Tech News - Web Development

DuckDuckGo, an internet privacy company, empowers users to seamlessly take control of their personal information online, without any tradeoffs. DuckDuckGo doesn’t store IP addresses and doesn’t create unique cookies. It doesn’t even collect or share any type of personal information. The Improvements Lately, the company came up with some improvements. If you ever happen to search for  DuckDuckGo, you might have come across a "&atb=" URL parameter in the web address at the top of your browser. This parameter allows DuckDuckGo to anonymously  A/B (split) test product changes. To explain this further, let’s take, for example, users in the A group would get blue links and users in the B group would get red links. From this, it would be easier for the team at DuckuckGo to measure how the usage of DuckDuckGo has been impacted by different color links. The team at DuckDuckGo also measures the engagement of specific events on the page (e.g. A misspelling message is displayed, when it is clicked). It allows them to run experiments where they can test different misspelling messages and use CTR (click through rate) to determine the message's efficacy. The requests made for improving DuckDuckGo are anonymous and the information is used only for improving the products. Similar "atb.js" or "exti" requests are made by browser extensions and mobile apps. The browser extensions and mobile apps will only send one type of these requests a day. This means an approximate count of the devices which accessed DuckDuckGo can be known. But this would be done without knowing anything about those devices or the searches made by users. These requests are all fully encrypted, such that nobody else can see them except for DuckDuckGo. There is no personal information attached to the request. So, DuckDuckGo cannot ever tell what individual people are doing since everyone is anonymous. The team has developed systems from scratch, instead of relying on third-party services. This is how they stick to their privacy promise of not collecting and leaking any personal information. This move by the company centered around anonymity might benefit a lot to the company, as data breach incidents on various organizations are trending lately.  With the daily searches crossing the 30 million mark, the company has already experienced 50% growth in the last year. These improvements prove to be cherry on the cake! Could DDG possibly pose a real threat to the leading search engine, Google? Read more about this news on the official website of DuckDuckGo. 10 great tools to stay completely anonymous online Google’s prototype Chinese search engine ‘Dragonfly’ reportedly links searches to phone numbers Google launches a Dataset Search Engine for finding Datasets on the Internet

Last week, GitHub announced that their main application is now running on Rails 5.2.1. Along with this upgrade, they have also improved the overall codebase and cleaned up technical debt. How GitHub upgraded to Rails 5.2.1? The upgrade started out as a hobby with no dedicated team assigned. As they made progress and gained traction it became a priority. They added the ability to dual boot the application in multiple versions of Rails, instead of using a long running branch to upgrade Rails. Two Gemfile.lock were created: Gemfile.lock for the current version Gemfile_next.lock for the next version This dual booting enabled the developers to regularly deploy changes for the next version to GitHub without any affect on how production works. This was done by conditionally loading the code: if GitHub.rails_3_2? ## 3.2 code (i.e. production a year and a half ago) elsif GitHub.rails_4_2? # 4.2 code else # all 5.0+ future code, ensuring we never accidentally # fall back into an old version going forward end To roll out the Rails upgrade they followed a careful and iterative process: The developers first deployed to their testing environment and requested volunteers from each team to click test their area of the codebase to find any regressions the test suite missed. These regressions were then fixed and deployment was done in off-hours to a percentage of production servers. During each deploy, data about exceptions and performance of the site was collected. With this information they fixed bugs that came up and repeat those steps until the error rate was low enough to be considered equal to the previous version. Finally, they merged the upgrade once they could deploy to full production for 30 minutes at peak traffic with no visible impact. This process allowed them to deploy 4.2 and 5.2 with minimal customer impact and no down time. Key lessons they learned during this upgradation Regular upgradation Upgrading will be easier if you are closer to a new version of Rails. This also encourages your team to fix bugs in Rails instead of monkey-patching the application. Keeping an upgrade infrastructure Needless to say, there will always be a new version to upgrade to. To keep up with the new versions, add a build to run against the master branch to catch bugs in Rails and in your application early. This make upgrades easier and increase your upstream contributions. Regularly address technical debt Technical debt refers to the additional rework you and your team have to do because of choosing an easy solution now instead of using a better approach that would take longer. Refraining from messing with a working code could cause a bottleneck for upgrades. To avoid this try to prevent coupling your application logic too closely to your framework. The line where your application logic ends and your framework begins should be clear. Be sure to assume that things will breaks Upgrading a large and trafficked application like GitHub is not easy. They did face issues with CI, local development, slow queries, and other problems that didn’t show up in their CI builds or click testing. Read the full announcement on GitHub Engineering blog. GitHub introduces ‘Experiments’, a platform to share live demos of their research projects GitLab raises $100 million, Alphabet backs it to surpass Microsoft’s GitHub Packt’s GitHub portal hits 2,000 repositories

