Tech News - Front-End Web Development

Uber has revamped their monolithic framework design with a brand new Fusion.js web framework. This plugin-based open source web framework makes it easy to develop lightweight and high-performing apps. Fusion.js is a JavaScript framework that comes with modern features like hot module reloading, data-aware server-side rendering, and bundle splitting support. It also supports popular libraries like React and Redux. Why was Fusion.js required? Uber has been in the app-development business for quite some time now. With the quickly changing web technologies, they wanted to build a high quality framework with modern features which also kept up with the dynamic nature of their web platform. Specifically, they wanted their new framework to address the following pain points: Complex configuration and required boilerplate of multiple tools needed for server-side rendering, code splitting, and hot module reloading Lack of good abstractions for implementing and sharing features that involve different aspects of server-rendered React applications Tight coupling of code located in different places Testing difficulties arising from side effects and singletons Lack of flexibility of a monolithic framework Fusion.js addresses all of these problems. What are the benefits of using Fusion.js? On top of the benefits of a pre-configured, optimized boilerplate, Fusion.js also provides a flexible plugin-based architecture which makes it appropriate for building single-page applications and web apps that depend on complex service layers to meet quality requirements. Fusion.js applications allow apps to have a single entry point file and it’s possible to reuse code on both the server and browser. The single entry point architecture allows plugin developers to co-locate snippets of code based on the library the code pertains to. Plugins use dependency injection so they can expose well-defined APIs as services to other plugins, and a plugin’s dependencies can easily be mocked during tests. For middleware management, Uber uses Koa, which provides a unit-test friendly context-based API. It has a lightweight abstraction for request lifetime management based on the concept of downstreams and upstreams. Fusion.js provides testing tools for developers to test plugins in addition to supporting modern testing tools such as Jest, Enzyme, and Puppeter. The fusion-test-utils package allows mocking the server itself, making it possible to quickly run integration tests between plugins and mocks. For now, over 60 repositories of Uber are using Fusion.js since its internal release. Next in the roadmap are the addition of more performance optimizations, test-oriented tooling, and better flow support. You can checkout the documentation and Github for further information. Masonite 2.0 released, a Python web development framework Is web development dying? Meet Sapper, a military grade PWA framework inspired by Next.js

Yesterday, the team at Redox released Redox OS 0.5.0, a Unix like operating system written in Rust. The team has added important programs and libraries to this release. What’s new in Redox OS 0.50? Cairo This release comes with Cairo, a 2D graphics library that supports multiple output devices. It produces consistent output on all output media and takes advantage of display hardware acceleration when available. It is implemented as a library which is written in the C programming language, while the bindings are available for various programming languages. relibc Redox OS 0.50 features relibc, a portable POSIX C standard library which is written in Rust and supports Redox and Linux. It reduces the issues with newlib and further creates a safer alternative to a C standard library. It has been designed to be used under redox, as an alternative to newlib. Event system The event system has been redesigned for providing support for select and poll. This release comes with new packages added to the Cookbook as well as for memory mapping support implemented in it. Standard images This release comes with new images based on new bootloaders for coreboot and EFI. The team has worked towards providing libraries for EFI Rust development and for developing coreboot payloads in Rust. LLVM This release also features the LLVM Project which is a collection of modular and reusable compiler and toolchain technologies. The LLVM Core libraries come with a target-independent optimizer and a code generation support for popular CPUs.          GLib This version of Redox OS comes with GLib which is the low-level core library that forms the basis for projects such as GTK+ and GNOME.                   Pixman Redox OS 0.50 comes with Pixman that is a low-level software library for pixel manipulation that features image compositing and trapezoid rasterization. Orbital widget toolkit This release comes with Orbital Widget Toolkit which is a multi-platform GUI toolkit for building user interfaces with Rust. This toolkit is based on the entity component system pattern which provides a functional-reactive API. It provides fast performance and ease over cross-platform development. Few users are happy and excited about this release and are appreciating the Redox team. A user commented on HackerNews, “Congrats on getting another release out the door! I was beginning to fear that momentum was stalling in lieu of PopOS. Keep up the great work!” The developer of Redox OS shared that there are still security concerns in the kernel with regards to memory management. He commented, “There are a couple known security issues in the kernel regarding memory management. One is that memory is granted in pages, so buffers passed to a scheme are over-mapped for the process handling it. You have to be root to handle a scheme, so it was not a high severity issue.” He further added that there are concerns with the grants which can be dropped by owning process and highlighted that more kernel work is needed. He commented, “Another is that grants can be dropped by the owning process while in use by another process. This can lead to the re-allocation of said grants in the owning process, making memory accessible to the other users of the grant. More kernel work is needed to prevent schemes from leaking data in this manner.” To know more about this news in detail, check out Redox’s official announcement. Fedora 31 will now come with Mono 5 to offer open-source .NET support LLVM 8.0.0 releases! JUnit 5.4 released with an aggregate artifact for reducing your Maven and Gradle files  

