the Mozilla website The State of Mozilla 2017 report focuses on internet health and user privacy Mozilla introduces new Firefox Test Pilot experiments: Price Wise and Email tabs

Yesterday, the Phoenix web framework announced the release of its latest version, Phoenix 1.4. This release includes new features such as an HTTP2 support, improved development experience with faster compile times, new error pages, and local SSL certificate generation. The community also shipped a new and improved Presence javascript API. Features in the Phoenix 1.4.0 phx_new archive via hex The mix phx.new archive can now be installed via hex, for a simpler, versioned installation experience. The existing Phoenix applications will continue to work on Elixir 1.4. However, the new phx.new archive requires Elixir 1.5+. Support HTTP2 by making a small change Thanks to the release of Cowboy 2, Phoenix 1.4 supports HTTP2 with a single line change to mix.exs. One needs to simply add {:plug_cowboy, "~> 2.0"} to their deps and Phoenix will run with the Cowboy 2 adapter. New phx.gen.cert to aid local SSL development Most browsers require connections over SSL for HTTP2 requests, failure of which can cause them to fallback to HTTP 1.1 requests. To aid local development over SSL, Phoenix now includes a new phx.gen.cert task which generates a self-signed certificate for HTTPS testing in development. Faster Development Compilation The new release has improved compilation speeds have improved due to the contributions to plug and compile-time changes. New Development 404 Page Phoenix’s 404 page (in development) now lists the available routes for the originating router, for example: A new UserSocket for connection info Access to more underlying transport information when using Phoenix channels has been a highly requested feature. The 1.4 release now provides a connect/3 UserSocket callback, which can provide connection information, such as the peer IP address, host information, and X-Headers of the HTTP request for WebSocket and Long-poll transports. New  ‘Presence JavaScript API’ A new, backward compatible Presence JavaScript API has been introduced to both resolve race conditions as well as simplify the usage. Previously, multiple channel callbacks against "presence_state” and "presence_diff" events were required on the client which dispatched to Presence.syncState and Presence.syncDiff functions. Now, the interface has been unified to a single onSync callback and the presence object tracks its own channel callbacks and state. To know more about Phoenix 1.4.0 visit its official website. Mojolicious 8.0, a web framework for Perl, released with new Promises and Roles Web Framework Behavior Tuning Beating jQuery: Making a Web Framework Worth its Weight in Code  

Update: Added response from Rahul Vohra, CEO of Superhuman. Last week, Mike Davidson, the former VP of design at Twitter and founder of Newsvine, questioned the ethics and responsibility of Superhuman, one of Silicon Valley’s most talked about email app in a blog post. He called the app a “surveillance tool” that embed tracking pixels inside emails sent by its customers.  https://twitter.com/mikeindustries/status/1146092247437340672 Superhuman was founded in 2017 by Rahul Vohra with the aims to reinvent the email experience. It is an invitation-only service, mainly targeted towards business users that costs $30/month. Last month, the startup was able to raise a $33 million investment round that was led by Mr. Andreessen’s firm, Andreessen Horowitz and is now valued at $260 million. https://twitter.com/Superhuman/status/1144380806036516864   “Superhuman teaches its users to surveil by default” The email app bundles many modern features like snoozing, scheduling, undo send, insights from social networks, and more. The feature that Davidson talked about was “Read Receipts”, which is an opt-in common feature we see in many messaging email clients that indicates the read/unread status.  Davidson highlights that Superhuman gives you this read/unread status in a very detailed way. It allows sending and receiving emails embedded with tracking pixels, which is a small and hidden image in an email. When the recipient clicks on the email, the image reports a running log of every single time the recipient has opened the mail, including their location, regardless of the email client the recipient is using. The worst part is that it is on by default and many users do not usually bother to change the default settings. Here’s a log that Davidson shared in his post: Source: Mike Davidson’s blog post What do people think of this feature? Many people felt that sharing the number of times an email was read, geolocation of the recipient, and other information is intrusive and violates user privacy. In his post, Davidson talked about several “bad things” people can do using this technology, that the developers might have not even intended for. Some users agreed to this and pointed out that sharing such personal information can prove to be very dangerous for the recipients.  