Tech News - Web Development

Yesterday, the team behind Google Chrome’s JavaScript and WebAssembly engine, V8 announced the release of V8 7.5 beta. As per V8’s release cycle, its stable version will release in coordination with Chrome 75 stable release, which is expected to come out early June. This release comes with WebAssembly implicit caching, bulk memory operations, JavaScript numeric separators for better readability, and more. Few updates in V8 7.5 Beta WebAssembly implicit caching The team is planning to introduce implicit caching of WebAssembly compilation artifacts in Chrome 75, which is similar to Chromium’s JavaScript code cache. Code caching is an important way of optimizing browsers, which reduces the start-up time of commonly visited web pages by caching the result of parsing and compilation. This essentially means that if a user visits the same web page a second time, the already-seen WebAssembly modules will not be compiled again, and will instead be loaded from the cache. WebAssembly bulk memory operations V8 7.5 will come with a few new WebAssembly instructions for updating large regions of memory or tables. The following are some of these instructions: memory.fill: It fills a memory region with a given byte. memory.copy: It copies data from a source memory region to a destination region, even if these regions overlap. table.copy: Similar to memory.copy, it copies from one region of a table to another, even if the regions are overlapping. JavaScript numeric separators for better readability The human eye finds it difficult to quickly parse a large numeric literal, especially when it contains long digit repetitions, for instance, 10000000. To improve the readability of long numeric literals, a new feature is added that allows using underscores as a separator creating a visual separation between groups of digits. This feature works with both integers and floating point. Streaming script source data directly from the network In previous Chrome versions, the script source data coming in from the network always had to first go to the Chrome main thread before it was forwarded to the streamer. This made the streaming parser to wait for data that has already arrived from the network but hadn’t been forwarded to the streaming task yet because it was blocked at the main thread. Starting from Chrome 75, V8 will be able to stream scripts directly from the network into the streaming parser, without waiting for the Chrome main thread. To know more, check out the official announcement on V8 Blog. Electron 5.0 ships with new versions of Chromium, V8, and Node.js Introducing Node.js 12 with V8 JavaScript engine, improved worker threads, and much more V8 7.2 Beta releases with support for public class fields, well-formed JSON.stringify, and more  

Last year in October, the Node.js and JS Foundations announced their intent to create a joint organization. After six months of analyzing community feedback, deliberation, and collaboration, the two foundations finally merged into the OpenJS Foundation on Tuesday. https://twitter.com/nodejs/status/1105500455864598528 Dave Methvin, Technical Advisory Committee Chair, JS Foundation, explaining the motivation behind this merger said in the announcement, “This is an exciting step forward for the entire open source JavaScript community, as it strengthens the impact of our collective efforts under one united Foundation. A new merged Foundation is able to better serve the community and members to grow the JavaScript ecosystem from a technology and standards perspective.” The OpenJS Foundation is backed by 30 corporate and end-user members including Google, Microsoft, IBM, PayPal, and GoDaddy. It currently hosts a wide range of projects including Appium, Dojo, jQuery, Node.js, webpack, and many more. Goals of the OpenJS Foundation Providing resources and accelerating the development The OpenJS Foundation is responsible for expanding the JavaScript community and accelerating the development of JavaScript and other key ecosystem projects. It will provide financial and marketing resources to support projects and working groups. It will act as one stop for all projects within the open JavaScript community for fulfilling their infrastructure, technical, and marketing needs. Combined governance structure The merger will provide a combined governance structure to enable all projects, regardless of their sizes, to benefit from experienced mentors as they progress through the project life cycle. It will encourage collaboration across the JavaScript ecosystem and affiliated standard bodies to create a single home for any project in the JavaScript ecosystem. Improved membership experience The OpenJS Foundation brings together the goals of both the JavaScript and Node.js foundations, so companies or organizations that want to support JavaScript will no longer have to choose between the two. This will also eliminate the operational redundancies between the two organizations and streamline the experience for member companies that provide financial support. Additionally, it will provide a single point of entry to new and prospective members for getting involved in open source JavaScript project and create a simpler and more engaging experience for them. Many Twitter users were excited about this announcement and believe that this a major step towards the overall growth of the JavaScript open source ecosystem. https://twitter.com/gauravseth/status/1105888912608681984 https://twitter.com/agoric/status/1105534569992806400 To know more in detail, check out the official announcement. Node.js and JS Foundation announce intent to merge; developers have mixed feelings Node.js announces security updates for all their active release lines for August 2018 Why use JavaScript for machine learning?  