Yesterday, Mozilla announced the release of Firefox 68, which brings new updates like support for BigInts, Contrast Checks, dark mode in reader view, and a reimplemented URL bar. They have also added Enhanced Tracking Protection which blocks known “third-party tracking cookies” by default. Improved extension security and discovery Firefox 68 comes with a new reporting feature in ‘about:addons’ using which you can report any security and performance issues with extensions and themes. The team has also redesigned the extensions dashboard in ‘about:addons’ where you can find all the information about your extensions including data and settings access required by each extension. You can get high quality, secure extensions from Mozilla’s Recommended Extensions program present in ‘about:addons’. These recommended extensions are indicated by special badging on addons.mozilla.org (AMO): Source: Mozilla Additionally, to provide users improved protection from threats and annoyances on the web, Firefox 68 comes with cryptomining and fingerprinting protections added to strict content blocking settings in Privacy & Security preferences. Read also: Mozilla adds protection against fingerprinting and Cryptomining scripts in Firefox Nightly and Beta Support for JavaScript BigInt Firefox 68 comes with support for JavaScript’s new BigInt numeric type, which is currently in stage 3 of the ECMAScript specification. Previously, JavaScript only had the Number numeric type. As JavaScript considers numbers as floating-point, they can represent both integers and decimal fractions. Source: Mozilla However, the limitation is that 64-bits floats fail to reliably represent integers larger than 2 ** 53. To make working with large number easier, a new primitive is introduced, BigInt. It provides a way to represent whole numbers larger than 2 ** 53. Updates in DevTools In addition to enhancing the already smart debugging tools, Firefox 68 brings more improvements in DevTools: Accessibility checks in DevTools: This release ships with a new capability for DevTools that check for basic accessibility issues in your web pages. The Accessibility Inspector now comes with a new ‘Check’ that currently reports any color contrast issue with text on a page. The Firefox team plans to add a number of audit tools to highlight accessibility problems on your website in future releases. A way to emulate print media from DevTools: A button is added to the Page inspector using which you can enable “print media emulation”. This makes it easy to see what elements of a page will be visible when printed. Improved CSS warnings: The Web console will show you more information about CSS warnings and include a link to related nodes. A Web console filter: You can now filter content in the Web console using a valid regular expression. Here’s a video showing how this works: https://youtu.be/E6bGOe2fvW0 Web compatibility This release fixes a few web compatibility issues to ensure that every user will be able to access a website regardless of their choice of device or browser: Internet Explorer’s legacy rules property and addRule() and removeRule() CSS methods are added to the CSSStyleSheet interface. Safari’s ‘-webkit-line-clamp’ CSS property is also added. Support for CSS scroll snapping Firefox 68 comes with support for CSS scroll snapping that gives you a standardized way to control the behavior of scrolling inside a container. It works in a very similar fashion to how native apps work on phones and tablets. Now that this update has landed in Firefox, developers will have the same version of the specification as Chrome and Safari. Developers who have used the old Firefox implementation of the Scroll Snap specification are required to update their code, otherwise scroll snapping will no longer work in Firefox 68 and up. The reimplemented URL bar, QuantumBar Firefox’s URL bar, which is also known as the AwesomeBar, has been completely reimplemented using HTML, CSS, and JavaScript web technologies. This overhauled version is named ”QuantumBar”. Though not much will change appearance-wise, its updated architecture behind the scenes will make it easier to maintain and extend in the future. Access to cameras and other media devices now require HTTPS Starting from Firefox 68, camera and microphone will require an HTTPS connection to work. The getUserMedia method will throw NotAllowedError if you try to access the media devices from an insecure HTTP connection, similar to how Chrome works. Many developers are happy with this update. A user on Hacker News commented, “It's fantastic that it works with localhost (and I assume 127.0.0.1?), and it's fantastic that it doesn't work with anything else. This is the best middle ground.” However, some are also worried considering that this will affect the current working of their apps or websites. “This sucks, my community[1] has a local offline-first video/audio call app that we run on a physical mesh network. This will make it impossible for people to talk to each other, without first needing to be connected online to some certificate authority, or without some extraordinarily difficult pre-installation process, which is often not even possible on a phone. HTTPS was important, but now it's being used to shoehorn dependency on a centralized online-only authority. Perfectly ripe to censor anyone.”, wrote a Hacker News user To know more in detail, check out the official announcement by Mozilla. Mozilla launches Firefox Preview, an early version of a GeckoView-based Firefox for Android Firefox 67 enables AV1 video decoder ‘dav1d’, by default on all desktop platforms Mozilla makes Firefox 67 “faster than ever” by deprioritizing least commonly used features