https://twitter.com/liora_/status/1146122407737876481 Others gave the rationale that many email clients are doing the same thing including Gmail, Apple Mail, and Outlook. Embedding tracking pixels in an email is also very commonly used by email marketing platforms.  https://twitter.com/nickabouzeid/status/1144296483778228224 https://twitter.com/bentruyman/status/1146137938121543680 https://twitter.com/chrisgrayson/status/1146319066493313024   As a response to this, Davidson rightly said, “The main point here is: just because technology is being used unethically by others does not mean you should use it unethically yourself. Harmful pesticides have also been around for years. That doesn’t mean you should use them yourself.” Davidson further explained what making such unethical decisions means for a company in the long run. In the beginning days of a company, there are no set principles for its people to make decisions. It is basically what the founders think is right for the company. At that time,  every decision that you make, whether it is good or bad, makes the foundation of what Davidson calls as “decision genome”. He adds, “With each decision a company makes, its “decision genome” is established and subsequently hardened.” He says the decisions that seem small in the beginning actually become the basis of many other big decisions you will make in the future. This will ultimately affect your company’s ethical trajectory. “The point here is that companies decide early on what sort of companies they will end up being. The company they may want to be is often written in things like “core values” that are displayed in lunch rooms and employee handbooks, but the company they will be is a product of the actual decisions they make — especially the tough decisions,” he adds. Many agreed on the point Davidson makes here, and think that this is not just limited to a single company but in fact, the entire ecosystem. David Heinemeier Hansson, the creator of Ruby on Rails, believes that Silicon Valley especially is in serious need for recalibration. https://twitter.com/dhh/status/1146403794214883328 What can be some possible solutions One workaround can be disabling images in email by default since the tracking pixels are sent as images. However, Superhuman does not even allow that. “Superhuman doesn’t even let its own customers turn images off. So merely by using Superhuman, you are vulnerable to the exact same spying that Superhuman enables you to do to others,” Davidson mentions. The next step for Superhuman, Davidson suggests is to apologize and remove this feature. He further recommends that Superhuman should, in fact, protect its users from emails that have tracking pixels. Another mitigation he suggests is to add a “Sent via Superhuman”  signature so that the receiver is aware that their data will be sent to the sender. https://twitter.com/mikeindustries/status/1144360664275673088 If these do not suffice, Davidson gave a harsh suggestion to publicly post surveilled email on Twitter or other websites: https://twitter.com/mikeindustries/status/1144315861919883264 How Superhuman has responded to this criticism Yesterday, Rahul Vohra, the CEO of Superhuman responded that the company understands the severity of sharing such personal information, especially the state or country level location. He further shared what steps the company is taking to address the concerns raised against the feature. He listed the following changes:  We have stopped logging location information for new email, effective immediately. We are releasing new app versions today that no longer show location information. We are deleting all historical location data from our apps. We are keeping the read status feature, but turning it off by default. Users who want it will have to explicitly turn it on. We are prioritizing building an option to disable remote image loading. Many Twitter users appreciated Vohra’s quick response: https://twitter.com/chadloder/status/1146564393884254209 https://twitter.com/yuvalb/status/1146542900559405056 https://twitter.com/kmendes/status/1146569165211234304 Read Davidson’s post to know more in detail. Google announces the general availability of AMP for email, faces serious backlash from users A security researcher reveals his discovery on 800+ Million leaked Emails available online VFEMail suffers complete data wipe out!

