Tech News - Front-End Web Development

Google’s decision to hide the special-case subdomains, “www” and “m” in Chrome M69 received a huge backlash from the public last year. Following this backlash, the Chrome team did roll back the change. However, this Wednesday the team announced that they are planning to hide “https” and “www” in Chrome omnibox on desktop and Android in M76. In other news, the team is splitting the HTTP cache to prevent side-channel leakage. Chrome to hide https and www from URLs Citing the reason behind reaching this conclusion, the Chrome team said that it is to improve the “simplicity, usability, and security of UI surfaces.” With this change, the team aims to hide away all the distractions and make URLs easier to read and understand for users. Emily Schechter, Product Manager, Chrome Security at Google, wrote on Chromium Issue tracker, “In Sept 2018, we rolled out a change to hide special-case subdomains “www” and “m”. Per my above message on this thread, we rolled back these changes, and announced our intent to re-ship an adjusted version: we will hide “www” but not “m”.” She added, “For several months, we’ve had this version enabled in our Canary, Dev and Beta channels and are confident that it is ready to be enabled in the Stable channel as well.” The Chrome team, together with other browser representatives, has also added a “Simplify non-human-readable or irrelevant components” section in the web URL standard. The section recommends browsers to omit components that can “provide opportunities for spoofing or distract from security-relevant information.” The team has also built an extension named Suspicious Site Reporter for Chrome using which you can identify suspicious sites and report them to Safe Browsing. With this extension, users will be able to see the full URL with no scheme or subdomain hiding. You can also see the full URL by clicking twice in the URL bar on the desktop, and once on mobile. What the public thinks about this change Users have pretty mixed feelings about this update. While some think that this is a step towards making Google a monopoly, others believe that this does simplify URLs for non-technical users. Expressing their concern on Hacker News, a user said, “...these "improvements" in Chrome are meant to make google the defacto interface for using the web. Imagine a world where 99% of users do not have any concept of URLs or any other fundamental WWW concepts. Instead, they open Chrome type whatever they want and get the results.” Some users also highlighted that this update could raise security concerns as well. “Let's assume that you have a blog platform offering subdomains for each user and 'm.blogplatform.com' is available. Now, any user can get that subdomain and impersonate the homepage because Emily from Chromium decided that eliding parts of the URL without any spec is a reasonable decision,” a user added. Apple’s browser, Safari also only shows the domain and lock icon to indicate the legitimacy of a website’s certificate. Since Apple did not receive this amount of user backlash, some felt that the backlash is just the result of people losing trust in the big tech. A user commented, “...collective shrug when Apple hides the URL, but if Google does so we get huge outrage and assumptions that this must clearly be done primarily for malicious reasons.” You can read the full conversation about this update on Chromium’s bug tracker. Chrome to split the HTTP Cache to prevent cross-origin leakage Currently, the HTTP cache stores resources for each of its entries in a single bucket, which is shared among the origins. So, when loading the same resource these origins will refer to the same cache entry. This can lead to a side-channel attack in which a site can detect whether another site has loaded a resource by going through the cache. To prevent this attack, the Chrome team is planning to partition the HTTP cache by the origin of the page’s top-frame. You can read more about this update on the Chrome Platform Status site. Edge, Chrome, Brave share updates on upcoming releases, recent milestones, and more at State of Browsers event Google plans to remove XSS Auditor used for detecting XSS vulnerabilities from its Chrome web browser Cloud Next 2019 Tokyo: Google announces new security capabilities for enterprise users