VueConf Toronto 2018 commenced on November 14th. This a three-day event starting from November 14 to 16. One of the speakers at the event was Evan You, the creator of Vue.js who shared what to expect from the yet to be released Vue 3.0. https://twitter.com/Ionicframework/status/1063244741343629313 Following are some of the updates that were announced at the conference: Faster and maintainable code architecture Vue 3.0 is re-written from the ground up to make its architecture cleaner and more maintainable. To provide better speed some internal functionalities are broken into individual packages in order to isolate the scope of complexity. We can expect 100% faster mounting and patching with this release. Improved slots mechanism Now all compiler-generated slots are functions and invoked during the child component’s render call. The dependencies in slots are collected as dependencies of the child instead of the parent. When slot content changes, only the child is re-rendered. And if the parent re-renders, the child does not have to if its slot content did not change. This change prevents useless re-renders by offering even more precise change detection at the component tree level. Proxy-based observation mechanism Vue 3.0 will come with a Proxy-based observer implementation that provides reactivity tracking with full language coverage. This will eliminate a number of limitations in the current implementation of Vue 2, which is based on Object.defineProperty: Detection of property addition / deletion Detection of Array index mutation / .length mutation Support for Map, Set, WeakMap and WeakSet Tree-shaking friendly The new codebase is tree-shaking friendly. Features such as built-in components and directive runtime helpers can be imported on-demand and tree-shakable. Tree-shakable features also allow the Vue developers to offer more built-in features in future without incurring payload penalties for users that don’t use them. Easily render-to-native with the Custom Renderer API Developers will be able to create custom renderers with the Custom Renderer API. They no longer need to fork the Vue codebase with custom modifications. This will allow easily keeping the render-to-native projects like Weex and NativeScript Vue to stay up-to-date with upstream changes. This API will also make it trivially easy to create custom renderers for various other purposes. In addition to these improvements, it will come with an experimental Hooks API, better warning traces, experimental time slicing support, supports IE11 and improved TypeScript with TSX. Read more about Vue 3.0 updates from the presentation shared by Evan You. Vue.js 3.0 is ditching JavaScript for TypeScript. What else is new? Vue CLI 3.0 is here as the standard build toolchain behind Vue applications React vs. Vue: JavaScript framework wars

Uber’s design and engineering team has introduced a universal system called Base Web design system, which was open sourced in 2018. Base Web is a suite of React components implementing the “base” design language quickly and easily creating web applications. At Uber, developers, product managers, operations teams, and other employees have to interact with different web applications on a daily basis. As all of these web applications function differently, it puts an additional overhead of learning how to interact with them most effectively. To reduce this time and effort, Uber wanted an universal system, which will act as “a foundation, a basis for initiating, evolving, and unifying web products”. Having a universal design system helps teams of engineers, designers, and product managers to easily work together. It also helps new engineers and designers to quickly get an hang of the possible components and design tokens used by a given engineering organization. One of the key reasons for introducing Base Web was to make it easy for developers to reuse components. Uber’s design and engineering team after talking to its engineers determined that they mainly needed access to: Style customizations The ability to modify the rendering of a component So, they introduced a unified overrides API, which comes with the following benefits: Eliminates top-level properties API overload There is no longer extra properties proxying inconsistently across the composable components Allows you to completely replace the components. Uber is now using Base Web across teams to create its web applications. “Open sourced in 2018 to enable others to experience the benefits of this solution, Base Web is now used across Uber, ensuring a seamless development experience across our web applications,” reads the announcement. To read the official announcement, visit Uber’s official website. Uber open-sources Peloton, a unified Resource Scheduler Introducing ‘Quarkus’, a Kubernetes native Java framework for GraalVM & OpenJDK HotSpot Uber and Lyft drivers strike in Los Angeles  

Google Chrome will soon support something called LazyLoad, a feature that allows browsers to delay the loading of out-of-view images and iframes until the user scrolls near them, shared Scott Little, a Chromium developer yesterday. Why LazyLoad is introduced? Very often, web pages have images and other embedded content like ads placed below the fold and users don’t always end up scrolling all the way down. LazyLoad tries to take the advantage of this behavior to optimize the web browser by loading the important content much faster and hence reducing the network data and memory usage. LazyLoad waits to load images and iframes that are out of view until the user scrolls near them. It is up to the browser to decide exactly how “near”, but it should typically start loading the out-of-view content some distance before the content comes in view. Currently, there are few JavaScript libraries that can be used for lazy loading images or other kinds of content. But, natively supporting such feature in the browser itself will make it easier for websites to take advantage of lazy loading. Additionally, with this feature browsers will be able to automatically find and load content that are suitable for lazy loading. The LazyLoad solution will be supported on all platforms. Web pages just need to use loading="lazy" on the img and iframe elements. For Android Chrome users who have Data Saver turned on, elements with loading="auto" or unset will also be lazily loaded if Chrome finds them to be good candidates for lazy loading based on heuristics. If you set loading="eager" on the image or iframe element they will not be lazily loaded. To read more in detail about LazyLoad, check out its GitHub repository. Google’s Cloud Healthcare API is now available in beta Ian Goodfellow quits Google and joins Apple as a director of machine learning Google dissolves its Advanced Technology External Advisory Council in a week after repeat criticism on selection of members  