Yesterday Mozilla announced Firefox Send to be publicly available, which initially was a “Test Pilot” experiment. Firefox Send is a free file sharing service that allows users to easily and securely share files with end-to-end encryption from any browser. By the end of this week, a beta version of its Android app will also be available to the users. How does Firefox Send work? Firefox Send is intended to be an alternative to email, where larger file attachments are not supported. Users do have cloud storage options like Google Drive and Dropbox, but these can be time-consuming in cases where we just need to share a single file for a limited amount of time. You can use the service by visiting the Firefox Send website, upload your file, and set an expiration period. Additionally, it also provides users an option to password protect their files before sending. You will then get a link that you can share with a recipient. Check out the following video to know how exactly it works: https://www.youtube.com/watch?v=eRHpEn2eHJA Firefox Send comes with various features and advantages Firefox Send maintains the security of your files by providing end-to-end encryption from the moment a file is sent until it is opened. With Firefox Send, you can share files of size up to 1 GB. If you want to share files of size up to 2.5 GB you need to sign up for a free Firefox account. For the file recipients, it is not compulsory to have a Firefox account to access the shared file. They just need to simply click on the received link and download the file. It puts control in the hands of a user by allowing them to choose when a file link gets expired, the number of times their file can be downloaded, and also allows adding an optional password. These features come in handy when you want to give the recipient only one-time or limited access to your files and hence ensures that your information is not available online indefinitely. To know more about Firefox Send, check out the Mozilla official announcement. Mozilla Firefox will soon support ‘letterboxing’, an anti-fingerprinting technique of the Tor Browser Mozilla engineer shares the implications of rewriting browser internals in Rust Common Voice: Mozilla’s largest voice dataset with approx 1400 hours of voice clips in 18 different languages  

Yesterday, the Firefox team disabled the Adobe Flash plugin by default in Firefox Nightly 69, which will be eventually deprecated as per Mozilla’s Plugin Roadmap for Firefox. Users can still activate Flash on certain sites if they want to, through the browser settings. Flash support will be completely removed from the consumer versions of Firefox by early 2020. The Firefox Extended Support Release (ESR) will continue to support Flash till its end-of-life in 2020. Why Mozilla has decided to disable Adobe Flash? In recent years, we have seen a huge growth in web open standards like HTML5, WebGL, and WebAssembly. These technologies now come with various capabilities and functionalities for which we used to have plugins. Now, browser vendors prefer to integrate these capabilities directly into browsers and deprecate plugins. Hence, back in 2017, Adobe announced that along with their technology partners, Google, Mozilla, Apple, Microsoft, and Facebook, it is planning to end-of-life Flash. It also added that by the end of 2020, it will stop updating and distributing the Flash Player and encouraged content creators to migrate any of their content which is in Flash format into new open formats. Following this all the five partners announced their plan of action. Apple already did not supported Flash on iPhone, iPad, and iPod. For Mac users, Flash did not come pre-installed since 2010 and it was by default off if users decided to install it. Facebook announced that they are supporting game developers to migrate their Flash games to HTML5. Google will disable Flash by default in Chrome and remove it completely by the end of 2020. Microsoft also announced that they will phase out Flash from Microsoft Edge and Internet Explorer, eventually leading to the removal of Flash from Windows entirely by the end of 2020. Mozilla releases Firefox 64 and Firefox 65 beta Mozilla shares why Firefox 63 supports Web Components Introducing Firefox Sync centered around user privacy

Yesterday, F5 Networks, the company that offers businesses cloud and security application services, announced that it is set to acquire NGNIX, the company behind the popular open-source web server software, for approximately $670 million. These two companies are coming together to provide their customers with consistent application services across every environment. F5 has been seeing some stall in its growth lately given that its last quarterly earnings have only shown a 4% growth compared to the year before. On the other hand, NGINX continues to show a 100 percent year-on-year growth since 2014. The company currently boasts of 375 million users with about 1,500 customers for its paid services like support, load balancing, and API gateway and analytics. This acquisition will enable F5 to accelerate  ‘time to market’ of its services to customers for building modern applications. F5 plans to enhance the current offerings by NGINX using its security solutions and will also be integrating its cloud-native innovations with NGINX’s load balancing technology. Along with these advancements, F5 will help scale NGINX selling opportunities using its global sales force, channel infrastructure, and partner ecosystem. François Locoh-Donou, President and CEO of F5, sharing his vision behind acquiring NGINX said, “F5’s acquisition of NGINX strengthens our growth trajectory by accelerating our software and multi-cloud transformation”. He adds, “By bringing F5’s world-class application security and rich application services portfolio for improving performance, availability, and management together with NGINX’s leading software application delivery and API management solutions, unparalleled credibility and brand recognition in the DevOps community, and massive open source user base, we bridge the divide between