Google’s decision to hide the special-case subdomains, “www” and “m” in Chrome M69 received a huge backlash from the public last year. Following this backlash, the Chrome team did roll back the change. However, this Wednesday the team announced that they are planning to hide “https” and “www” in Chrome omnibox on desktop and Android in M76. In other news, the team is splitting the HTTP cache to prevent side-channel leakage. Chrome to hide https and www from URLs Citing the reason behind reaching this conclusion, the Chrome team said that it is to improve the “simplicity, usability, and security of UI surfaces.” With this change, the team aims to hide away all the distractions and make URLs easier to read and understand for users. Emily Schechter, Product Manager, Chrome Security at Google, wrote on Chromium Issue tracker, “In Sept 2018, we rolled out a change to hide special-case subdomains “www” and “m”. Per my above message on this thread, we rolled back these changes, and announced our intent to re-ship an adjusted version: we will hide “www” but not “m”.” She added, “For several months, we’ve had this version enabled in our Canary, Dev and Beta channels and are confident that it is ready to be enabled in the Stable channel as well.” The Chrome team, together with other browser representatives, has also added a “Simplify non-human-readable or irrelevant components” section in the web URL standard. The section recommends browsers to omit components that can “provide opportunities for spoofing or distract from security-relevant information.” The team has also built an extension named Suspicious Site Reporter for Chrome using which you can identify suspicious sites and report them to Safe Browsing. With this extension, users will be able to see the full URL with no scheme or subdomain hiding. You can also see the full URL by clicking twice in the URL bar on the desktop, and once on mobile. What the public thinks about this change Users have pretty mixed feelings about this update. While some think that this is a step towards making Google a monopoly, others believe that this does simplify URLs for non-technical users. Expressing their concern on Hacker News, a user said, “...these "improvements" in Chrome are meant to make google the defacto interface for using the web. Imagine a world where 99% of users do not have any concept of URLs or any other fundamental WWW concepts. Instead, they open Chrome type whatever they want and get the results.” Some users also highlighted that this update could raise security concerns as well. “Let's assume that you have a blog platform offering subdomains for each user and 'm.blogplatform.com' is available. Now, any user can get that subdomain and impersonate the homepage because Emily from Chromium decided that eliding parts of the URL without any spec is a reasonable decision,” a user added. Apple’s browser, Safari also only shows the domain and lock icon to indicate the legitimacy of a website’s certificate. Since Apple did not receive this amount of user backlash, some felt that the backlash is just the result of people losing trust in the big tech. A user commented, “...collective shrug when Apple hides the URL, but if Google does so we get huge outrage and assumptions that this must clearly be done primarily for malicious reasons.” You can read the full conversation about this update on Chromium’s bug tracker. Chrome to split the HTTP Cache to prevent cross-origin leakage Currently, the HTTP cache stores resources for each of its entries in a single bucket, which is shared among the origins. So, when loading the same resource these origins will refer to the same cache entry. This can lead to a side-channel attack in which a site can detect whether another site has loaded a resource by going through the cache. To prevent this attack, the Chrome team is planning to partition the HTTP cache by the origin of the page’s top-frame. You can read more about this update on the Chrome Platform Status site. Edge, Chrome, Brave share updates on upcoming releases, recent milestones, and more at State of Browsers event Google plans to remove XSS Auditor used for detecting XSS vulnerabilities from its Chrome web browser Cloud Next 2019 Tokyo: Google announces new security capabilities for enterprise users