Last week, Mozilla disclosed the winners of Mozilla Research Grants for the first half of 2019. Among the winning proposals was “Bringing Julia to the Browser” that aligns with Mozilla’s goal to bring data science and scientific computing tools to the browser. Mozilla had said it was specifically interested in receiving submissions about supporting R or Julia at the browser level. Every six months Mozilla awards grants of value $25,000 to support research in emerging technologies and also topics relevant to Mozilla. It started accepting proposals for 2019 H1 funding series in April this year. https://twitter.com/jofish/status/1121860158835978241 These proposals were expected to address any one of the twelve research questions under the following three categories: Growing the Web: WASM, Rust, Digital trust for cost-conscious users, Beyond online behavioral advertising (OBA) New Interaction Modes: Iodide: R or Julia in the Browser, Fathom, Futures, Mixed Reality, Voice, Common Voice Privacy & Security: Data, Privacy & Security for Firefox Mozilla has been constantly putting its efforts to make the life of data scientists easier on the web. In March, it introduced Iodide that allows data scientists to create interactive documents using web technologies. In April, it came up with Pyodide that brings the Python runtime to the browser via WebAssembly. By funding this research by Valentin Churavy, an MIT Ph.D. student and a member of the official Julia team, Mozilla is taking the next step towards improving access to popular data science tools on the web. They are planning to port R or Julia, languages that are popular among statisticians and data miners, to WebAssembly. Their ultimate goal is to introduce a plugin for Iodide that will automatically convert data basic types between R/Julia and Javascript and will be able to share class instances between R/Julia and Javascript. Though Python and R have been developers’ first choice, Julia is also catching up in becoming one of the promising languages for scientific computing. Its execution speeds are comparable to that of C/C++ and high-level abstractions are comparable to MATLAB. It offers support for modern machine learning frameworks such as TensorFlow and MXNet. Developers can also use Flux, a Julia machine learning library to easily write neural networks. Following are all the Mozilla Research Grants for 2019H1: Source: Mozilla Research Mozilla will be opening a new round of grants in fall this year (probably in November). To know more, check out its official announcement and also join the mailing list. Mozilla introduces Pyodide, a Python data science stack compiled to WebAssembly Mozilla introduces Iodide, a tool for data scientists to create interactive documents using web technologies Mozilla’s Firefox Send is now publicly available as an encrypted file sharing service

Node.js 10.0.0 released, packed with exciting new features, it will be the next candidate in line for the Long Term Support (LTS) in October 2018. So what exactly is an LTS and why is the Node.js foundation releasing a major version every six months?   Node.js History and the Significance of LTS When Ryan Dhal first created Node.js, he decided to follow Linux kernel style odd/even version releases. Odd version releases represented internal development with no guarantee for stable releases, whereas even releases guaranteed stability. But this release scheme didn’t last long, as version 0.12 represented the last release under that versioning scheme. Later in 2015, Node.js 4.0 was announced, dubbed famously as the “Converged Release”. This meant that both io.js and Node.js projects under the Node foundation were merged together, providing a unified release plan for all Node products. In order to attract more enterprise users and to provide more stability to the platform, the Node foundation announced the “Long Term Support” strategy. The plan was simple, every six months a major version of the platform will be released which would follow semantic versioning. The even releases would be scheduled in April while the odd ones would come out in October and every even-numbered release will automatically become a candidate for the LTS. Long Term Support release lines focus on stability, extended support and provide a reliable platform for applications of any scale. Most Node.js users and companies prefer to use the Long Term Support releases. A candidate covered in the LTS plan is actively maintained for a period of 18 months from the date it enters LTS coverage. Following those 18 months of active support, they transition into "maintenance" mode for 12 additional months. To read more about the LTS release plan and schedule visit the official Node.js Foundation Release Working Group page. Source: Node.js Foundation Release Working Group Node.js 10 features Codenamed “Dubnium” Node.js 10.x comes with plenty of new features like OpenSSL 1.1.0 security toolkit, upgraded npm, N-API, and much more. Let’s take a closer look at each one of them. N-API and Native Node HTTP/2 becomes stable N-API, an abbreviation for Native API is used for building native addon, while Native HTTP/2 is module that improves the standard HTTP protocol. Both these features were first announced as experimental projects in Node.js 8 release and now have been confirmed as stable features in the 10.x release. N-API aims to solve two main problems namely, reducing the maintenance cost for native modules and reducing difficulties in upgrading Node.js versions in production deployments for users. The native HTTP/2 module will help improve Node servers and the web experience that they provide. Upgraded npm npm has recently been upgraded from v5.7 to v6.0, while Node.js 10 ships with npm 5.7, the 10.x line will be upgraded to npm Version 6 later on. This major version increase in npm provides improvements in all areas including performance, security, and stability. OpenSSL Version 1.1.0 With the recent finalization of the TLS 1.3 specification, a huge step forward for the security of the web, OpenSSL release their newest version of the security toolkit which supports this TLS specification. It didn’t take long for Node.js to start supporting OpenSSL, since it would provide more secure communication between applications on the Node platform. While Node is just supporting OpenSSL version 1.1.0 in this latest release, it plans to upgrade it in the future versions of the 10.x release, bringing the brand new TLS support for the developers.   What to expect in the future releases Plenty of exciting features like better support for the ECMAScript (ES) modules, JavaScript Promises, new infrastructure for build/automation support, and functional testing for third party modules are in line for the next releases. Node 10 will remain in LTS from October 2018 until April 2021. This LTS release will also mark the deprecation of Node.js 4. While the features released so far are already very impressive, the Node team remains adamant on bringing even more cutting edge technology to the platform, making the life of developers easier. To get a more detailed description of the new features or to download the latest version of Node.js, please visit their official web page. How is Node.js Changing Web Development? How to deploy a Node.js application to the web using Heroku