At the Chrome Web Summit 2018, Dan Dascalescu, Partner Developer Advocate at Google provided a high-level overview of ChromeOS and discussed Chrome’s core and new features available to web developers. Topics included best practices for web development, including Progressive Web Apps, and optimizing input and touch for tablets while having desktop users in mind. He specified that Chromebooks are convergence machines that run Linux, Android, and Google Play natively without emulation. He explained why ChromeOS can be a good choice for web developers. It not only powers devices from sticks to tablets to desktops, but it can also run web, Android, and now Linux applications. ChromeOS brings together your own development workflow with a variety of form factors from mobiles, tablets, desktop, and browsers on Android and Linux. Run Linux apps on ChromeOS with Crostini Stephen Barber, an engineer on ChromeOS described Chrome’s container architecture which is based on Chrome’s principle of safety, security, and reliability.  By using lightweight containers and hardware virtualization support, Android and Linux code run natively in ChromeOS. Developers can run Linux apps on ChromeOS through Project Crostini. Crostini is based on Debian stable and uses both virtualization and containers to provide security in depth. For now, they are starting out targeting web developers by providing integration features like port forwarding to localhost as a secure origin. They also provide a penguin.linux.test DNS alias, to treat a container like a separate system. For supporting more developer workflows than just web, they are soon providing USB, GPU, audio, FUSE, and file sharing support in upcoming releases. Dan also shared how Crostini is actually used for developing web apps. He demonstrated how you can easily install Linux on your Chromebook. Although Crostini is still in development, most things work as expected. Developers can run IDEs, databases like MongoDB, or MySQL. Anything can be installed with an -apt. It also has a terminal. Dan also mentioned Carlo, which is a Google project that is essentially a helpful node app framework. It provides applications with Chrome rendering capabilities. It uses a locally detected instance of chrome and it connects to your process pipe and then exposes the high-level API to render in Chrome from your NodeScript. If you don’t need low-level features, you can make your app as a PWA which works without a LaunchBar once installed in ChromeOS. Windows Chrome desktop PWA support will be available from Chrome 70+ and Mac from Chrome 72+. Dan also conducted a demo on how to run a PWA. These were the steps: Set up Crostini Install the development environment (node, npm, VSCode) Checkout a PWA (Squoosh) from GitHub Open in VSCode Run the web server Open PWA from Linux and Android browsers He also provided guidance on optimizing forms, handling touch interactions, pointer events, and how to set up remote debugging. What does the future look like for ChromeOS? Chrome team is on improving the desktop PWA support. This includes support for keyboard shortcuts, badging for the launch icon, and link capturing. They are also working on low-latency canvas contexts which are introduced in Chrome 71 Beta. This context uses OpenGLES for rastering, writes directly to the Front Buffer, which bypasses several steps of the rendering process but risks tearing. It is used mainly for high-level interactive apps. View the full talk on YouTube. Day 1 of Chrome Dev Summit 2018: new announcements and Google’s initiative to close the gap between web and native. Meet Carlo, a web rendering surface for Node applications by the Google Chrome team. Google Chrome 70 now supports WebAssembly threads to build multi-threaded web applications.

After facing a device fingerprinting bug and security breach, Stack Overflow was again in the news on Thursday. This time it was about its homepage that showcased its new proprietary products while hiding away the primary feature it is widely known for: open, public Q&A. How the updated Stack Overflow homepage looked like? The updated homepage showed the various products Stack Overflow provides. However, it did not show any straightforward way to reach the Q&A site. Here is how the updated UI looked like: Source: Stack Overflow A Stack Overflow user wrote, how he felt when he first saw this homepage: Private Q&A. Oh, this one of those exclusive sites, maybe a forum, where you get to discuss stuff in private, probably need to pay for it, it says coworker, flagship, those are pricey words. Jobs? Oh, this must be like LinkedIn. Probably only professionals and such that only elevate themselves and talk boring stuff. You probably need to pay for exposing your account or something, as you need to on those other job sites to stand a chance. Create an account? And next they'll ask for my credit card, right? No thanks, I'll move on to TechNet or wherever. Other regular users also found this abrupt change frustrating and confusing. A Stack Overflow user compared the updated homepage to that of Facebook and LinkedIn where you require to have an account to post things. He wrote, "Today before I logged in I saw the new home page, and it immediately felt the same to me as going to Facebook or LinkedIn before you have an account. There's a big wall of gibberish that essentially says, "You can't do anything here until you start handing over information about yourself.” It is understandable that Stack Overflow is looking for new avenues for revenues. In 11 years of its existence, it has become much more than a Q&A site with voting and editing functionalities. It provides Stack Overflow for Teams, a private place for your team members to exchange questions and answers about your proprietary software. Another one is, Stack Overflow Talent that helps employers post job listings and discover talents around the globe for their organizations. Stack Overflow for Enterprise provides a platform for building a standalone Q&A community. Despite these new incredible offerings, for most people the Q&A site is what Stack Overflow is, rest all is just an addition to the main product. Hiding the actual feature for which developers visit the site behind a hamburger, while giving the actual screen space to proprietary products is what has turned off many developers. How Stack Overflow responded? After facing backlash, Stack Overflow responded with a workaround for the moment and is currently reviewing the feedback it is getting from the users. Stack Overflow said, “Overall changes in design will not be made at this moment (we are still collecting the feedback you are all posting - thanks for that). And we are carefully reviewing it and will make them later if it's necessary, however, we do want to make it easier to get to the open Q&A as fast as possible, and that means not changing the design right now.” To make it somewhat easier for the users to reach the Q&A section, it has hyperlinked the "open community" in the description. Also, the blue button which was earlier called “Create an account” now goes directly to the Q&A page. Source: Stack Overflow Developers also suggested what Stack Overflow can do to fix this problem, while also showcasing its proprietary products. Here's what a user recommended: “If you're really serious about improving it, then I have some recommendations. 1) reduce the size of the hero banner by ~50%. 2) Remove the "for developers, by developers" section and have the "Developers" button at the top go straight to stackoverflow.com/questions. 3) Remove the section on SO for Teams pricing -- that belongs as a click-through page via the "Private Q&A" link on the "For business by developers" section. On that subject, "Private Q&A" should say "Teams (Private Q&A)". 4) Remove redundant .talent-slope div and .py64 div below it.” Providing teams and enterprises a private area to discuss their coding problems is an incredible idea and there is no wrong in advertising these products to people who love using Stack Overflow. However, it does feel a little overboard to make it the main centerpiece of the homepage, when Stack Overflow is mainly known for its free Q&A feature. Also, considering the huge user base, the whole outcry could have been avoided by a little consultation from the users. Approx. 250 public network users affected during Stack Overflow’s security attack Do Google Ads secretly track Stack Overflow users?