This year’s Google IO 2019 was meant to be big, and it didn't disappoint at all. There's a lot of big news to talk about as it introduced and showcased exciting new products, updates, features and functionalities for a much better user experience. Google I/O kicked off yesterday and it will run through Thursday May 9 at the Shoreline Amphitheater in Mountain View, California. It has approximately 7000 attendees from all around the world. “To organize the world’s information and make it universally accessible and useful. We are moving from a company that helps you find answers to a company that helps you get things done. Our goal is to build a more helpful Google for everyone.” Sundar Pichai, Google CEO commenced his Keynote session with such strong statements. He further listed a few recent tech advances and said “We continue to believe that the biggest breakthroughs happen at the intersection of AI.” He then went on to discuss how Google is confident that it can do more AI without private data leaving your devices, and that the heart of the solution will be federated learning. Basically, federated learning is a distributed machine learning approach which enables model training on a large corpus of decentralized data. It enables mobile phones at different geographical locations to collaboratively train a machine learning model without transferring any data that may contain personal information from the devices. While the keynote lasted for nearly two hours, some of the breakthrough innovation in tech were introduced which will be briefed in detail moving ahead in the article. Google Search at Google IO 2019 Google remains a search giant, and that's something it has not forgotten at Google IO 2019. However, search is about to become far more visually rich, thanks to the inclusion of AR camera trick which is now introduced directly into search results. They held an on-stage demonstration at Google IO which showed how a medical student could search for a muscle group, and be presented within mobile search results with a 3D representation of the body part. Not only could it be played with within the search results, it could be placed on the user’s desk to be seen at real scale from their smartphone’s screen. Source: Google And even larger things, like an AR shark, could be put into your AR screen, straight from the app. The Google team showcased this feature as the shark virtually appeared live in front of the audience. Google Lens bill splitting and food recommendations Google Lens was something which caught audience’s interest in the Google's App arsenal. Lens was presented in a way that it can use image recognition to deliver information based on what your camera is looking at. A demo was shown on how a combination of mapping data and image recognition will let Google Lens make recommendations from a restaurant’s menu, just by pointing your camera at it. And when the bill arrives, point your camera at the receipt and it'll show you tipping info and bill splitting help. They also announced their partnership with recipe providers to allow Lens to produce video tutorials when your phone is pointed at a written recipe. Source: Google Debut of Android Q beta 3 version At Google IO Android Q beta 3 was introduced, it is the 10th generation of the Android operating system, and it comes with new features for phone and tablet users. Google announced that there are over 2.5 billion active Android devices as the software extends to televisions, in-car systems and smart screens like the Google Home Hub. Further it was discussed how the Android will work with foldable devices, and how it will be able to seamlessly tweak its UI depending on the format and ratio of the folding device. Another new feature of live caption system in Android Q will turn audio instantly into text to be read. It's a system function triggered within the volume rocker menu. They can be tweaked for legibility to your eyes, doesn't require an internet connection, and happens on videos that have never been manually close-captioned. It's at an OS level, letting it work across all your apps. Source: Google The smart reply feature will now work across all messaging apps in Android Q, with the OS smartly predicting your text. The Dark Theme activated by battery saver or the quick tile was introduced. Lighting up less pixels in your phone will save its battery life. Android Q will also double down on security and privacy features, such as a Maps incognito mode, reminders for location usage and sharing (such as only when a delivery app is in use), and TLSV3 encryption for low end devices. Security updates will roll out faster too, updating over the air without a reboot needed for the device. With Android Q Beta 3 which will be launched today on 21 new devices, Google also announced that it will make Kotlin, a statically typed programming language for writing its Android apps. Chrome to be more transparent in terms of cookie control Google announced that it will update Chrome to provide users with more transparency about how sites are using cookies, as well as simpler controls for cross-site cookies. A number of changes will be made to Chrome to enable features, like modifying how cookies work so that developers need to explicitly specify which cookies are allowed to work across websites — and could be used to track users. The mechanism is built on the web's SameSite cookie attribute and you can find the technical details on web.dev. In the coming months, Chrome will require developers to use this mechanism to access their cookies across sites. This change will enable users to clear all such cookies while leaving single domain cookies unaffected, preserving user logins and settings. It will also enable browsers to provide clear information about which sites are setting these cookies, so users can make informed choices about how their data is used. This change also has a significant security benefit for users, protecting cookies from cross-site injection and data disclosure attacks like Spectre and CSRF by default. They further announced that they will eventually limit cross-site cookies to HTTPS connections, providing additional important privacy protections for our users. Developers can start to test their sites and see how these changes will affect behavior in the latest developer build of Chrome. They have also announced Flutter for web, mobile and desktop. It will allow web-based applications to be built using the Flutter framework. The core framework for mobile devices will be upgraded to Flutter 1.5. And for the desktop, Flutter will be used as an experimental project. “We believe these changes will help improve user privacy and security on the web — but we know that it will take time. We’re committed to working with the web ecosystem to understand how Chrome can continue to support these positive use cases and to build a better web.” says Ben Galbraith - Director, Chrome Product Management and Justin Schuh - Director, Chrome Engineering Next generation Google Assistant Google has been working hard to compress and streamline the AI that Google Assistant taps into from the cloud when it is processing voice commands. Currently every voice request has to be run through three separate processing models to land on the correctly-understood voice command. It is only data that until now has taken up 100GB of storage on many Google servers. But that's about to change. As Google has figured how to shrink that down to just 500MB of storage space, and to put it on your device. This will help lower the latency between your voice request and the task you've wished to trigger being carried out. It's 10x faster - 'real time', according to Google. It also showed a demo where, a Google rep fired off a string of voice commands that required Google Assistant to access multiple apps, execute specific actions, and understand not only what the rep was saying, but what she actually meant. For example she said, “Hey Google, what’s the weather today? What about tomorrow? Show me John Legend on Twitter; Get a Lyft ride to my hotel; turn the flashlight on; turn it off; take a selfie.” Assistant executed the whole sequence flawlessly, in a span of about 15 seconds. Source: Google Further demos showed off its ability to compose texts and emails that drew on information about the user’s travel plans, traffic conditions, and photos. And last but not the least it can also silence your alarms and timers by just saying 'Stop' to help you go back to your slumber. Google Duplex gets smarter Google Duplex is a Google Assistant service which earlier use to make calls and bookings on your behalf based on the requests. But now It's getting more smarter as it comes with the new 'Duplex on the web' feature. Now you can ask Google Duplex to plan a trip, and it'll begin filling in website forms such as reservation details, hire car bookings and more, on your behalf. And it only awaits you to confirm the details it has input. Google Home Hub is dead, Long live the Nest Hub Max At Google IO, the company announced it was dropping the Google Home moniker, instead rebranding its devices with the Nest name, bringing them in line with its security systems. The Nest Hub Max was introduced, with a camera and larger 10-inch display. With a built-in Nest Cam wide-angle lens security camera (127 degrees), which the original Home Hub omitted due to privacy concerns, it's now a far more security-focussed device. It also lets you make video calls using a wide range of video calling apps. Cameras and mics can be physically switched off with a slider that cuts off the electronics, for the privacy-conscious. Source: Google Voice and Face match features, allowing families to create voice and face models, will let the Hub Max know to only show an individual's information or recommendations. It'll also double up as a kitchen TV, if you've access to YouTube TV plans, and lowering the volume is as simple as raising your hand in front of the display. It'll be launched this summer for $229 in the US, and AU$349 in Australia. The original Hub also gets a price cut to $129 / AU$199. Other honorable mentions Google Stadia: Google had introduced its new game-streaming service, called Stadia in March. The service uses Google’s own servers to store and run games, which you can then connect to and play whenever you’d like on literally any screen in your house including your desktop, laptop, TV, phone and tablet. Basically, if it’s internet-connected and has access to Chrome, it can run Stadia. Today at I/O they announced that Stadia will not only stream games from the cloud to the Chrome browser but on the Chromecast, and other Pixel and Android devices. They plan to launch ahead this year in the US, Canada, UK, and Europe. A cheaper Pixel phone: While other smartphones are getting more competitive in terms of pricing, Google introduced its new Pixel 3a which is less powerful than the existing Pixel 3, and at a base price of $399, which is half as expensive as Pixel 3. In 2017 Forbes had done an analysis on why Google Pixel failed in the market and one of the reason was its exorbitant high price. It states that the tech giant needs to come to the realization that its brand in the phone hardware business is just not worth as much as Samsung's or Apple's that it can command the same price premium. Source: Google “Focus mode:” A new feature coming to Android P and Q devices this summer will let you turn off your most distracting apps to focus on a task, while still allowing text messages, calls, and other important notifications through. Augmented reality in Google Maps: AR is one of those technologies that always seems to impress the tech companies that make it more than it impresses their actual users. But Google may finally be finding some practical uses for it, like overlaying walking directions when you hold up your phone’s camera to the street in front of you. Incognito mode for Google Maps: It also announced a new “incognito” mode for Google Maps, which will stop keeping records of your whereabouts while it’s enabled. And they will further roll out this feature in Google Search and YouTube. Google I/O 2019: Flutter UI framework now extended for Web, Embedded, and Desktop You can now permanently delete your location history, and web and app activity data on Google Google’s Sidewalk Lab smart city project threatens privacy and human rights: Amnesty Intl, CA says