A new version of Jest, the popular framework for testing React applications is now available. Jest is developed by Facebook and can be used for testing JavaScript functions, but is specifically aimed at React. Jest is a zero configuration testing platform with features such as snapshot testing, parallelized test runs, built-in code coverage reports, and instant feedback. Jest 23 features major updates. Here are the top ones. Babel and Webpack join the Jest community Webpack saw their total test suite time reduced 6x from over 13 minutes to 2 minutes 20 seconds, after converting from Mocha to Jest 23 Beta. Interactive Snapshot Mode The newly incorporated Interactive snapshot mode, is added as a default watch menu option. With this new mode, testers can browse through each failing snapshot in each failing suite, and review, update or skip each failed snapshots individually. Snapshot Property Matchers Jest now has Snapshot property matchers through which testers can pass properties to the snapshot matcher which specify the structure of the data instead of the specific values. These property matchers are then verified before serializing the matcher type to provide consistent snapshot results across multiple test runs. Jest Each Jest 23 features a new jest-each library inspired by mocha-each and Spock Data Tables. This library defines a table of test cases, and then runs a test for each row with the specified column values. Support is provided for both array types and template literals for all flavors of describe and test. Watch Mode Plugins The watch mode system now allows adding of custom plugins to watch mode. These watch mode plugins can hook into Jest events and provide custom menu options in the watch mode menu. Other changes include: Test descriptions and functions are a mandate. Jest 23 will fail tests that do not include both a function and a description. Undefined props from React snapshots are now removed. MapCoverage, jest.genMockFunction and jest.genMockFn are deprecated. Snapshot name (if provided) is now added to the snapshot failure message so it's easier to find the snapshot that's failing. Mock timestamps are replaced with invocationCallOrder since two or more mocks may often have the same timestamp, making it impossible to test the call order. Mock function call results are added to snapshots so that both the calls and the results of the invocation are tracked. For the complete list of changes and updates, see the changelog. Testing Single Page Applications (SPAs) using Vue.js developer tools What is React.js and how does it work? How to test node applications using Mocha framework