NetOps and DevOps with consistent application services across an enterprise’s multi-cloud environment.” NGINX’s open source community was also a major factor behind this acquisition. F5 will continue investing in the NGINX open source project as open source is a core part of its multi-cloud strategy. F5 expects that this will help it accelerate product integrations with leading open source projects and open doors for more partnership opportunities. Gus Robertson, CEO of NGINX, Inc, said, “NGINX and F5 share the same mission and vision. We both believe applications are at the heart of driving digital transformation. And we both believe that an end-to-end application infrastructure—one that spans from code to customer—is needed to deliver apps across a multi-cloud environment.” The acquisition is now approved by the boards of directors of both F5 and NGINX and is expected to close in the second calendar quarter of 2019. Once the acquisition is complete, the NGINX founders, Gus Robertson, Igor Sysgoev, and Maxim Konovalov will be joining F5 Networks. To know more in detail, check out the announcement by F5 Networks. Now you can run nginx on Wasmjit on all POSIX systems Security issues in nginx HTTP/2 implementation expose nginx servers to DoS attack Security issues in nginx HTTP/2 implementation expose nginx servers to DoS attack  

Masonite, the popular Python web development framework, has released a new version. Masonite 2.0 comes with several new features to Masonite including new status codes, database seeding, built in cron scheduling, controller constructor resolving, speed improvements and much more. A new ‘Tinker’ Command Masonite 2.0 adds a new Tinker command that starts a Python shell and imports the container. It works as a great debugging tool and can be used for verifying that objects are loaded into the container correctly. A new Task Scheduler Masonite 2.0 adds a task scheduler,  a new default package that allows scheduling recurring tasks. You can read about the Masonite Scheduler under the Task Scheduling documentation. Automatic Server Reloading A huge update to Masonite is the new --reload flag on the serve command. Now the server will automatically restart when it detects a file change. You can use the -r flag as a shorthand. Autoloading With the new autoloading feature, you can list directories in the AUTOLOAD constant in the config/application.py file and it will automatically load all classes into the container. Autoloading is great for loading command and models into the container when the server starts up. Database Seeding Support Masonite 2.0 adds the ability to seed the database with dummy data. Seeding the database helps in populating the database with data that would be needed for future development. Explicitly Imported Providers Providers are now explicitly imported at the top of the file and added to the PROVIDERS list, located in config/providers.py. This completely removes the need for string providers and boosts the performance of the application substantially. Status Code Provider Masonite 2 removes the bland error codes such as 404 and 500 errors and replaces them with a cleaner view. It also allows adding of custom error pages. Upgrading from Masonite 1.6 to Masonite 2.0 Masonite 1.6 to Masonite 2.0 has quite a large number of changes and updates in a single release. However, upgrading takes only around 30 mins for an average sized project. Read the Masonite upgrade guide for a step-by-step guide to upgrading. You can read the release notes, for the full list of features. Python web development: Django vs Flask in 2018 What the Python Software Foundation & Jetbrains 2017 Python Developer Survey had to reveal Should you move to Python 3? 7 Python experts’ opinions

Yesterday, Mozilla announced that it is launching two experiments to understand how they can reduce “permission prompt spam” in Firefox. Last year, it did add a feature in Firefox that allows users to completely block the permission prompts. It is now planning to come up with a new option for those who do not want to take such a drastic step. Permission prompts have become quite common nowadays. It allows websites to get user permission for accessing powerful features when needed. But, often it gets annoying for users when they are shown unsolicited, out-of-context permission prompts, for instance, the ones that ask for permission to send push notifications. Mozilla's telemetry data shows that notifications prompt is the most frequently shown permission prompt, with about 18 million prompts shown on Firefox Beta from Dec 25 2018 to Jan 24 2019. Out of these 18 million prompts, not even 3 percent were accepted by users. And 19 percent of the prompts caused users to immediately leave the site. Such a low acceptance of this feature led to the following two conclusions: One, that there are some websites that show the notification prompt without the intent of using it to enhance the user experience, or fail to express their intent in the prompt clearly. Second, there are websites that show the notification permission prompt for too early, without giving users enough time to decide if they want them. To get a better idea on how and when websites should ask for notification permissions, Mozilla is launching these two experiments: Experiment 1: Requiring user interaction for notification permission prompts in Nightly 68 The first experiment involves requiring a user gesture, like a click or a keystroke to trigger the code that requests permission. From April 1st to 29th, requests for permission to use Notifications will be temporarily denied unless they follow a click or keystroke. In the first two weeks, no user-facing notifications will be shown when the restriction is applied to a website. In the last two weeks of this experiment, an animated icon will be shown in the address bar when this restriction is applied. If the user clicks on the icon, they will be presented with the prompt at that time. Experiment 2: Collecting interaction and environment data around permission prompts from release users Mozilla believes that