Another “code playground” Electron Fiddle comes into the market for enabling developers create, share, and play with small Electron experiments. Electron Fiddle attempts to bring this “fiddling effect” to Electron, a framework for creating cross-platform native applications with web technologies like JavaScript, HTML, and CSS. It provides you with a quick-start template - just change few things, choose the Electron version you want to run it with, and play around. It also gives you an option of saving it as GitHub Gist or to a local folder and anyone can try your Fiddle by just entering it in the address bar. How Electron Fiddle works? 1. Each Fiddle has three files: A Main script A renderer script An HTML file Source: GitHub 2. Choose an Electron Version: Electron Fiddle knows about all released Electron versions. Open the Preferences window to see all available versions, download them and delete the ones which you don’t need. Source: GitHub 3. Run your Fiddle: Hit the RUN button to give your Fiddle a try and start it. Source: GitHub 4. Share your Fiddle: Save your Fiddle as a public GitHub Gist - this will allow other users to load it by pasting the URL into the address bar. If they don't have Electron Fiddle, they can see and download your code directly from GitHub. Source: GitHub You can also package your Fiddle as a standalone binary or as an installer from the Tasks menu: Source: GitHub What are the features it comes with? A good coding experience It uses Monaco Editor by Microsoft, which also powers VS Code, giving users the common benefits of a modern code editor: Code highlighting Basic JavaScript error checking Refactoring Auto-completion Share your work with the community If you are eager to share your work or a bug with the Electron community, you can do that just with a click of a button. To make your Fiddle accessible to those who do not have Electron Fiddle installed, you can share it as a GitHub Gist. Compile and package your Fiddle as an app   With the help of Electron Forge, a command line interface for Electron applications, you can turn your Fiddles into binaries and share it as a app for Windows, macOS, or Linux. A good starting point, continue anywhere you like If you have just started using Electron, Electron Fiddle provides you with a basic introduction of the Fiddle and usage examples for every single Electron APIs. You can export your project with or without electron-forge and then use your favorite editor for further development. With an easy installation process you can start using and experimenting with Electron Fiddle now! You can download it from its GitHub repository. To know more, refer to the announcement on Medium by Felix Rieseberg. HTML5 and the rise of modern JavaScript browser APIs [Tutorial] How to build a weather app using Kotlin for JavaScript Firefox 60 arrives with exciting updates for web developers: Quantum CSS engine, new Web APIs and more

React Conf 2018 was held on October 25-26 in Henderson, Nevada USA. In this conference, the React team introduced Hooks, that allows you to use React without classes. On the second day, they spoke about time slicing, code-splitting, and introduced the React Cache and Scheduler APIs that we will see in the coming releases. Day 1: Unveiling Hooks React conf 2018 was kick-started by Sophie Alpert, Engineering Manager at Facebook. She highlighted that many big companies like Amazon, Apple, Facebook, Google are using React and that there has been a huge increase in npm downloads. React’s primary mission is to allow web developers to create great UIs. This is enabled by these three properties of React: Simplifying things that are difficult Focusing on performance Developer tooling But there are still few limitations in React that need to be addressed to achieve the mission React aims for. It doesn’t provide a stateful primitive that is simpler than class component. One of the earlier solutions to this was Mixins, but it has come to be known for introducing more problems than solving the problems. Here are the three limitations that were discussed in the talk: Reusing logic between multiple components: In React, sharing code is enabled by two mechanisms, which are higher-order components and render props. But to use them you will need to restructure your component hierarchy. Giant components: There are many cases when the components are simple but grow into an unmanageable mess of stateful logic and side effects. Also, very often we see the lifecycle methods ending up with a mix of unrelated logic. This makes it quite difficult to break these components into smaller ones because the stateful logic is all over the place. Confusing classes: Understanding classes in JavaScript is quite difficult. Classes in JavaScript work very differently from how they work in most languages. You have to remember to bind the event handlers. Also, classes make it difficult to implement hot-reloading reliably. In order to solve these problems in React, Dan Abramov introduced Hooks, followed by Ryan Florence demonstrating how to refactor an application to use them. Hooks allows you to “hook into” or use React state and other React features from function components. The biggest advantage is that Hooks don’t work inside classes and let you use React without classes. Day 2: Concurrent rendering in React On day 2 of the React Conf, Andrew Clark spoke about concurrent rendering in React. Concurrent rendering allows developers to invest less time thinking about code, and focus more on the user experience. But, what exactly is concurrent rendering? Concurrent rendering can work on multiple tasks at a time, switching between them according to their priority. With concurrent rendering, you can partially render a tree without committing the result to the DOM. It does not block the main thread and is designed to solve real-world problems commonly faced by UI developers. Concurrent rendering in React is enabled by the following: Time Slicing The basic idea of time slicing is to build a generic way to ensure that high-priority updates don't get blocked by a low-priority update. With time slicing the rendered screen is always consistent and we don’t see visual artifacts of slow rendering causing a poor user experience. These are the advantages time slicing comes with: Rendering is non-blocking Coordinate multiple updates at different priorities Prerender content in the background without slowing down visible content Code-splitting and lazy loading with lazy() and Suspense You can now render a dynamic import as a regular component with the React.lazy() function.  Currently, React.lazy only supports default exports. You can create an intermediate module to re-export a module that uses named exports. This ensures that tree-shaking keeps working and that you don’t pull in unused components. By the time a component renders, we must show some fallback content to the user, for example, a loading indicator. This is done using the Suspense component. It is a way for components to suspend rendering while they load async data. It allows you to pause any state update until the data is ready, and you can add async loading to any component deep in the tree without plumbing all the props and state through your app and hoisting the logic. The latest React 16.6 comes with these two features, that is, lazy and Suspense. Hooks was recently released with React 16.7-alpha. In the coming releases, we will see two new APIs called React Cache and Scheduler. You can watch the amazing demos by the React developers, to understand these new concepts in more detail. React introduces Hooks, a JavaScript function to allow using React without classes React 16.6.0 releases with a new way of code splitting, and more! InfernoJS v6.0.0, a React-like library for building high-performance user interfaces, is now out