Yesterday, Google released Chrome 76 beta with number of features which includes blocking Flash by default, a dark mode, and making it harder for sites to detect when you’re using Incognito Mode to get around paywalls. https://twitter.com/GoogleChromeDev/status/1139246837024509952 Blocks Flash by default The Chrome 76 beta by default blocks Flash in the browser. Users still have the option to switch back to the current “Ask first” option in [chrome://settings/content/flash]. Per this option, explicit permission is required for each site after every browser restart. Changes to Payments API Chrome 76 has released a fix in the FilesystemsAPI to address how websites are able to detect if you’re using Incognito to get around a paywall. FileSystem API is updated so that “detect private mode” scripts can no longer take advantage of that indicator. Chrome 76 Beta now also makes it easier to use the payments APIs for self-signed certificates on the local development environment. https://twitter.com/paul_irish/status/1138471166115368960   Additionally, PaymentRequestEvent has a new method called changePaymentMethod() and the PaymentRequest object now supports an event handler called paymentmethodchange. You can use both to notify a merchant when the user changes payment instruments. The former returns a promise that resolves with a new PaymentRequest instance. Improvements for Progressive Web Apps Chrome 76 Beta makes it easier for users to install Progressive Web Apps on the desktop by adding an install button to the omnibox. On mobile, developers can now replace Chrome’s Add to Home Screen mini-infobar with their own prompt. PWAs will also check for updates more frequently starting with Chrome 76 - checking every day, instead of every three days. New Dark mode Chrome 76 Beta also adds the Dark Mode. Websites can now automatically enable dark modes and respect user preference by adding a little bit of extra code in the prefers-color-scheme media query. Other improvements Browsers prevent calls to abusable APIs (like popup, fullscreen, vibrate, etc.) unless the user activates the page through direct interactions. However, not all interactions trigger user activation. Going forward, the escape key is no longer treated as a user activation. Chrome 76 beta introduces a new HTTP request header that sends additional metadata about a request's provenance to the server to allow it to make security decisions. Lazyload feature policy has been removed. This policy was intended to allow developers to selectively control the lazyload attribute on the iframe and img tags to provide more control over loading delay for embedded content and images on a per origin basis. The stable release of Chrome 76 is tentatively scheduled for July 30th. You can read about additional changes on Google’s Chromium blog post. Is it time to ditch Chrome? Ad blocking extensions will now only be for enterprise users. Google Chrome will soon support LazyLoad, a solution to lazily load below-the-fold images and iframes. Mozilla puts “people’s privacy first” in its browser with updates to Enhanced Tracking Protection, Firefox Lockwise and Monitor