requiring user interaction is not the perfect solution to the permission spam problem. To come up with a better approach, it wants to get more insights about how Firefox users interact with permission prompts. So, they are planning to launch an experiment in Firefox Release 67 to gather information about the circumstances in which users interact with permission prompts. They will collect information about: Have they been on the site for a long time? Have they rejected a lot of permission prompts before? With this experiment, it aims to collect a set of possible heuristics for future permission prompt restrictions. To know more in detail, visit Mozilla’s official blog. Mozilla launches Firefox Lockbox, a password manager for Android Mozilla’s Firefox Send is now publicly available as an encrypted file sharing service Mozilla Firefox will soon support ‘letterboxing’, an anti-fingerprinting technique of the Tor Browser  

Adobe has been searching for a missing piece in its marketing and eCommerce puzzle: an eCommerce platform. Fortunately for Adobe, they seem to have now found that piece, and it comes in the form of Magento. The company announced yesterday that it would be acquiring the popular eCommerce platform for $1.68 billion. That might sound like a weighty sum, but for Adobe - and Magento - it makes sense, especially when you consider just how competitive the marketing, eCommerce and analytics market place is at the moment. Adobe is facing stiff competition from the likes of Salesforce and Oracle. Magento, while still a popular eCommerce platform, is also seeing competition from eCommerce platforms like Shopify and WooCommerce. Adobe and Magento: working together to create a fully integrated marketing solution The result of this move could be a fully integrated marketing platform. The eCommerce and content management aspects would come from Magento, while Adobe would add an extra analytics dimension. This could prove very attractive to both B2C and B2B organizations, who have been faced with choice but repeatedly have to compromise or pick and choose the components they need in their platform strategy. A number of different outlets have remarked on the impressive rise of Magento's value. The company was bought by eBay in 2011 for just $180 million, then went private back in 2015 with help of VC investor Primera Funds. Although this amount was never officially disclosed, it is reported that Primera Funds stumped up $200 million. That's a pretty good return on investment. Although Magento might loos a little dated and maybe even a little small scale for Adobe, who appear more interested in tackling the enterprise and huge B2B organizations than SMEs, with more than 300,000 developers working with Magento the move isn't as outrageous as some might claim. When you consider that some of the largest organizations on the planet - like Coca-Cola - use Magento, it's more than unfair to write the eCommerce platform off. Here's what Brad Rechner, executive VP and General Manager of Digital Experience at Adobe, has to say: “Adobe is the only company with leadership in content creation, marketing, advertising, analytics and now commerce – enabling real-time experiences across the entire customer journey... Embedding commerce into the Adobe Experience Cloud with Magento enables Adobe to make every moment personal and every experience shoppable.” On the Magento side, CEO Mark Lavelle spoke of the combination of "Adobe’s strength in content and data with Magento’s open commerce innovation." Lavelle will remain the head of Magento, but will perform his role from inside Adobe's Digital Experience business. Find out more here. [news.adobe.com] Read next: Introduction to Magento 2

Google’s JavaScript and WebAssembly engine, V8 has hit V8 7.2 yesterday and is currently in beta. The stable version of this release will be out in coordination with Chrome 72 Stable. V8 7.2 comes with support for embedded builtins, public class fields, well-formed JSON.stringify, and more. Following are some of the updates introduced in this version: Support for embedded builtins Embedded builtins are now supported and enabled by default on the ia32 architecture. The main aim of embedded builtins is to eliminate the per-Isolate builtin overhead by making builtins truly isolate-independent. JavaScript parsing As compared to V8 7.0 the parsing speed has improved by roughly 30% in this version. While loading the web pages 9.5% of the V8 time is spent at startup on parsing JavaScript. This parsing is drastically reduced from 9.5% to 7.5% resulting in faster load times and more responsive pages. WebAssembly improvements Code generation is improved in the top execution tier. This version comes enabled node splitting in the optimizing compiler’s scheduler and loop rotation in the backend. Also, this version introduces custom wrappers that reduce overhead in calling imported JavaScript math functions and comes with improved wrapper caching. Async stack traces A new feature called zero-cost async stack traces is introduced, which improves the error.stack property with asynchronous call frames. This feature aims to solve the problem developers were facing that the error.stack property in V8 only provides a truncated stack trace up to the most recent await. It is currently available behind the --async-stack-traces command-line flag. Public class fields This version supports public class fields and support for private class fields is planned for a future V8 release. Well-formed JSON.stringify The well-formed JSON.stringify proposal is implemented in V8 7.2. Previously, JSON.stringify used to return ill-formed Unicode strings if the input had any lone surrogates. To solve this, well-formed JSON.stringify outputs escape sequences for lone surrogates, making its output valid Unicode and representable in UTF-8. You can read the full list of updates on V8’s official website. Google’s V8 7.2 and Chrome 72 gets public class fields syntax; private class fields to come soon Chrome V8 7.0 is in beta, to release with Chrome 70 V8 JavaScript Engine releases version 6.9!