It’s finally here! Microsoft just released the latest version of their favorite web development language almost 2 years after TypeScript 2.0 was announced. TypeScript 3.0 comes with plenty of new features and a few breaking changes. The release candidate for 3.0 which was released a few weeks before introduced some new features such as project reference functionality, extracting and spreading parameter lists using tuples, and support for the JSX defaultProps. This final release brought in some new features which makes this new version much more exciting, especially when we consider the changes brought in to improve the developer experience. Improved errors and UX When you see ‘improved errors’ in a feature set, you might think, “Okay, so even now we get errors, but in a better way”. But that is not exactly what the TypeScript team meant. Improving the error messages had been one of the biggest agenda for this release and the TypeScript team has not let us down by introducing related error spans and improved messages and collaboration. Related error spans and elaborated error messages An error can occur due to multiple reasons. One of those reasons and a pretty important one is error coming from different parts of the code. Related error spans are a new way to surface that information to users. In TypeScript 3.0, error messages can provide messages on other locations so that users can reason about cause-and-effect of an error. Since TypeScript 2.9, the team at Microsoft has been investing more resources on how to provide better and accurate error messages, which would lead to faster resolution time. By taking a core set of cases that give a smarter, cleaner, and more accurate error experience. Editor Productivity Writing code with TypeScript has always been a pleasant experience since the language leverages its syntactic and semantic knowledge, which allows one to write code more easily. Editors like Visual Studio, Visual Studio Code, and others with a TypeScript plugin to provide things users love like code completion, Go to Definition, and even quick fixes and refactorings. Building on this same trend, TypeScript 3.0 brings in new features like Named import refactorings, productivity features around JSX like providing completions for JSX closing tags, and Quick fixes for unreachable code and unused labels. Over the last few years, TypeScript has been slowly creeping into more and more web development projects with a clear advantage over JavaScript. Big time frameworks like Angular, React, and now Vue.js have started providing support for this next generation programming language. With this new release, TypeScript looks all set for total domination on the web frontier. For more information on the final TypeScript 3.0 release, check out the official Microsoft Blog. Read Next: TypeScript 3.0 release candidate is here How to work with classes in Typescript Microsoft launches Quantum Katas, a programming project to learn Q#, its Quantum programming language

Chromium developers recently shared the updates they are planning to do in Manifest V3, and one of them was limiting the blocking version of the webRequest API. They are introducing an alternative to this API called the declrativeNetRequest API. After knowing about this update many ad blocker maintainers and developers felt that introduction of the declarativeNetRequest API can lead to the end of many already existing ad blockers. One of the users at the Chromium bug tracker said: “If this (quite limited) declarativeNetRequest API ends up being the only way content blockers can accomplish their duty, this essentially means that two content blockers I have maintained for years, uBlock Origin ("uBO") and uMatrix, can no longer exist.” What is manifest version? Manifest version is basically a mechanism through which certain capabilities can be restricted to a certain class of extensions. These restrictions are specified in the form of either a minimum version or a maximum version. What Chromium states is their reason for doing this update? The webRequest API permit extensions to intercept requests to modify, redirect, or block them. The basic flow of handling a request using this API is, Chrome receives the request, asks the extension, and then gets the result. In Manifest V3, the use of this API will be limited in its blocking form. While the non-blocking form of the API, which permit extensions to observer network requests, but not modify, redirect, or block them will not be discouraged. They have not yet listed the limitations they are going to put in the webRequest API. Manifest V3 will treat the declarativeNetRequest API as the primary content-blocking API in extensions. What this API does is, it allows extensions to tell Chrome what to do with a given request, rather than have Chrome forward the request to the extension. This allows Chrome to handle a request synchronously. As per the doc shared by the team, this API is more performant and provides better privacy guarantees to users. What ad blocker developers and maintainers are saying? After knowing about this update many developers were concerned that this change will end up crippling all ad blockers. “Beside causing uBO and uMatrix to no longer be able to exist, it's really concerning that the proposed declarativeNetRequest API will make it impossible to come up with new and novel filtering engine designs, as the declarativeNetRequest API is no more than the implementation of one specific filtering engine, and a rather limited one (the 30,000 limit is not sufficient to enforce the famous EasyList alone)”, commented an ad blocker developer. He also stated that with the declarativeNetRequest API developers will not be able to implement other features like blocking of media element that are larger than a set size, disabling of JavaScript execution through the injection of CSP directives, etc. Users also feel that this is similar to Safari content blocking APIs, which basically puts limit on the number of rules. One of the developers stated on Chromium issue tab, “Safari has introduced a similar API, which I guess inspires this. My personal experience is that extensions written in that API is usable, but far inferior to the full power of uBlock Origin. I don't want to see this API to be the sole future.” You can check out the issue reported on Chromium bug tracker. Also, you can join the discussion or raise your concern on the Google group: Manifest V3: Web Request Changes. Chromium blacklists nouveau graphics device driver for Linux and Ubuntu users Chromium-based Brave browser shows 22% faster page load time than its Muon-based counterpart DragonFly BSD 5.4.1 released with new system compiler in GCC 8 and more