The 6th Chrome Dev Summit 2018 is being hosted on the 12th and 13th of this month in San Francisco. Yesterday, Day 1 of the summit was opened by Ben Galbraith, the director of Chrome, to talk about “the web platform’s latest advancements and the evolving landscape.” Leading web developers described their modern web experiences as well. Major Chrome Dev Summit 2018 announcements included web.dev, a new developer resource website, and a demonstration of VisBug, a browser-based visual development tool. The summit also included a demo of a new web tool called Squoosh that can downsize, compress, and reformat images. The Chrome Dev Summit 2018 also highlighted some of the browser APIs currently in development, including Web Share Target, Wake Lock, WebHID and more. It also featured a Writable File API currently under development, which would allow web apps to edit local files. New web-based tools and resources web.dev The web.dev resource website provides an aggregation of information for modern Web APIs. It helps users monitor their sites over time to ensure that they can keep their site fast, resilient and accessible. web.dev is created in partnership with Glitch, and has a deep integration with Google’s Lighthouse tool. VisBug Another developer tool VisBug helps developers easily edit a web page using a simple point-and-click and drag and drop interface. This is an improvement over Firebug, Google’s previous tool, which used the website’s source code. VisBug is currently available as a Chrome extension that can be installed from the main Chrome Web Store. Squoosh The Squoosh tool allows you to encode images using best-in-class codecs like MozJPEG, WebP, and OptiPNG. It works cross-browser and offline, and ALL codecs supported even in a browser with no native support using WASM. The app is able to do 1:1 visual comparison of the original image and its compressed counterpart, to help users understand the pros and cons of each format. Closing the gap between web and native Google is also taking initiatives to close the gap between the web and native and make it easy for developers to build great experiences on the open web. Regarding this, Chrome will work with other browser vendors to ensure interoperability and get early developer feedback. Proposals will be submitted to the W3C Web Incubator Community Group for feedback. According to Google, this open development process will be “no different than how we develop every other web platform feature.” The first initiative in this aspect is the writable files API. The Writable Files API Currently, under development, the writable files API is designed to increase the interoperability of web applications with native applications. Users can choose files or directories that a web app can interact with on the native file system. They don’t have to use a native wrapper like Electron to ship their web app. With the Writable Files API, users can create a simple, single file editor that opens a file, allows the user to edit it, and save the changes back to the same file. People were surprised that it was Google who jumped on this process rather than Mozilla which has already implemented version of a lot of these APIs. A hacker news user said, “I guess maybe not having that skin in the game anymore prevented those APIs from becoming standardized? But these are also very useful for desktop applications. Anyways, this is a great initiative, it's about time a real effort was made to close that gap.” Here’s a video playlist of all the Chrome Dev Summit sessions so far. Tune into Google’s livestream to follow the rest of the sessions of the day and watch this space for more exciting announcements. Meet Carlo, a web rendering surface for Node applications by the Google Chrome team. Google Chrome 70 now supports WebAssembly threads to build multi-threaded web applications. #GoogleWalkout demanded a ‘truly equitable culture for everyone’; Pichai shares a “comprehensive” plan for employees to safely report sexual harassment

Yesterday, Mozilla announced the first preview of a redesigned version of Firefox for Android, called Firefox Preview. It is powered by the GeckoView rendering engine and will eventually replace the current Firefox app for Android. Why Mozilla is introducing a new Firefox for Android Back in 2016, Mozilla introduced Firefox Focus, a privacy-focused mobile browser for Android and iOS users. It was initially launched as a tracker-blocking application and then was developed into a minimalistic browser app. The team has been putting their efforts into improving the Firefox Focus app. However, the demand for a full-fledged private and secure mobile browsing experience has increased in recent years. The team realized this could be best addressed by launching a new browser app that is similar to Focus, but provides all the "ease and amenities of a full-featured mobile browser." Sharing the idea behind the new browser, Firefox Mobile Team said, "With Firefox Preview, we’re combining the best of what our lightweight Focus application and our current mobile browsers have to offer to create a best in class mobile experience." What features does Firefox Preview come with Unlike some of the major browsers that use the Blink rendering engine, Firefox Preview is backed by GeckoView. This gives Firefox and its users the independence of making decisions for what they want in the browser instead of enforcing whatever Google decides. GeckoView also accounts for “greater flexibility in terms of the types of privacy and security features" Mozilla can offer its mobile users.” Following are some of the features Firefox Preview offers: Up to two times faster: It is up to two times faster as compared to the previous versions of Firefox for Android. Minimalistic design: It comes with a minimalist start screen and bottom navigation bar to enable you get things done faster on the go. Includes Collections, a new take on bookmarks: Its Collections feature allows you to save, organize, and share collections of sites. Tracking Protection on by default: It comes with Tracking Protection on by default giving you freedom from advertising trackers and other bad actors. As a side effect, this also gives a faster browsing experience. This is an early version of the experimental browser for Android users based on GeckoView, which means there are many features like support for ad blocking extensions, Reader Mode is not yet available. You can try it out and provide feedback for improvements to the team via email or on Github. Check out the official announcement by Mozilla to know more. Mozilla introduces Track THIS, a new tool that will create fake browsing history and fool advertisers Mozilla releases Firefox 67.0.3 and Firefox ESR 60.7.1 to fix a zero-day vulnerability, being abused in the wild Mozilla to bring a premium subscription service to Firefox with features like VPN and cloud storage

Yesterday, the Phoenix web framework announced the release of its latest version, Phoenix 1.4. This release includes new features such as an HTTP2 support, improved development experience with faster compile times, new error pages, and local SSL certificate generation. The community also shipped a new and improved Presence javascript API. Features in the Phoenix 1.4.0 phx_new archive via hex The mix phx.new archive can now be installed via hex, for a simpler, versioned installation experience. The existing Phoenix applications will continue to work on Elixir 1.4. However, the new phx.new archive requires Elixir 1.5+. Support HTTP2 by making a small change Thanks to the release of Cowboy 2, Phoenix 1.4 supports HTTP2 with a single line change to mix.exs. One needs to simply add {:plug_cowboy, "~> 2.0"} to their deps and Phoenix will run with the Cowboy 2 adapter. New phx.gen.cert to aid local SSL development Most browsers require connections over SSL for HTTP2 requests, failure of which can cause them to fallback to HTTP 1.1 requests. To aid local development over SSL, Phoenix now includes a new phx.gen.cert task which generates a self-signed certificate for HTTPS testing in development. Faster Development Compilation The new release has improved compilation speeds have improved due to the contributions to plug and compile-time changes. New Development 404 Page Phoenix’s 404 page (in development) now lists the available routes for the originating router, for example: A new UserSocket for connection info Access to more underlying transport information when using Phoenix channels has been a highly requested feature. The 1.4 release now provides a connect/3 UserSocket callback, which can provide connection information, such as the peer IP address, host information, and X-Headers of the HTTP request for WebSocket and Long-poll transports. New  ‘Presence JavaScript API’ A new, backward compatible Presence JavaScript API has been introduced to both resolve race conditions as well as simplify the usage. Previously, multiple channel callbacks against "presence_state” and "presence_diff" events were required on the client which dispatched to Presence.syncState and Presence.syncDiff functions. Now, the interface has been unified to a single onSync callback and the presence object tracks its own channel callbacks and state. To know more about Phoenix 1.4.0 visit its official website. Mojolicious 8.0, a web framework for Perl, released with new Promises and Roles Web Framework Behavior Tuning Beating jQuery: Making a Web Framework Worth its Weight in Code  