On Friday, a study was published on WhoTracks.me where the performance of the most commonly used ad blockers was analyzed. This study was motivated by the recent Manifest V3 controversy, which reveals that Google developers are planning to introduce an update that could lead to crippling all ad blockers. What update Chrome developers are introducing? The developers are planning to introduce an alternative to the webRequest API named the declrativeNetRequest API, which limits the blocking version of the webRequest API. According to Manifest V3, the declarativeNetRequest API will be treated as the primary content-blocking API in extensions. The Chrome developers listed two reasons behind this new update, one was performance and the other was better privacy guarantee to users. What this API does is, allow extensions to tell Chrome what to do with a given request, rather than have Chrome forward the request to the extension. This allows Chrome to handle a request synchronously. One of the ad blocker maintainers have reported an issue on the Chromium bug tracker for this feature: “If this (quite limited) declarativeNetRequest API ends up being the only way content blockers can accomplish their duty, this essentially means that two content blockers I have maintained for years, uBlock Origin (“uBO”) and uMatrix, can no longer exist.” What the study by Ghostery revealed? This study addresses the performance argument made by the developers. For this study, the Ghostery team analyzed the network performance of the most commonly used ad blockers: uBlock Origin, Adblock Plus, Brave, DuckDuckGo and Cliqz'z Ghostery. The study revealed that these content-blockers, except DuckDuckGo, have only sub-millisecond median decision time per request. This small amount of time will not have any overhead noticeable by users. Additionally, the efficiency of content blockers is continuously being improved with innovative approaches or with the help of technologies like WebAssembly. How Google developers reacted to this study and all the feedbacks surrounding Manifest V3? Following the publication of the study and after looking at the feedbacks, Devlin Cronin, a Software Engineer at Google, clarified that these changes are not really meant to prevent content blocking. Cronin added that the changes listed in Manifest V3 are still in the draft and design stage. In the Google group, Manifest V3: Web Request Changes, Cronin said, “We are committed to preserving that ecosystem and ensuring that users can continue to customize the Chrome browser to meet their needs. This includes continuing to support extensions, including content blockers, developer tools, accessibility features, and many others. It is not, nor has it ever been, our goal to prevent or break content blocking.” The team is not planning to remove the webRequest API. Cronin added, “In particular, there are currently no planned changes to the observational capabilities of webRequest (i.e., anything that does not modify the request).” Based on the feedback and concerns shared, the Chrome team did do some revisions including adding support for the dynamic rule to the declarativeNetRequest API. They are also planning to increase the ruleset size, which was 30k earlier. Users are, however, not convinced by this clarification. One user commented on Hacker News, “Keep in mind that their story about performance has been shown to be a complete lie. There is no performance hit from using webRequest like this. This is about removing sophisticated ad blockers in order to defend Google's revenue stream, plain and simple.” Coincidentally, a Chrome 72 upgrade seems to break ad blockers in a way that they can’t see or block analytics anymore if the web page uses a service worker. https://twitter.com/jviide/status/1096947294920949760 Chromium developers propose an alternative to webRequest API that could result in existing ad blockers’ end Regulate Google, Facebook, and other online platforms to protect journalism, says a UK report Google announces the general availability of a new API for Google Docs

Last week, Stack Overflow users took to its Meta site to express their concern regarding the communication breakdown between the site and its community. The users highlighted that Stack Overflow has repeatedly failed at consulting the community before coming up with a major change recent being removal of the “Hot Meta Posts” section. “It has become a trend that changes ("features") are pushed out without any prior consultation. Then, in the introductory meta post of said change, push-back is shown by the community and as a result, once again, everyone is left with a bad taste in their mouth from another sour experience,” a user wrote. The backlash comes after Stack Overflow announced last week that it is removing the “Hot Meta Posts” section from its right sidebar. This section listed questions picked semi-randomly every 20 minutes from all posts scoring 3 or more and posted within the past two weeks. As an alternative, moderators can highlight important posts with the help of the “featured” tag. Some of the reasons that it cited for removing this feature were that Meta hasn’t scaled very well since its introduction and the questions on the “Hot Meta Posts” section does not really look ideal for attracting new people. Sara Chipps, an Engineering Manager at StackOverflow, further said that the feature was also affecting the well-being of Stack Overflow employees. “Stack Overflow