WebAssembly is changing the way we use develop applications for the web. Graphics heavy applications, browser based games, and interactive data visualizations seem to have found a better way to our UI - the WebAssembly way. The latest Blazor 0.6 experimental release from Microsoft is an indication that Microsoft has identified WebAssembly as one of the upcoming trends and extended support to their bevy of developers. Blazor is an experimental web UI framework based on C#, Razor, and HTML that runs in the browser via WebAssembly. Blazor promises to greatly simplify the task of building, fast and beautiful single-page applications that run in any browser. The following image shows the architecture of Blazor. Source: MSDN Blazor has its own JavaScript format - Blazor.js. It uses mono, an open source implementation of Microsoft’s .NET Framework based on the ECMA standards for C# and the Common Language Runtime (CLR). It also uses Razor, a template engine that combines C# with HTML to create dynamic web content. Together, Blazor is promising to create dynamic and fast web apps without using the popular JavaScript frontend frameworks. This reduces the learning curve requirement for the existing C# developers. Microsoft has released the 0.6 experimental version of Blazor on October 2nd. This release includes new features for authoring templated components and enables using server-side Blazor with the Azure SignalR Service. Another important news from this release is that the server side Blazor model will be included as Razor components in the .Net core 3.0 release. The major highlights of this release are: Templated components Define components with one or more template parameters Specify template arguments using child elements Generic typed components with type inference Razor templates Refactored server-side Blazor startup code to support the Azure SignalR Service Now the important question is how is this release going to fuel the growth of WebAssembly based web development? The answer is that probably it will take some time for WebAssembly to become mainstream because this is just the alpha release which means that there will be plenty of changes before the final release comes. But why Blazor is the right step ahead can be explained by the fact that unlike former Microsoft platforms like Silverlight, it does not have its own rendering engine. Hence pixel rendering in the browser is not its responsibility. That’s what makes it lightweight. Blazor uses the browser’s DOM to display data. However, the C# code running in WebAssembly cannot access the DOM directly. It has to go through JavaScript. The process looks like this presently. Source: Learn Blazor The way this process happens, might change with the beta and subsequent releases of Blazor. Just so that the intermediate JavaScript layer can be avoided. But that’s what WebAssembly is at present. It is a bridge between your code and the browser - which evidently runs on JavaScript. Blazor can prove to be a very good supportive tool to fuel the growth of WebAssembly based apps. Why is everyone going crazy over WebAssembly? Introducing Wasmjit: A kernel mode WebAssembly runtime for Linux Unity Benchmark report approves WebAssembly load times and performance in popular web browsers

On April 25, this year, GitHub announced that it will be shutting down GitHub Services in order to focus on other areas of the API, such as strengthening GitHub Apps and GraphQL, and improving webhooks. According to GitHub, Webhooks are much easier for both users and GitHub staff to debug on the web because of improved logging. GitHub Services has not supported new features since April 25, 2016, and they have also officially deprecated it on October 1st, 2018. The community stated that this functionality will be removed from GitHub.com on January 31st, 2019. The main intention of GitHub Services was to allow third-party developers to submit code for integrating with their services, but this functionality has been superseded by GitHub Apps and webhooks. Since October 1st, 2018, users are denied from adding GitHub services to any repository on GitHub.com, via the UI or API. Users can, however, continue to edit or delete existing GitHub Services. GitHub services vs. webhooks The key differences between GitHub Services and webhooks include: Configuration: GitHub Services have service-specific configuration options, while webhooks are simply configured by specifying a URL and a set of events. Custom logic: GitHub Services can have custom logic to respond with multiple actions as part of processing a single event, while webhooks have no custom logic. Types of requests: GitHub Services can make HTTP and non-HTTP requests, while webhooks can make HTTP requests only. Brownout for GitHub Services During the week of November 5th, 2018, there was a week-long brownout for GitHub Services. Any GitHub Service installed on a repository did not receive any payloads. Normal GitHub Services operations were resumed at the conclusion of the brownout. The main motivation behind the brownout was to allow GitHub users and integrators to see the places that GitHub Services are still being used and begin working towards migrating away from GitHub Services. However, they decided that a week-long brownout would be too disruptive for everyone. Instead, they plan to do a gradual increase in brownouts until the final blackout date of January 31st, 2019. The community announced that on January 31, 2019, they will permanently stop delivering all installed services' events on GitHub.com. As per the updated deprecation timeline: On December 12th, 2018, GitHub Service deliveries will be suspended for a full 24 hours. On January 7th, 2019, GitHub Services will be suspended for a full 7 days. Following that, regular deliveries will resume January 14th, 2019. Users should ensure that their repositories use newer APIs available for handling events. The following changes have taken place since October 1st, 2018: The "Create a hook" endpoint that accepted a required argument called name, which can be set to web for webhooks, or the name of any valid service. Starting October 1st, this endpoint does not require a name to be provided; if it is, it will only accept web as a valid value. Stricter API validation was enforced on November 1st. The name is no longer necessary as a required argument, and requests sending this value are rejected. To learn more about this deprecation, check out Replacing GitHub Services. GitHub introduces Content Attachments API (beta) Microsoft Connect(); 2018 Azure updates: Azure Pipelines extension for Visual Studio Code, GitHub releases and much more! GitHub acquires Spectrum, a community-centric conversational platform