On Monday, the CEO and Co-founder of Dark, Ellen Chisa, announced the project had raised $3.5 million in funding in a Medium post. Dark is a holistic project that includes a programming language (Darklang), an editor and an infrastructure. The value of this, according to Chisa, is simple: "developers can code without thinking about infrastructure, and have near-instant deployment, which we’re calling deployless." Along with Chisa, Dark is led by CTO, Paul Biggar, who is also the founder of CircleCI, the CI/CD pioneering company. The seed funding is led by Cervin Ventures, in participation with Boldstart, Data Collective, Harrison Metal, Xfactor, Backstage, Nextview, Promus, Correlation, 122 West and Yubari. What are the key features of the Dark programming language? One of the most interesting features in Dark is that deployments take a mere 50 milliseconds. Fast. Chisa says that currently the best teams can manage deployments around 5–10 minutes, but many take considerably longer, sometimes hours. But Dark was designed to change this. It's purpose-built, Chisa seems to suggest, for continuous delivery. “In Dark, you’re getting the benefit of your editor knowing how the language works. So you get really great autocomplete, and your infrastructure is set up for you as soon as you’ve written any code because we know exactly what is required.” She says there are three main benefits to Dark’s approach: An automated infrastructure No need to worry about a deployment pipeline ("As soon as you write any piece of backend code in Dark, it is already hosted for you,” she explains.) Tracing capabilities are built into your code. "Because you’re using our infrastructure, you have traces available in your editor as soon as you’ve written any code. There's undoubtedly a clear sense - whatever users think of the end result - that everything has been engineered with an incredibly clear vision. Dark has been deployed on SaaS platform and project tracking tools Chisa highlights how some customers have already shipped entire products on Dark. Chase Olivieri, who built Altitude, a subscription SaaS providing personalized flight deals, using Drark is cited by Chisa, saying that "as a bootstrapper, Dark has allowed me to move fast and build Altitude without having to worry about infrastructure, scaling, or server management." Downside of Dark is programmers have to learn a new language Speaking to TechCrunch, Chisa admitted their was a downside to Dark - you have to learn a new language. "I think the biggest downside of Dark is definitely that you’re learning a new language, and using a different editor when you might be used to something else, but we think you get a lot more benefit out of having the three parts working together." Chisa acknowledged that it will require evangelizing the methodology to programmers, who may be used to employing a particular set of tools to write their programs. But according to her the biggest selling point is that it will remove the complexity around deployment by bringing an integrated level of automation to the process. Is Darklang basically like AWS Lambda? The community on Hacker News compares Dark with AWS Lambda, with many pessimistic about its prospects. In particular they are skeptical about the efficiency gains Chisa describes. "It only sounds maybe 1 step removed from where aws [sic] lambda’s are now," said one user. "You fiddle with the code in the lambda IDE, and submit for deployment. Is this really that much different?” Dark’s Co-founder, Paul Biggar responded to this in the thread. “Dark founder here. Yes, completely agree with this. To a certain extent, Dark is aimed at being what lambda/serverless should have been." He continues by writing: "The thing that frustrates me about Lambda (and really all of AWS) is that we're just dealing with a bit of code and bit of data. Even in 1999 when I had just started coding I could write something that runs every 10 minutes. But now it's super challenging. Why is it so hard to take a request, munge it, send it somewhere, and then respond to it. That should be trivial! (and in Dark, it is)" The team has planned to roll out the product publicly in September. To find out more more about Dark, read the team's blog posts including What is Dark, How Dark is a functional language, and How Dark allows deploys in 50ms. The V programming language is now open source – is it too good to be true? “Why was Rust chosen for Libra?”, US Congressman questions Facebook on Libra security design choices Rust’s original creator, Graydon Hoare on the current state of system programming and safety

Last week, Stack Overflow users took to its Meta site to express their concern regarding the communication breakdown between the site and its community. The users highlighted that Stack Overflow has repeatedly failed at consulting the community before coming up with a major change recent being removal of the “Hot Meta Posts” section. “It has become a trend that changes ("features") are pushed out without any prior consultation. Then, in the introductory meta post of said change, push-back is shown by the community and as a result, once again, everyone is left with a bad taste in their mouth from another sour experience,” a user wrote. The backlash comes after Stack Overflow announced last week that it is removing the “Hot Meta Posts” section from its right sidebar. This section listed questions picked semi-randomly every 20 minutes from all posts scoring 3 or more and posted within the past two weeks. As an alternative, moderators can highlight important posts with the help of the “featured” tag. Some of the reasons that it cited for removing this feature were that Meta hasn’t scaled very well since its introduction and the questions on the “Hot Meta Posts” section does not really look ideal for attracting new people. Sara