Web Development Reading List #146: Peermaps, Passive Event Listener Note, And A Shift Of Focus

About The Author

Anselm is a freelance front-end developer who cares about sustainable front-end experiences and ethical choices in life. He writes the WDRL, and is co-founder … More about Anselm ↬

So, what do we have this week? Well, it’s quite a lot actually. For example, there’s now a deal that might make Opera’s browser a Chinese business, leaving all privacy and security efforts that have recently been made in the browser uncertain. If you want to dive into learning ECMAScript 6, Wes Bos has published a huge series of ES6 screencasts this week that are absolutely worth the money. Besides, there are a few other recommendations for you to read this week. Let’s get started.

So, what do we have this week? Well, it’s quite a lot actually. For example, there’s now a deal that might make Opera’s browser a Chinese business, leaving all privacy and security efforts that have recently been made in the browser uncertain. If you want to dive into learning ECMAScript 6, Wes Bos has published a huge series of ES6 screencasts this week that are absolutely worth the money. Besides, there are a few other recommendations for you to read this week. Let’s get started.

Further Reading on SmashingMag:

News

  • The new “technology preview” version of Safari now supports Google’s WebP format. Note that it’s currently a beta test version, and the final support is unknown — however, it could be interesting since it would mean native support of the file-format for Mac OS as well, making it the first large OS supporting WebP.
  • httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. This means it’s a critical vulnerability test for your php-fpm, mod_php, Python and Go CGI handlers that you should check and fix security issues immediately. Note that only serving HTTPS doesn’t help here; to mitigate the attack, you need to block proxy request headers as early as possible, and definitely before they hit your application.

Tools & Workflows

  • Peermaps provides a decentralized, cooperative alternative to commercial map providers like Google Maps. Instead of fetching data from a centralized service, fetch map data from your peers using webtorrent.
  • With ZeroNet is another decentralized hosting technology, currently in development. The Bitcoin-crypto and BitTorrent-driven technology is an alternative approach to the decentralized idea of IPFS.

Security

  • Firefox 48, out August 2, 2016, will block known plugin fingerprinting services thanks to a new blocklist that Mozilla developed to improve user privacy. For example, Flash files that are known for fingerprinting (or “super cookies”) are automatically blocked. In other news, Mozilla also announced that they will implement Tor’s privacy settings in Firefox, starting in Firefox 50 with the first features such as plugin information leaks and other techniques known to track down user behavior.
  • It seems like most people are unaware of how big of an attack vector browser extensions have become. They’re still a quite unregulated territory, and although there are inherent limits to what they can do, there is little to no protection against extension malware — your antivirus can’t help you here.
  • A new require-sri-for directive in Content Security Policy gives developers the ability to assert to the browser that every resource of a given type ought to be checked for integrity. If a resource of that type is loaded without integrity metadata, it will be rejected without triggering a network request.
Getting hacked by a Chrome extension is easier than you think. (Image source)

Privacy

  • Is Google’s Project Fi nothing more than an attempt to collect even more data from users? The main goal behind getting into Wi-Fi and cellular network services business seems to be a great addition to collecting data about users’ online behavior and it attracts people by its very low pricing.
  • Google adjusted their privacy settings once again. I’ll leave you with these useful links where you can adjust your privacy settings for Maps, All Account Activity, more activity controls, and finally Google Payment privacy settings which have opt-in for data sharing and analysis for advertising on by default. Note that Chrome has its own settings in the app as well. So far, privacy…

JavaScript

Work & Life

  • Andy Budd analyzes the problem of the always recurring question on “Why can’t designers solve more meaningful problems?”. An essay on how to find the right work for yourself, and why it’s sometimes challenging to acknowledge that their vision differs from the type of job they want to work in. Andy concludes that we need to create an alternative success narrative to what we have now.

Going Beyond…

  • The NASA has just published the first 2016 climate trend according to which we’re continuing to break all records with an average temperature 1.3 degrees Celsius (2.4 degrees Fahrenheit) warmer than the late nineteenth century.
  • Katie Rogers asked experts what happens to our human brain when there’s a constant cycle of violent news. While it of course depends on the individual person, a higher frequency of such news increases fear and the sense of vulnerability and powerlessness. And I’m not saying you shouldn’t follow the news anymore but maybe limiting access to it for yourself is a good idea, as is filtering it on social media (use mute keywords or similar) so you don’t get flooded about violent, horrible news all the time. It’s enough to check it once per day or so and it’s unhealthy if you’re surrounded by anxiety everywhere, all the time.

And with that, I’ll close for this week. If you like what I write each week, please support me with a donation or share this resource with other people. You can learn more about the costs of the project here. It’s available via email, RSS and online.

— Anselm