In spite of the overwhelmingly negative feedback on the Manifest V3 extension system, Google is standing firm on Chrome’s ad-blocking changes. Last month, the company announced that it has begun testing its upcoming extension manifest V3 in the latest Chrome Canary build. As of October 31st, the Manifest V3 developer preview has been made available in the Chrome 80 Canary build. Manifest v3 and why it can end multiple ad blockers Manifest v3 has become a bone of contention for many ad-block companies. This is because Google developers have introduced an alternative to the webRequest API (earlier used for ad-blocking) named the declarativeRequest API, which limits the blocking version of the webRequest API. Chrome developers listed two reasons behind this new update, one was performance (although that was nullified in a study by WhoTracks.me) and the other was a better privacy guarantee to users. Chrome currently imposes a limit of 30,000 rules. However, most popular ad-blocking rules lists use almost 75,000 rules. Although Google claimed that they’re looking to increase this number, they didn’t assure it. Many ad blocker maintainers and developers felt that the introduction of the declarativeNetRequest API can lead to the crippling of many already existing ad blockers. The lead developer of popular ad blocker uBlock Origin, which relies on the original functionality of the webRequest API, commented, “This breaks uBlock Origin and uMatrix, [which] are incompatible with the basic matching algorithm picked, ostensibly designed to enforce EasyList-like filter lists,” he explained in an email to The Register. “A blocking webRequest API allows open-ended content blocker designs, not restricted to a specific design and limits dictated by the same company which states that content blockers are a threat to its business.” Many users also mentioned that Chrome is using its dominance in the browser market to dictate what type of extensions are developed and used. A user commented, “As Chrome is a dominant platform, our work is prevented from reaching users if it does not align with the business goals of Google, and extensions that users want on their devices are effectively censored out of existence.” Others expressed that it is better to avoid all the drama by simply switching to some other browser, mainly Firefox. “Or you could cease contributing to the Blink monopoly on the web and join us of Firefox. Microsoft is no longer challenging Google in this space,” a user added. Manifest V3 proposed changes As a part of Chrome 80 Canary build, the Chrome team is continuing to iterate on the declarativeNetRequest API and its capabilities. As a part of this release, background service workers (killing background page and scripts) are now available for testing in manifest version 2 and 3 extensions in Canary. Remotely-hosted code restrictions and host permissions changes are currently a work in progress. They are also working on combining page_action and browser_action APIs to single-action API. The manifest v3 proposed changes are not finalized yet, and several features are currently works in progress. The MV3 stable release is expected in 2020. As part of this launch, Google has created a Migrating to Manifest V3 guide that developers can use to migrate their existing extensions. They have also built a guide specifically for migrating from background pages to service workers. Is it time to ditch Chrome? Ad blocking extensions will now only be for enterprise users Chromium developers propose an alternative to webRequest API that could result in existing ad blockers’ end. Google Chrome developers “clarify” the speculations around Manifest V3 after a study nullifies their performance hit argument.

Yesterday, the Node.js community released Node v11.2.0. This new version comes with a new experimental HTTP parser (llhttp), timers, windows and more. Node v11.1.0 was released earlier this month. Major updates Node v11.2.0 comes with a major update in timers, fixing an issue that could cause setTimeout to stop working as expected. If the node.pdb file is available, a crashing process will now show the names of stack frames This version improves the installer's new stage that installs native build tools. Node v11.2.0 adds prompt to tools installation script which gives a visible warning and a prompt that lessens the probability of users skipping ahead without reading. On Windows, the windowsHide option has been set to false. This will let the detached child processes and GUI apps to start in a new window. This version also introduced an experimental `llhttp` HTTP parser. llhttp is written in human-readable TypeScript. It is verifiable and easy to maintain. This llparser is used to generate the output C and/or bitcode artifacts, which can be compiled and linked with the embedder's program (like Node.js). The eventEmitter.emit() method has been added to v11.2.0. This method allows an arbitrary set of arguments to be passed to the listener functions. Improvements in Cluster The cluster module allows easy creation of child processes for sharing server ports. The cluster module now supports two methods of distributing incoming connections. The first one is the round robin approach which is default on all platforms except Windows. The master process listens on a port, they accept new connections and distribute them across the workers in a round-robin fashion. This approach avoids overloading a worker process. In the second process, the master process creates the listen socket and sends it to interested workers. The workers then accept incoming connections directly. Theoretically, the second approach gives the best performance. Read more about this release on the official page of Node.js. Node.js v10.12.0 (Current) released Node.js and JS Foundation announce intent to merge; developers have mixed feelings low.js, a Node.js port for embedded systems