Chipps, an Engineering Manager at StackOverflow, further said that the feature was also affecting the well-being of Stack Overflow employees. “Stack Overflow Employees have panic attacks and nightmares when they know they will need to post something to Meta. They are real human beings that are affected by the way people speak to them. This is outside of the CM team, who have been heroes and who I constantly see abused here,” she wrote. Earlier this month, Stack Overflow faced a similar backlash when it updated its home page. Many users were upset that the page was giving more space to Stack Overflow’s new proprietary products while hiding away the public Q&A feature, which is the main feature Stack Overflow is known for. The company apologized and acted on the feedback. However, users think that this has become a routine. A user added, “It's almost as though you (the company, not the individual) don't care about the users (or, from a cynic's perspective, are actively trying to push out the old folks to make way for the new direction SO is headed in) who have been participating for the best part of a decade.” Some users felt that Stack Overflow does consult with users but not out in the open. “I think they are consulting the community, they're just doing it non publicly and in a different forum, via external stakeholders and interested people on external channels, via data science, and via research interviews and surveys from the research list,“ a user commented. Yaakov Ellis, a developer in the Community dev team at Stack Overflow, assured that Stack Overflow is committed to making the community feel involved. It has no intention to cease the interaction between the company and the community. However, he did admit that there is “internal anxiety” to be more open to the community about the different projects and initiatives. He listed the following reasons: Plans can change, and it is more awkward to do that when it is under the magnifying glass of community discussion.  Functionality being worked on can change direction. Some discussions and features may not be things that the Meta community will be big fans of. And even if we believe that these items are for the best, there will also be times when (with the best intentions), as these decisions have been made after research, data, and users have been consulted, the actual direction is not up for discussion. We can't always share those for privacy purposes, and this causes the back and forth with objectors to be difficult. He further said that there is a need to reset some expectations regarding what happens with the feedback provided by the users. “We value it, and we absolutely promise to listen to all of it [...], but we can't always take the actions that folks here might prefer. We also can't commit to communicating everything in advance, especially when we know that we're simply not open to feedback about certain things, because that would be wasting people's time. Do Google Ads secretly track Stack Overflow users? Stack Overflow confirms production systems hacked Stack Overflow faces backlash for its new homepage that made it look like it is no longer for the open community

On Monday, Kadir Topal, a Senior Product Manager at Mozilla announced that the new React frontend of MDN Web Docs is now in Beta. MDN Web Docs, formerly known as Mozilla Developer Network, is the one-stop for web developer documentation. Mozilla has been working on replacing the jQuery library with React for months now to provide developers a customized MDN experience while still ensuring faster page loading time. MDN has two modes: editing and viewing. While viewing is used by most developers visiting the site, only a small fraction of them use the editing mode. This is why the team broke these two use cases into different domains. You can access the editing mode on wiki.developer.mozilla.org and the viewing mode on beta.developer.mozilla.org. The team plans to decommission beta.developer.mozilla.org after the testing phase is complete. The editing mode will continue to be served by the old frontend wiki.developer.mozilla.org. The discussion on this decision started earlier this year. While many praised it for this move, many felt that as a promoter of web standards it shouldn’t overlook web components for a custom framework. A developer commented on MDN’s GitHub repository, “As a user, I would like to see Mozilla that uses web standards to promote web standards. As a developer, I would like to see Mozilla and their developers using web standards and promote them. I don't need to see the nth React project.” Another developer commented, “The message that the No. 1 resource for Web development is ditching the same Web technologies it advocates, would be as disastrous as that, implicitly claiming a defeat for the Web, hence seppuku in the long term for the platform nobody would care much anymore.” In its support a developer remarked, “At the end of the day, none of us should care what MDN uses - we should care that the devs who have put so much effort into building a resource that has massively