Employees have panic attacks and nightmares when they know they will need to post something to Meta. They are real human beings that are affected by the way people speak to them. This is outside of the CM team, who have been heroes and who I constantly see abused here,” she wrote. Earlier this month, Stack Overflow faced a similar backlash when it updated its home page. Many users were upset that the page was giving more space to Stack Overflow’s new proprietary products while hiding away the public Q&A feature, which is the main feature Stack Overflow is known for. The company apologized and acted on the feedback. However, users think that this has become a routine. A user added, “It's almost as though you (the company, not the individual) don't care about the users (or, from a cynic's perspective, are actively trying to push out the old folks to make way for the new direction SO is headed in) who have been participating for the best part of a decade.” Some users felt that Stack Overflow does consult with users but not out in the open. “I think they are consulting the community, they're just doing it non publicly and in a different forum, via external stakeholders and interested people on external channels, via data science, and via research interviews and surveys from the research list,“ a user commented. Yaakov Ellis, a developer in the Community dev team at Stack Overflow, assured that Stack Overflow is committed to making the community feel involved. It has no intention to cease the interaction between the company and the community. However, he did admit that there is “internal anxiety” to be more open to the community about the different projects and initiatives. He listed the following reasons: Plans can change, and it is more awkward to do that when it is under the magnifying glass of community discussion.  Functionality being worked on can change direction. Some discussions and features may not be things that the Meta community will be big fans of. And even if we believe that these items are for the best, there will also be times when (with the best intentions), as these decisions have been made after research, data, and users have been consulted, the actual direction is not up for discussion. We can't always share those for privacy purposes, and this causes the back and forth with objectors to be difficult. He further said that there is a need to reset some expectations regarding what happens with the feedback provided by the users. “We value it, and we absolutely promise to listen to all of it [...], but we can't always take the actions that folks here might prefer. We also can't commit to communicating everything in advance, especially when we know that we're simply not open to feedback about certain things, because that would be wasting people's time. Do Google Ads secretly track Stack Overflow users? Stack Overflow confirms production systems hacked Stack Overflow faces backlash for its new homepage that made it look like it is no longer for the open community

Yesterday, the Mastodon team released Mastodon 2.7, which comes with major improvements to the admin interface, a new moderation warning system, and more. Mastodon is a free, open-source social network server, which is based on open web protocols like ActivityPub and OStatus. This server aims to provide users with a decentralized alternative to commercial social media silos and returns the control of the content distribution channels to the people. Profile directory The new profile directory allows users to see active posters on a given Mastodon server and filter them by the hashtags in their profile bio. With profile directory, users can find people with common interests without having to read through public timelines. A new moderation warning system This version comes with a new moderation warning system for Mastodon. Moderators can now inform users if their account is suspended or disabled. They can also send official warnings via e-mails, which are reflected in the moderator interface to keep other moderators up to date. Improvements in the administration interface Mastodon 2.7 combines administration interfaces for known servers and domain blocks into a common area. Users can see information like the number of accounts known from a particular server, the number of accounts followed from your server, the number of individuals blocked or reported, etc. A registration API A new registration API is introduced, which allows apps to directly accept new registration from their users, instead of having to send them to a web browser. Users still receive a confirmation e-mail when they sign up through the app, which contains an activation link that can open the app. New commands for managing a Mastodon server The tootctl command-line utility used for managing a Mastodon server has received two new commands: tootctl domains crawl: You can scan the Mastodon network to discover servers and aggregate statistics about Mastodon’s usage. tootctl accounts follow: You can make the users on your server follow a specified account. This command comes in handy in cases where an administrator needs to change their account. You can read the full list of improvements in Mastodon 2.7 on its website. How Dropbox uses automated data center operations to reduce server outage and downtime Obfuscating Command and Control (C2) servers securely with Redirectors [Tutorial] Fortnite server suffered a minor outage, Epic Games was quick to address the issue