Angular 6 finally arrives! This is a major production release of Angular, the popular JavaScript framework for building web and mobile applications. This release mainly focuses on the toolchain and on making it easier for developers to migrate to future versions of Angular quickly. With this release, major framework packages (@angular/core, @angular/common, @angular/compiler, etc), the Angular CLI, and Angular Material + CDK are also synchronizing their releases. All are releasing as 6.0.0 today. Here’s a quick rundown of all major features: New CLI commands Two new CLI commands have been added. The ng-update command recommends updates to an application by analyzing the package.json. ng-update will help developers adopt the right version of dependencies while keeping them in sync. The ng-add CLI command adds new capabilities to a project by using the package manager to download new dependencies and invoke an installation script. ng add @angular/pwa —Converts your app into a PWA by adding an app manifest and service worker ng add @ng-bootstrap/schematics — Adds ng-bootstrap to your application ng add @angular/material — Install and setup Angular Material and theming and register new starter components into ng generate CLI Workspaces CLI v6, which is a part of Angular 6 release, now supports workspaces containing multiple projects, such as multiple applications or libraries. CLI projects will now use angular.json instead of .angular-cli.json for build and project configuration. It also adds support for creating and building libraries with the command ng generate library <name>. This command will create a library project within the CLI workspace, and configure it for testing and building. Angular Elements Angular 6 also comes with the first release of Angular Elements. Angular elements allow bootstrapping Angular components within an existing Angular application by registering them as Custom Elements. They replace the need to manually bootstrap Angular components found in static html content. Angular Material + CDK Components Angular 6 features a new tree component for displaying hierarchical data. The Tree component in Angular Material and the Component Dev Kit helps in better visualization of tree structures such as a list of files. Alongside the tree, there are new badge and bottom-sheet components. Badges help display small bits of helpful information, such as unread item counts. Bottom-sheets are a special type of mobile-centric dialogs, commonly used to present a list of options following an action. With the release of v6, the @angular/cdk/overlay package includes new positioning logic that helps make pop-ups which remain on-screen in all situations. The angular material also includes 3 new starter components. Material Sidenav: Generates a starter component including a toolbar with the app name and the side navigation. Material Dashboard: Generates a starter dashboard component containing a dynamic grid list of cards. Material Data Table: Generates a starter data table component that is pre-configured with a datasource for sorting and pagination. Updated to use RxJS v6 Angular has been updated to use RxJS v6. RxJS v6 was introduced at ng-conf and brings several major changes, along with a backwards compatibility package rxjs-compat for keeping applications working without breaking components. Long Term Support Expansion The angular community has extended the long-term support to all major releases starting with v4. Each major release will be supported for 18 months with around 6 months of active development followed by 12 months of critical bug fixes and security patches. A common complaint among developers about Angular has been about the messy migrations from one version to another. This announcement aims to make updating from one major to the next easier, and give bigger projects more time to plan updates. How can you upgrade to the new version? The update will take advantage of the new ng update tool. Here are the steps for updating. Update @angular/cli Update your Angular framework packages Update other dependencies Checkout the Angular blog for detailed release notes and steps on how to update. ng-conf 2018 highlights, the popular angular conference Why switch to Angular for web development – Interview with Minko Gechev 8 built-in Angular Pipes in Angular 4 that you should know  

After launching the developer preview of accelerated mobile pages or AMP for email last year, Google announced its general availability yesterday. For utilizing AMP for email, you do not have to be restricted to Gmail as other major email providers including Yahoo Mail, Outlook.com, and Mail.Ru have also added support for AMP. What is AMP for email? AMP for email aims to take the simple text emails to the next level by making them interactive and engaging, which Google calls “dynamic emails”, like web pages without having the user to hit the browser. AMP for email promises that users will now be able to actually get things done within the email. For instance, users will be able to take actions like RSVP to an event, fill out a questionnaire, browse a catalog, or respond to a comment. AMP emails are designed to be compatible with the current email ecosystem using a new MIME part called “text/x-amp-html”. AMP for email supports many a subset of AMP markups, which includes carousels, forms, and lists. Also, if an email provider does not support AMP emails, it allows emails to fallback to HTML. How users and developers are reacting to this? Since the AMP initiative was first announced, it has faced criticism by many, so much so that there is a Twitter account named “GoogleAMPSucks”. Google AMP for email has also sparked a huge discussion on Hacker News. Many users think that this opens up an alternate channel for sending ads to users. One user commented, “Google is looking for alternative channels to sell ads through. Adding more complicated media to email increases the type of ads that can be sold. It won’t be right away, but it’s coming.” AMP for email provides senders new ways to revise the information in an email they have already sent. This will make emails mutable which is a concern for many users. Explaining how this feature can be misused, one of the users on Hacker News, said, “Sent an ad claiming that you had a given price for a full week, and then decided you didn't want to sell it for that anymore two days later? Handy that you can remove all evidence of your advertisement after you sent it.” Bron Gondwana, CEO of FastMail, also believes that the immutable behavior of emails is, in fact, its strength. He wrote in a blog post, “The email in your mailbox is your copy of what was said, and nobody else can change it or make it go away. The fact that the content of an email can’t be edited is one of the best things about POP3 and IMAP email standards. I admit it annoyed me when I first ran into it – why can’t you just fix up a message in place – but the immutability is the real strength of email. You can safely forget the detail of something that you read in an email, knowing that when you go back to look at it, the information will be exactly the same.” To read the official announcement, check out Google’s blog. European Union fined Google 1.49 billion euros for antitrust violations in online advertising Google announces Stadia, a cloud-based game streaming service, at GDC 2019 Google is planning to bring Node.js support to Fuchsia  