contributed to our own education and will continue to do so on a daily basis are productive and happy.” David Flanagan, one of the developers behind this project, affirmed that this decision was purely pragmatic. Flanagan shared that the MDN team is very tiny and they only had occasional help from volunteer contributions. Choosing React for MDN’s frontend may bring more contributors, he believed. He said, “Fundamentally, I'm asking you all to trust us. We're hoping to do great things this year with MDN, and I think that the vast majority of our users will love what we do. Thank you for reading this far, and thank you for your passion about web standards and MDN.” The team is now seeking developers’ feedback on this release. In case of any issue, you can file a bug, reply on Discourse, or also contact Topal on Twitter. Mozilla announces a subscription-based service for providing ad-free content to users Mozilla launches Firefox Preview, an early version of a GeckoView-based Firefox for Android Mozilla makes Firefox 67 “faster than ever” by deprioritizing least commonly used features

Earlier this year, DuckDuckGo announced that its map and address-related searches are now powered by Apple's MapKit JavaScript framework. This enabled them to offer improved address searches, additional visual features, enhanced satellite imagery, and better privacy. Since then the company has further expanded the use of Apple Maps for enhanced search while adhering to its commitment to user privacy, according to a blog post shared yesterday. https://twitter.com/DuckDuckGo/status/1151166280088657921 Here are some of the map-related search enhancements in DuckDuckGo: Map re-querying Previously, for every new map-related search you were redirected to the regular DuckDuckGo Search page. Now, it will allow you to stay in its expanded map view to refine local searches instantly. Additionally, when you move around the map or zoom in and out, the search results will be updated to include places within the field of view. Source: DuckDuckGo Intelligent autocompletion To make searching much easier and faster, the search engine now provides intelligent auto-completion within the expanded map view. As you type or update a new search query, DuckDuckGo will dynamically show search suggestions that are tailored to the local region displayed. A dedicated Maps tab Similar to Google, you will see a dedicated Maps tab in DuckDuckGo at the top of every search results page. Previously, the Maps tab was shown only for map-related searches, but from now on you will consistently see the tab alongside Images, Videos, and News. So, if you search for “cupcakes” and go to the Maps tab you will see local cupcake places. “Privacy by design, without any tradeoffs” Along with these great enhancements, DuckDuckGo is also promising for stricter user privacy. “A lot has changed with using maps on DuckDuckGo making it an even smoother experience, but what hasn’t changed is the way we handle your data—or rather, the way we don’t do anything with your data. We are making local searches faster while retaining the privacy you expect,” the post reads. It further emphasized that they do not share any personally identifiable information such as IP address and also make it point to discard any such information immediately after use. It is great that DuckDuckGo is expanding the use of Apple Maps along with promising better privacy to its users. Many users appreciated this update and believe that this is the right step towards becoming “a worthy competitor to Google Search.” Others said that Apple Maps is way behind Google Maps. Users have experienced that Apple Maps’ quality seems to highly depend on the user location. A user shared his experience saying, “I’ve used Apple Maps as my primary map since it came out, and I’ve only gotten a wrong location one time in literally thousands of searches, and that was years ago. It wasn’t really ready when it launched, but it has gotten consistently better over time.” He further added, “The UX is great, in many cases, the satellite imagery is more up-to-date compared to Google, and it doesn’t maul my battery to use. Not saying it’s clearly better than Google, because it isn’t, but for my usage, it’s more than “good enough,” and I love to see Apple’s privacy-respecting products compete effectively with big G.” Read the full announcement on DuckDuckGo’s official website. Time for data privacy: DuckDuckGo CEO Gabe Weinberg in an interview with Kara Swisher DuckDuckGo proposes “Do-Not-Track Act of 2019” to require sites to respect DNT browser setting DuckDuckGo now uses Apple MapKit JS for its map and location-based searches

