Web Development Reading List #171: Leaks, SHA-1 Collision, And Brotli

About The Author

Anselm is a freelance front-end developer who cares about sustainable front-end experiences and ethical choices in life. He writes the WDRL, and is co-founder … More about Anselm ↬

Email Newsletter

Weekly tips on front-end & UX.
Trusted by 200,000+ folks.

What’s going on in the industry? What new techniques have emerged recently? What insights, tools, tips and tricks is the web design community talking about? Anselm Hannemann is collecting everything that popped up over the last week in his web development reading list so that you don’t miss out on anything. The result is a carefully curated list of articles and resources that are worth taking a closer look at.

Phew, what a week! Due to an HTML-parsing bug, Cloudflare experienced a major data leak, and the first practical collision for SHA-1 was revealed as well. We should take these events as an occasion to reconsider if a centralized front-end load balancer that modifies your traffic is a good idea after all. And it’s definitely time to upgrade your TLS-certificate if you still serve SHA-1, too. Here’s what else happened this week.



Tools & Workflows

  • Joseph Zimmerman introduces us to Webpack. What I really like about this article is that it’s not another article sharing pre-built sets of configurations but that it explains every detail step-by-step.
  • Oh shit, git! Don’t be afraid of git anymore thanks to this emergency guide that helps you solve the most common problems with the versioning system.
Oh shit, git!
Something went wrong in Git, but you don’t know how to get yourself out of the mess? “Oh shit, git!” has got your back.


  • Mitigating Cross-Site Request Forgery attacks has never been easy. Luckily, it seems that we now got a proper solution for it: Same-Site Cookies. The only thing you need to do to make it work is adding SameSite to your existing Set-Cookie header. Of course, you should know how same-site cookies differ from “normal” cookies, but for most sites this should be easy to implement.
  • A joint-venture of five journalists researched how the private security industry works and what price we as citizens pay for our security.


  • It’s not your computer that is the most vulnerable device, it’s your smartphone. In fact, for a small amount of money, everyone can easily buy spyware that works on most Android phones. For iOS, things look a bit better unless the device is jailbroken. But this doesn’t necessarily mean that spyware doesn’t exist for that system as well.

Web Performance

Brotli support
With support for Chrome, Firefox, Opera and the Android browser, Brotli does a better job at compressing resources than its predecessor Gzip.


Going Beyond…

  • A team at the MIT Media Lab invented a device that captures air pollution and turns the pollution into safe, high-quality ink for art.
  • The Institute For Energy Efficiency’s computing solutions group has a couple of interesting projects and data to share. For example, they try to figure out solutions to selectively shut down unnecessary components while retaining access to critical data. This is only one of their ambitious projects and shows how much potential there is when it comes to improving energy efficiency in our networks.
Turn something ugly into something beautiful: A team at the MIT Media Lab developed artist’s ink made from air pollution. (Image credit)

And with that, I’ll close for this week. If you like what I write each week, please support me with a donation or share this resource with other people. You can learn more about the costs of the project here. It’s available via email, RSS and online.

— Anselm

Further Reading

Smashing Editorial (mrn)