The protocol called HTTP-over-QUIC will be officially renamed to  HTTP/3. In a discussion on IETF mail archive thread, Mark Nottingham, Chairman of the IETF HTTPBIS Working Group and W3C Web Services Addressing Working Group, triggered the confusion between QUIC-the-transport-protocol, and QUIC-the-HTTP-binding. QUIC, a TCP replacement done over UDP, was started as an effort by Google and then more of a "HTTP/2-encrypted-over-UDP" protocol. The QUIC Working Group in the IETF works on creating the QUIC transport protocol. According to Daniel Stenberg, lead developer of curl at Mozilla, “When the work took off in the IETF to standardize the protocol, it was split up in two layers: the transport and the HTTP parts. The idea being that this transport protocol can be used to transfer other data too and it’s not just done explicitly for HTTP or HTTP-like protocols. But the name was still QUIC.” People in the community have referred different versions of the protocol using informal names such as iQUIC and gQUIC to separate the QUIC protocols from IETF and Google. The protocol that sends HTTP over "iQUIC" was called "hq" (HTTP-over-QUIC) for a long time. Last week, on November 7, 2018, Dmitri Tikhonov, a programmer at Litespeed announced that his company and Facebook had successfully done the first interop ever between two HTTP/3 implementations. Here’s Mike Bihop's follow-up presentation at the HTTPbis session on the topic. https://www.youtube.com/watch?v=uVf_yyMfIPQ&feature=youtu.be&t=4956 Brute forcing HTTP applications and web applications using Nmap [Tutorial] Phoenix 1.4.0 is out with ‘Presence javascript API’, HTTP2 support, and more! Use App Metrics to analyze HTTP traffic, errors & network performance of a .NET Core app [Tutorial]

After releasing Firefox 60 last month, Mozilla has launched Firefox 61 for Windows, Mac, Linux, and Android devices. This release builds on Firefox Quantum, adding even more power to Quantum CSS by parallelizing the parsing step. This is especially beneficial to websites with large stylesheets and complex layouts. UI changes Firefox 61 now ships with an accessibility inspector that lets developers easily make pages for users with accessibility requirements. The new-look Console UI has been enabled by default for the Browser Console & Browser Toolbox. CSS variables now autocomplete with color swatches, allowing developers to see exactly what color value is stored in each variable The main toolbox's toolbar has also been redesigned. Highlights are better responsiveness for narrow and wide viewports with a new overflow dropdown and sortable tabs. The Network Monitor's main toolbar got redesigned to be more responsive on smaller viewports and visually aligned with the Console. It also includes a Throttling dropdown which throttles network speed to emulate various different network speed conditions. Performance improvements Tab management gets a boost in Firefox 61, with the new Tab warming feature which allows users to manage browser tabs more effectively. Tab Warming will watch the user's mouse cursor and start painting content inside a tab whenever the user hovers his/her mouse over one. There is also faster page rendering with Quantum CSS improvements and the new retained display list feature. Moreover, Firefox 61 now has retained display lists which means users can quickly access the pages they visit more frequently. WebExtensions now run in their own process on MacOS. They can now hide tabs and manage the behavior of the browser when a tab is opened or closed. Users are also provided a convenient access to more search engines. Users can add their favorite search engines to the address bar with the “Search with” tool. MacOS users can also share the URL of an active tab from the page actions menu in the address bar. Security Updates Firefox 61 on all four platforms have provided support for TLS 1.3, the latest version of Transport Layer Security (TLS). TLS 1.3 brings major improvements in security, privacy, and performance. It only includes support for algorithms with no known vulnerabilities and is also able to negotiate a secure session within a single round-trip. Read the release notes for a complete list of updates. Mozilla has also released the Firefox 61 changelog specifically catering to developers. Firefox 60 arrives with exciting updates for web developers: Quantum CSS engine, new Web APIs and more Mozilla is building a bridge between Rust and JavaScript Google announces Chrome 67 packed with powerful APIs, password-free logins, PWA support, and more