Yesterday, the Tor team announced the release of Tor Browser 8.5, which marks the first stable release for Android. Tor Browser 8.5 was also released for other platforms with more accessible security settings and a revamped look. https://twitter.com/torproject/status/1130891728444121089 The first alpha version of Tor Browser 8.5 for Android came out in September last year. After being in the alpha testing phase for almost 8 months, this version aims to provide phone users the same level of security and privacy as the desktop users enjoy. Announcing the release, the team wrote, “Tor Browser 8.5 is the first stable release for Android. Since we released the first alpha version in September, we've been hard at work making sure we can provide the protections users are already enjoying on the desktop to the Android platform.” The browser ensures security by preventing proxy bypasses. It comes with first-party isolation to protect users from cross-site tracking and fingerprinting defenses to prevent digital fingerprinting. Though the Android version was released with various security features, it does lacks some Desktop features that we will see coming in the subsequent releases. Across all the platforms, this version comes with improved security slider accessibility. Earlier it was behind the Torbutton menu, which made it difficult to access. Along with this change, the Tor Browser also comes with few cosmetic changes. The user interface is similar to that of Firefox’s Photon UI and also has redesigned logos. The team further shared that, the other most popular mobile operating systems, iOS will not be getting Tor Browser any time soon as it is too restrictive. Users can instead use the Onion Browser. Read also: Understand how to access the Dark Web with Tor Browser [Tutorial] You can download Tor Browser 8.5 from the Tor Browser download page and distribution directory. The Android version is also available on the Google Play Store. Read the full announcement on Tor’s official website. Mozilla makes Firefox 67 “faster than ever” by deprioritizing least commonly used features Firefox 67 will come with faster and reliable JavaScript debugging tools Mozilla developers have built BugBug which uses machine learning to triage Firefox bugs  

Last week, Ilia Mirkin, a former software engineer of Google, shared on the nouveau mailing list that nouveau is now blacklisted in Chromium 71 and Chrome. Many users have been facing rendering issues with nouveau such as tabs and address bar getting partially or totally covered by multiple black rectangles. Users also experienced memory and CPU leak. Because of these kinds of bug reports, the Chromium team considers the driver unstable. The team has disabled the GPU-acceleration by default, but users can still bypass the block if they want to by using these two options: installing proprietary NVidia drivers or running Chrome with --ignore-gpu-blacklist. Why did the Chromium team decide to blacklist Nouveau? Looking at the performance issues, the Chromium team wanted to blacklist the nouveau driver a long time ago. Also, now that Ubuntu ships with nouveau support by default they think that it's time to blacklist it in Chrome and Chromium. Since Ubuntu LTS supports nouveau, it was quite confusing for users to understand why it is being considered unstable for Chromium. The team commented on a bug report that they do not have enough resources to investigate and fix bugs and their main priority is keeping the browser secure and stable. One of the team members said, “We want a stable & secure browser first, a GPU-accelerated one second, only if possible. The default driver on Ubuntu LTS has severe issues, asking non-technical users to update their driver is just not acceptable as a prerequisite to using Chrome. If someone is interested in well-scoping the brokenness (version range and/or devices affected), we're happy to take a patch to the blacklist.” In addition to rendering issues, it does not come with support for many features. Users also feel that the root cause is Nvidia, which does not provide open source drivers to the kernel, unlike Intel or AMD. Hence, nouveau (an open source device driver) does not show the same degree of stability or performance. Some felt that to avoid this confusion the Chromium team could have provided some kind of warning message and recommendation about how to update/remove the driver to one that is supported. NVIDIA launches GeForce Now’s (GFN) ‘recommended router’ program to enhance the overall performance and experience of GFN NVIDIA demos a style-based generative adversarial network that can generate extremely realistic images; has ML community enthralled NVIDIA makes its new “brain for autonomous AI machines”, Jetson AGX Xavier Module, available for purchase

Last week, two security issues were reported in nginx HTTP/2 implementation, which can result in excessive memory consumption and CPU usage. Along with these, an issue was found in ngx_http_mp4_module, which can be exploited by an attacker to cause a DoS attack. The issues in the HTTP/2 implementation happen if ngnix is compiled with the ngx_http_v2_module and the http2 option of the listen directive is used in a configuration file. To exploit these two issues, attackers can send specially crafted HTTP/2 requests that can lead to excessive CPU usage and memory usage, eventually triggering a DoS state. These issues affected nginx 1.9.5 - 1.15.5 and are now fixed in nginx 1.15.6, 1.14.1. In addition to these, a security issue was also identified in the ngx_http_mp4_module, which might allow an attacker to cause an infinite loop in a worker process. This can result in crashing the worker process or disclose its memory by using a specially crafted mp4 file. This issue only affects nginx if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. The attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module. This issue affects nginx 1.1.3+, 1.0.7+ and is now fixed in 1.15.6, 1.14.1. You can read more about these security issues in nginx at its official website. Meet Carlo, a web rendering surface for Node applications by the Google Chrome team Introducing Howler.js, a Javascript audio library with full cross-browser support