Yesterday, Mozilla announced the release of Firefox 68, which brings new updates like support for BigInts, Contrast Checks, dark mode in reader view, and a reimplemented URL bar. They have also added Enhanced Tracking Protection which blocks known “third-party tracking cookies” by default. Improved extension security and discovery Firefox 68 comes with a new reporting feature in ‘about:addons’ using which you can report any security and performance issues with extensions and themes. The team has also redesigned the extensions dashboard in ‘about:addons’ where you can find all the information about your extensions including data and settings access required by each extension. You can get high quality, secure extensions from Mozilla’s Recommended Extensions program present in ‘about:addons’. These recommended extensions are indicated by special badging on addons.mozilla.org (AMO): Source: Mozilla Additionally, to provide users improved protection from threats and annoyances on the web, Firefox 68 comes with cryptomining and fingerprinting protections added to strict content blocking settings in Privacy & Security preferences. Read also: Mozilla adds protection against fingerprinting and Cryptomining scripts in Firefox Nightly and Beta Support for JavaScript BigInt Firefox 68 comes with support for JavaScript’s new BigInt numeric type, which is currently in stage 3 of the ECMAScript specification. Previously, JavaScript only had the Number numeric type. As JavaScript considers numbers as floating-point, they can represent both integers and decimal fractions. Source: Mozilla However, the limitation is that 64-bits floats fail to reliably represent integers larger than 2 ** 53. To make working with large number easier, a new primitive is introduced, BigInt. It provides a way to represent whole numbers larger than 2 ** 53. Updates in DevTools In addition to enhancing the already smart debugging tools, Firefox 68 brings more improvements in DevTools: Accessibility checks in DevTools: This release ships with a new capability for DevTools that check for basic accessibility issues in your web pages. The Accessibility Inspector now comes with a new ‘Check’ that currently reports any color contrast issue with text on a page. The Firefox team plans to add a number of audit tools to highlight accessibility problems on your website in future releases. A way to emulate print media from DevTools: A button is added to the Page inspector using which you can enable “print media emulation”. This makes it easy to see what elements of a page will be visible when printed. Improved CSS warnings: The Web console will show you more information about CSS warnings and include a link to related nodes. A Web console filter: You can now filter content in the Web console using a valid regular expression. Here’s a video showing how this works: https://youtu.be/E6bGOe2fvW0 Web compatibility This release fixes a few web compatibility issues to ensure that every user will be able to access a website regardless of their choice of device or browser: Internet Explorer’s legacy rules property and addRule() and removeRule() CSS methods are added to the CSSStyleSheet interface. Safari’s ‘-webkit-line-clamp’ CSS property is also added. Support for CSS scroll snapping Firefox 68 comes with support for CSS scroll snapping that gives you a standardized way to control the behavior of scrolling inside a container. It works in a very similar fashion to how native apps work on phones and tablets. Now that this update has landed in Firefox, developers will have the same version of the specification as Chrome and Safari. Developers who have used the old Firefox implementation of the Scroll Snap specification are required to update their code, otherwise scroll snapping will no longer work in Firefox 68 and up. The reimplemented URL bar, QuantumBar Firefox’s URL bar, which is also known as the AwesomeBar, has been completely reimplemented using HTML, CSS, and JavaScript web technologies. This overhauled version is named ”QuantumBar”. Though not much will change appearance-wise, its updated architecture behind the scenes will make it easier to maintain and extend in the future. Access to cameras and other media devices now require HTTPS Starting from Firefox 68, camera and microphone will require an HTTPS connection to work. The getUserMedia method will throw NotAllowedError if you try to access the media devices from an insecure HTTP connection, similar to how Chrome works. Many developers are happy with this update. A user on Hacker News commented, “It's fantastic that it works with localhost (and I assume 127.0.0.1?), and it's fantastic that it doesn't work with anything else. This is the best middle ground.” However, some are also worried considering that this will affect the current working of their apps or websites. “This sucks, my community[1] has a local offline-first video/audio call app that we run on a physical mesh network. This will make it impossible for people to talk to each other, without first needing to be connected online to some certificate authority, or without some extraordinarily difficult pre-installation process, which is often not even possible on a phone. HTTPS was important, but now it's being used to shoehorn dependency on a centralized online-only authority. Perfectly ripe to censor anyone.”, wrote a Hacker News user To know more in detail, check out the official announcement by Mozilla. Mozilla launches Firefox Preview, an early version of a GeckoView-based Firefox for Android Firefox 67 enables AV1 video decoder ‘dav1d’, by default on all desktop platforms Mozilla makes Firefox 67 “faster than ever” by deprioritizing least commonly used features