After the release of React 16.5.0 last month, the React team announced the release of React 16.6.0 yesterday. This release comes with a few new convenient features including support for code splitting, easier way to consume Context from class components, and more. Let’s see what changes have been made in this release: React.memo() as an alternative to PureComponent for functions React.memo() is similar to React.PureComponent but for function components instead of class. It can be used in cases when the function component renders the same result given the same props. You can wrap the function component in a call to React.memo() for a performance boost in some cases by memorizing the result. This will make React skip rendering the component and reuse the last rendered result. React.lazy() for code splitting components You can now render a dynamic import as a regular component with the help of React.lazy() function. To do code splitting you can use the Suspense component by wrapping a dynamic import in a call to React.lazy(). Library authors can leverage this Suspense component to start building data fetching with Suspense support in the future. Note that the feature is not yet available for server-side rendering. Added Class.contextType In React 16.3 a new Context API was introduced as a replacement to the previous Legacy Context API, which will be removed in a future major version. React 16.6 comes with contextType, which makes it convenient to consume a context value from within a class component. A Context object created by React.createContext() can be assigned to the contextType property. This enables you to consume the nearest current value of that Context type using this.context. This update is done because developers were having some difficulties adopting the new render prop API in class components. getDerivedStateFromError() to render the fallback UI React 16 introduced error boundaries to solve the problem of a JavaScript error in a part of the UI breaking the whole app. What Error boundaries do is, they: Catch JavaScript errors anywhere in their child component tree Log those errors Display a fallback UI instead of the component tree that crashed An already existing method, componentDidCatch() gets fired after an error has occurred. But before it is fired, null is rendered in place of the tree that causes an error. This sometimes results in breaking the parent components that don’t expect their refs to be empty. This version introduces another lifecycle method called getDerivedStateFromError() that lets you render the fallback UI before the render completes. Deprecations in StrictMode The StrictMode component was released in React 16.3 that lets you opt-in early warnings for any deprecations. Two more APIs are now added to the deprecated APIs list: ReactDOM.findDOMNode() and Legacy Context. The reason these APIs are deprecated are: ReactDOM.findDOMNode(): This API was supported to allow searching the tree for a DOM node given a class instance. Typically, you don’t require this because you can directly attach a ref to a DOM node. Most uses of this API are often misunderstood and are unnecessary. Legacy Context: It makes React slightly slower and bigger than it needs to be. Instead of the Legacy Context, you can use the new Context API that was introduced in React 16.3. Miscellaneous changes unstable_AsyncMode renamed to unstable_ConcurrentMode unstable_Placeholder renamed to Suspense and delayMs to maxDuration To read the entire changelog of React 16.6, check out their official announcement and also React’s GitHub repository. React 16.5.0 is now out with a new package for scheduling, support for DevTools, and more! React Native 0.57 released with major improvements in accessibility APIs, WKWebView-backed implementation, and more! InfernoJS v6.0.0, a React-like library for building high-performance user interfaces, is now out

Anti-paywall add-on has been deprecated from the Mozilla website. The author of that add-on, Florent Daigniere confirmed that it has been removed from both Chrome and Mozilla. “This was done because the add-on violated the Firefox Add-on Distribution Agreement and the Conditions of Use,” Daigniere wrote. “It appears to be designed and promoted to allow users to circumvent paywalls, which is illegal”. Last year, Daigniere released the anti-paywall browser extension that maximizes the chances of bypassing paywalls. On asking Mozilla about why this add-on was deprecated, he got the reply: "There are various laws in the US that prohibit tools for circumventing access controls like a paywall. Both Section 1201 of the Digital Millennium Copyright Act (DMCA) and the Computer Fraud and Abuse Act (CFAA) are examples. We are responding to a specific complaint that named multiple paywalls bypassing add-ons. It did not target only your add-on." This news was one of the top stories on Hacker News. People are largely opposing Mozilla’s move. “Making it harder to install addons (and breaking all the old ones) is one of the things contributing to Mozilla losing share to Chrome. People used to use Firefox over Chrome because of all the great addons, which they then broke, leaving users with less reason not to use Chrome.” “I used to default to Firefox for work. Then they killed the old addons, which broke a major part of my workflow (FireFTP's "open a file and as you edit it it automatically re-uploads" feature). So there was a lot less keeping me stuck to it. ” “This extension just seems to strip tracking data and pretend to be a Google bot. It baffles me that this is somehow concerning enough to be taken down. And anyway, isn't making exemptions for Google's robots sort-of against their policy?” Users offered advice and suggestions to Daigniere on how he can go about with the process. “I would consult with an attorney to determine legal options for an adequate defense and expected expenses. A consult is not a contract and you can change your mind if you are unwilling to take the risk with a lawsuit. I suspect the takedown notice is a DMCA takedown based upon a flawed assumption of the law. The hard part about this is arguing the technical merits of the case before non-technical people. While the takedown notice is probably in error they could still make a good argument around bypassing their security controls. You could appeal to the EFF or ACLU. If they are willing to take your case it will be pro bono.” “I'd just move on. To be honest sites with those types of paywalls should not be indexed. The loophole you are taking advantage of here is a bait and switch by these sites. They want the search traffic but don't want public access. Most of us have already adapted, however, and avoid these sites or pay for them. Your plugin title blatantly describes that you're avoiding paying for something they are charging for so even though it may not be illegal it's not something I'd waste energy fighting for.” “Rename the plugin and change the description. The message from Mozilla states that the problem is the intent of the plugin. The technological measures it actually takes are not illegal per sé, but are illegal when used to circumvent paywalls. If you present this as a plug-in that allows you to view websites as the Google bot views them, for educational and debugging purposes, there is no problem. You can give the fact that it won’t see the paywall as an example. It’s actually useful for that purpose: you are not lying. It’s just that most people will install the plugin for its ‘side effects’. Their use of it will still be illegal, but the intent will not be illegal.” Read more of this conversation on Hacker News. The State of Mozilla 2017 report focuses on internet health and user privacy Mozilla criticizes EU’s terrorist content regulation proposal, says it’s a threat to user rights Mozilla v. FCC: Mozilla challenges FCC’s elimination of net neutrality protection rules