Update: Added response from Rahul Vohra, CEO of Superhuman. Last week, Mike Davidson, the former VP of design at Twitter and founder of Newsvine, questioned the ethics and responsibility of Superhuman, one of Silicon Valley’s most talked about email app in a blog post. He called the app a “surveillance tool” that embed tracking pixels inside emails sent by its customers.  https://twitter.com/mikeindustries/status/1146092247437340672 Superhuman was founded in 2017 by Rahul Vohra with the aims to reinvent the email experience. It is an invitation-only service, mainly targeted towards business users that costs $30/month. Last month, the startup was able to raise a $33 million investment round that was led by Mr. Andreessen’s firm, Andreessen Horowitz and is now valued at $260 million. https://twitter.com/Superhuman/status/1144380806036516864   “Superhuman teaches its users to surveil by default” The email app bundles many modern features like snoozing, scheduling, undo send, insights from social networks, and more. The feature that Davidson talked about was “Read Receipts”, which is an opt-in common feature we see in many messaging email clients that indicates the read/unread status.  Davidson highlights that Superhuman gives you this read/unread status in a very detailed way. It allows sending and receiving emails embedded with tracking pixels, which is a small and hidden image in an email. When the recipient clicks on the email, the image reports a running log of every single time the recipient has opened the mail, including their location, regardless of the email client the recipient is using. The worst part is that it is on by default and many users do not usually bother to change the default settings. Here’s a log that Davidson shared in his post: Source: Mike Davidson’s blog post What do people think of this feature? Many people felt that sharing the number of times an email was read, geolocation of the recipient, and other information is intrusive and violates user privacy. In his post, Davidson talked about several “bad things” people can do using this technology, that the developers might have not even intended for. Some users agreed to this and pointed out that sharing such personal information can prove to be very dangerous for the recipients.  https://twitter.com/liora_/status/1146122407737876481 Others gave the rationale that many email clients are doing the same thing including Gmail, Apple Mail, and Outlook. Embedding tracking pixels in an email is also very commonly used by email marketing platforms.  https://twitter.com/nickabouzeid/status/1144296483778228224 https://twitter.com/bentruyman/status/1146137938121543680 https://twitter.com/chrisgrayson/status/1146319066493313024   As a response to this, Davidson rightly said, “The main point here is: just because technology is being used unethically by others does not mean you should use it unethically yourself. Harmful pesticides have also been around for years. That doesn’t mean you should use them yourself.” Davidson further explained what making such unethical decisions means for a company in the long run. In the beginning days of a company, there are no set principles for its people to make decisions. It is basically what the founders think is right for the company. At that time,  every decision that you make, whether it is good or bad, makes the foundation of what Davidson calls as “decision genome”. He adds, “With each decision a company makes, its “decision genome” is established and subsequently hardened.” He says the decisions that seem small in the beginning actually become the basis of many other big decisions you will make in the future. This will ultimately affect your company’s ethical trajectory. “The point here is that companies decide early on what sort of companies they will end up being. The company they may want to be is often written in things like “core values” that are displayed in lunch rooms and employee handbooks, but the company they will be is a product of the actual decisions they make — especially the tough decisions,” he adds. Many agreed on the point Davidson makes here, and think that this is not just limited to a single company but in fact, the entire ecosystem. David Heinemeier Hansson, the creator of Ruby on Rails, believes that Silicon Valley especially is in serious need for recalibration. https://twitter.com/dhh/status/1146403794214883328 What can be some possible solutions One workaround can be disabling images in email by default since the tracking pixels are sent as images. However, Superhuman does not even allow that. “Superhuman doesn’t even let its own customers turn images off. So merely by using Superhuman, you are vulnerable to the exact same spying that Superhuman enables you to do to others,” Davidson mentions. The next step for Superhuman, Davidson suggests is to apologize and remove this feature. He further recommends that Superhuman should, in fact, protect its users from emails that have tracking pixels. Another mitigation he suggests is to add a “Sent via Superhuman”  signature so that the receiver is aware that their data will be sent to the sender. https://twitter.com/mikeindustries/status/1144360664275673088 If these do not suffice, Davidson gave a harsh suggestion to publicly post surveilled email on Twitter or other websites: https://twitter.com/mikeindustries/status/1144315861919883264 How Superhuman has responded to this criticism Yesterday, Rahul Vohra, the CEO of Superhuman responded that the company understands the severity of sharing such personal information, especially the state or country level location. He further shared what steps the company is taking to address the concerns raised against the feature. He listed the following changes:  We have stopped logging location information for new email, effective immediately. We are releasing new app versions today that no longer show location information. We are deleting all historical location data from our apps. We are keeping the read status feature, but turning it off by default. Users who want it will have to explicitly turn it on. We are prioritizing building an option to disable remote image loading. Many Twitter users appreciated Vohra’s quick response: https://twitter.com/chadloder/status/1146564393884254209 https://twitter.com/yuvalb/status/1146542900559405056 https://twitter.com/kmendes/status/1146569165211234304 Read Davidson’s post to know more in detail. Google announces the general availability of AMP for email, faces serious backlash from users A security researcher reveals his discovery on 800+ Million leaked Emails available online VFEMail suffers complete data wipe out!