Bootstrap v4, made an initial appearance around the start of this year, as a major release of the popular front-end web development library. It was followed by 10 new themes built on Bootstrap 4 with its own build tools and customer support. It has been a month since the release of Bootstrap 4 and the version 4.1  is already here. Although, Bootstrap v4.1 is not massive in terms of new features or path-breaking changes, it hosts few smaller updates. Additionally, it has a basketful of fixes, doc updates, and build tool changes. Highlights of Bootstrap v4.1 New custom range form control is added. New .carousel-fade modifier is added to switch carousel from horizontal sliding to crossfade. Includes a new .dropdown-item-text for plaintext dropdown items. New .flex-fill, .flex-grow-*, and .flex-shrink-* utilities are added. New .table-borderless variant for tables added. New .text-monospace utility added. New .text-body (default body color), .text-black-50 (50% opacity black), and .text-white-50 (50% opacity white) utilities added. New .shadow-* utilities added for quickly adding box-shadows. Now you can disable Popper’s positioning in dropdowns. Theming docs are updated so now you will not be able to use CSS variables in media queries. The issue with Chrome rendering CSS columns incorrectly for cards is now fixed. .text-hide is deprecated as it’s a dated and undocumented feature. Dashboard and Offcanvas examples across Firefox and IE are now fixed. Breadcrumbs can now use non-string values as dividers. Find a detailed version of all fixes on the ship list and project board. With the Bootstrap version 4, it moved to a versioned docs setup. This means after each minor release, version 4 will have a new hosted version of Bootstrap docs. This would help developers avoid breaking URLs over the web who are yet to upgrade or want to stick to older versions of Bootstrap. The Bootstrap v4.1 release documentation is available on this new webpage and the older webpage remains the same. The upcoming Bootstrap release v4.1.1 would solve certain bug fixes for input groups and form fields that were missed in Bootstrap v4.1 due to insufficient time. Read More Web Development with React and Bootstrap Bootstrap 4 Objects, Components, Flexbox, and Layout Getting Started with ASP.NET Core and Bootstrap 4  

Google has launched Chrome 67 on Mac, Windows, Linux, and Android devices packed with exciting new features. The release features two powerful APIs, password-free logins, PWA support on desktops and more.  Let’s have a look at the features in detailed. Progressive web apps now supported on Desktops Chrome 67 now supports Desktop based progressive web apps.  They run the same way as other apps, in an app window, without an address bar or tabs. Service workers run the PWA to ensure they are engaging, fast, and smooth. As a developer, there are only certain breakpoints to consider while running your PWA in chrome. Essentially the process of creating it remains the same. If your app meets the standard PWA criteria, Chrome will fire the beforeinstallprompt event, However,  it won’t automatically prompt the user.  Here are the steps you need to follow: Save the event. Then, add some UI—like an install app button—to the app to tell the user your app can be installed As the user clicks the button, you need to call prompt on the saved event. Chrome will then show the prompt to the user If users click add, Chrome will add the PWA to their shelf and launcher AR and VR support with WebXR Device API Chrome 67 offers a special WebXR Device API, to create augmented reality and virtual reality experiences on desktops and mobile devices. It will be used to create immersive experiences across multiple AR/VR devices,  sensors and head-mounted displays including Google Daydream View, Samsung Gear VR, and desktop-hosted headsets like Oculus Rift, HTC Vive, and Windows Mixed Reality Headsets. This API will be used to develop AR and VR games, 360-degree videos, and also be used for data visualization, home shopping, and displaying art. Generic Sensor API for accelerometer support Updating mobile experiences, Chrome 67 offers a new Generic Sensor API. Websites can access a mobile device’s accelerometer, gyroscope, orientation sensor, and motion sensor. The API consists of a base Sensor interface with a set of sensor classes built on top. The base interface simplifies the implementation and specification process for the sensor classes. The goal of the Generic Sensor API is to promote consistency across sensor APIs, enable advanced use cases, and increase the pace at which new sensors can be exposed to the Web. Password-free logins Chrome 67 supports password-free logins based on the Web Authentication standard. These standards can be incorporated into browsers and allow additional ways for users to securely sign into most sites. These include biometric information such as fingerprint, retina, or facial recognition from either smartphone or a USB key. Changes in dev tools There are also a number of changes and updates in DevTools in Chrome 67.  Some of these include: Users can now search across all network headers. There are new audits, desktop configuration options, and viewing traces. Incorporation of user Timing in the Performance tabs. JavaScript VM instances are now clearly listed in the Memory panel. The Network tab in the Sources panel has been renamed as the Page tab. Certificate transparency information is available in the Security panel. Site isolation features now appear in the Performance panel. Check out the Google developer blog for a full list of updates. Chrome 67 can be updated by either using the browser’s built-in updater or downloading it directly from google.com/chrome. Firefox 60 arrives with exciting updates for web developers: Quantum CSS engine, new Web APIs and more Top 5 Google I/O 2018 conference Day 1 Highlights: Android P, Android Things, ARCore, ML kit and Lighthouse What can Google Duplex do for businesses?

On day 1 of AWS re:Invent 2018, the team at Amazon released AWS Amplify Console, a continuous deployment and hosting service for mobile web applications. The AWS Amplify Console helps in avoiding downtime during application deployment and simplifies the deployment of the application’s front end and backend. Features of AWS Amplify Console Simplified continuous workflows By connecting AWS Amplify Console to the code repository, the frontend and backend are deployed in a single workflow on every code commit. This lets the web application to get updated only after the deployment is successfully completed by eliminating inconsistencies between the application’s frontend and backend. Easy Access AWS Amplify Console makes the building, deploying, and hosting of mobile web applications easier. It also lets users access the features faster. Easy custom domain setup One can set up custom domains managed in Amazon Route 53 with a single click and also get a free HTTPS certificate. If one manages the domain in Amazon Route 53, the Amplify Console automatically connects the root, subdomains and branch subdomains. Globally available The apps are served via Amazon's reliable content delivery network with 144 points of presence globally. Atomic deployments In AWS Amplify Console, the atomic deployments eliminate the maintenance windows and the scenarios where files fail to upload properly. Password protection The Amplify Console comes with a password to protect the web app and one easily work on new features without making them publicly accessible. Branch deployments With Amplify Console, one can work on new features without impacting the production. Also, the users can create branch deployments linked to each feature branch. Other features   The Amplify Console automatically detects the front end build settings along with any backend functionality provisioned with the Amplify CLI when connected to a code repository. With AWS Amplify Console, users can easily manage the production and staging environments for front-end and backend by connecting new branches. With AWS Amplify Console, one get screenshots of the app, rendered on different mobile devices to highlight layout issues. Users can now set up rewrites and redirects to maintain SEO rankings. Users can build web apps with static and dynamic functionality. One can deploy SSGs (Service Selection Gateway) with free SSL on the AWS Amplify Console. Check out the official announcement to know more about AWS Amplify Console. Day 1 at the Amazon re: Invent conference – AWS RoboMaker, Fully Managed SFTP Service for Amazon S3, and much more! Amazon re:Invent 2018: AWS Snowball Edge comes with a GPU option and more computing power Amazon re:Invent 2018: AWS Key Management Service (KMS) Custom Key Store

Walt, an alternative syntax for WebAssembly text format, was introduced today. It allows developers to use JavaScript syntax to write to as “close to the metal” as possible. Its ultimate goal is to make WebAssembly accessible to regular JavaScript programmers. Written 100% in JavaScript it requires no LLVM/binary toolkits. What Walt tries to solve? Writing zero-overhead, optimized WebAssembly code is difficult. You need to write very plain C code, compile that to .wast and then optimize that result. Then, finally, you're ready to compile that into the final WebAssembly binary. Walt attempts to take C/Rust out of the equation and write “as close to the metal” as possible without losing readability. How it solves the problem? What Walt does is, it provides a thin layer of syntax sugar on top of .wat text format. This improved syntax will give developers direct control over the WebAssembly output. This means that there should be minimal to none post optimization to be done to the wast code generated. For example, here is what a .walt module, which exports a recursive Fibonacci function, looks like: Source: GitHub When this code is passed through the Walt compiler, you get a buffer which can be used to create a WebAssembly module with a fibonacci export. Al this is done with familiar JS syntax and without any external binary toolkits. What are some of its use cases? Anyone who is interested in WebAssembly but is not familiar with system languages can get a quick start with Walt. It can be used in the following scenarios: Web/Node libraries Games Web VR/AR Projects depending on heavy real-time computation from complex UIs to 3D visualizations To know more about Walt and how you can get started with it, check out its GitHub repository. Introducing Wasmjit: A kernel mode WebAssembly runtime for Linux Unity Benchmark report approves WebAssembly load times and performance in popular web browsers Why is everyone going crazy over WebAssembly?