Yesterday Mozilla announced Firefox Send to be publicly available, which initially was a “Test Pilot” experiment. Firefox Send is a free file sharing service that allows users to easily and securely share files with end-to-end encryption from any browser. By the end of this week, a beta version of its Android app will also be available to the users. How does Firefox Send work? Firefox Send is intended to be an alternative to email, where larger file attachments are not supported. Users do have cloud storage options like Google Drive and Dropbox, but these can be time-consuming in cases where we just need to share a single file for a limited amount of time. You can use the service by visiting the Firefox Send website, upload your file, and set an expiration period. Additionally, it also provides users an option to password protect their files before sending. You will then get a link that you can share with a recipient. Check out the following video to know how exactly it works: https://www.youtube.com/watch?v=eRHpEn2eHJA Firefox Send comes with various features and advantages Firefox Send maintains the security of your files by providing end-to-end encryption from the moment a file is sent until it is opened. With Firefox Send, you can share files of size up to 1 GB. If you want to share files of size up to 2.5 GB you need to sign up for a free Firefox account. For the file recipients, it is not compulsory to have a Firefox account to access the shared file. They just need to simply click on the received link and download the file. It puts control in the hands of a user by allowing them to choose when a file link gets expired, the number of times their file can be downloaded, and also allows adding an optional password. These features come in handy when you want to give the recipient only one-time or limited access to your files and hence ensures that your information is not available online indefinitely. To know more about Firefox Send, check out the Mozilla official announcement. Mozilla Firefox will soon support ‘letterboxing’, an anti-fingerprinting technique of the Tor Browser Mozilla engineer shares the implications of rewriting browser internals in Rust Common Voice: Mozilla’s largest voice dataset with approx 1400 hours of voice clips in 18 different languages  

Yesterday, Mozilla announced that it is launching two experiments to understand how they can reduce “permission prompt spam” in Firefox. Last year, it did add a feature in Firefox that allows users to completely block the permission prompts. It is now planning to come up with a new option for those who do not want to take such a drastic step. Permission prompts have become quite common nowadays. It allows websites to get user permission for accessing powerful features when needed. But, often it gets annoying for users when they are shown unsolicited, out-of-context permission prompts, for instance, the ones that ask for permission to send push notifications. Mozilla's telemetry data shows that notifications prompt is the most frequently shown permission prompt, with about 18 million prompts shown on Firefox Beta from Dec 25 2018 to Jan 24 2019. Out of these 18 million prompts, not even 3 percent were accepted by users. And 19 percent of the prompts caused users to immediately leave the site. Such a low acceptance of this feature led to the following two conclusions: One, that there are some websites that show the notification prompt without the intent of using it to enhance the user experience, or fail to express their intent in the prompt clearly. Second, there are websites that show the notification permission prompt for too early, without giving users enough time to decide if they want them. To get a better idea on how and when websites should ask for notification permissions, Mozilla is launching these two experiments: Experiment 1: Requiring user interaction for notification permission prompts in Nightly 68 The first experiment involves requiring a user gesture, like a click or a keystroke to trigger the code that requests permission. From April 1st to 29th, requests for permission to use Notifications will be temporarily denied unless they follow a click or keystroke. In the first two weeks, no user-facing notifications will be shown when the restriction is applied to a website. In the last two weeks of this experiment, an animated icon will be shown in the address bar when this restriction is applied. If the user clicks on the icon, they will be presented with the prompt at that time. Experiment 2: Collecting interaction and environment data around permission prompts from release users Mozilla believes that requiring user interaction is not the perfect solution to the permission spam problem. To come up with a better approach, it wants to get more insights about how Firefox users interact with permission prompts. So, they are planning to launch an experiment in Firefox Release 67 to gather information about the circumstances in which users interact with permission prompts. They will collect information about: Have they been on the site for a long time? Have they rejected a lot of permission prompts before? With this experiment, it aims to collect a set of possible heuristics for future permission prompt restrictions. To know more in detail, visit Mozilla’s official blog. Mozilla launches Firefox Lockbox, a password manager for Android Mozilla’s Firefox Send is now publicly available as an encrypted file sharing service Mozilla Firefox will soon support ‘letterboxing’, an anti-fingerprinting technique of the Tor Browser