Last week, Mozilla disclosed the winners of Mozilla Research Grants for the first half of 2019. Among the winning proposals was “Bringing Julia to the Browser” that aligns with Mozilla’s goal to bring data science and scientific computing tools to the browser. Mozilla had said it was specifically interested in receiving submissions about supporting R or Julia at the browser level. Every six months Mozilla awards grants of value $25,000 to support research in emerging technologies and also topics relevant to Mozilla. It started accepting proposals for 2019 H1 funding series in April this year. https://twitter.com/jofish/status/1121860158835978241 These proposals were expected to address any one of the twelve research questions under the following three categories: Growing the Web: WASM, Rust, Digital trust for cost-conscious users, Beyond online behavioral advertising (OBA) New Interaction Modes: Iodide: R or Julia in the Browser, Fathom, Futures, Mixed Reality, Voice, Common Voice Privacy & Security: Data, Privacy & Security for Firefox Mozilla has been constantly putting its efforts to make the life of data scientists easier on the web. In March, it introduced Iodide that allows data scientists to create interactive documents using web technologies. In April, it came up with Pyodide that brings the Python runtime to the browser via WebAssembly. By funding this research by Valentin Churavy, an MIT Ph.D. student and a member of the official Julia team, Mozilla is taking the next step towards improving access to popular data science tools on the web. They are planning to port R or Julia, languages that are popular among statisticians and data miners, to WebAssembly. Their ultimate goal is to introduce a plugin for Iodide that will automatically convert data basic types between R/Julia and Javascript and will be able to share class instances between R/Julia and Javascript. Though Python and R have been developers’ first choice, Julia is also catching up in becoming one of the promising languages for scientific computing. Its execution speeds are comparable to that of C/C++ and high-level abstractions are comparable to MATLAB. It offers support for modern machine learning frameworks such as TensorFlow and MXNet. Developers can also use Flux, a Julia machine learning library to easily write neural networks. Following are all the Mozilla Research Grants for 2019H1: Source: Mozilla Research Mozilla will be opening a new round of grants in fall this year (probably in November). To know more, check out its official announcement and also join the mailing list. Mozilla introduces Pyodide, a Python data science stack compiled to WebAssembly Mozilla introduces Iodide, a tool for data scientists to create interactive documents using web technologies Mozilla’s Firefox Send is now publicly available as an encrypted file sharing service

Today an exciting news was awaiting the Next.js users, five months after Next.js 8 was released. Today the Next.js team has released their next version Next.js 9. The major highlights of this release are the built in zero-config TypeScript support, automatic static optimization, API routes and improved developer experience. All the features are backwards compatible with the earlier versions of Next.js. Some of the major features are explained in brief below: Built-In Zero-Config TypeScript Support Automated Setup Getting started with TypeScript in Next.js is easy: rename any file, page or component, from ‘.js’ to ‘.tsx’. Then, run ‘next dev’. Next.js will also create a default ‘tsconfig.json’ with sensible defaults, if not already present. Integrated Type-Checking While in development Next.js will show type errors after saving a file. Type-checking happens in the background, allowing users to interact with the updated application in the browser instantly. Type errors will propagate to the browser as they become available. Next.js will also automatically fail the production build, if type errors are present. This helps prevent shipping broken code to production. Dynamic Route Segments Next.js supports creating routes with basic named parameters, a pattern popularized by ‘path-to-regexp’. Creating a page that matches the route ‘/post/:pid’ can now be achieved by creating a file in your pages directory named: ‘pages/post/[pid].js’. Next.js will automatically match requests like ‘/post/1, /post/hello-nextjs’, etc and render the page defined in ‘pages/post/[pid].js’. The matching URL segment will be passed as a query parameter to your page with the name specified between the ‘[square-brackets]’. Automatic Static Optimization Starting with Next.js 9, users will no longer have to make the choice between fully server-rendering or statically exporting their application. Users can now do both on a per-page basis. Automatic Partial Static Export A heuristic was introduced to automatically determine if a page can be prerendered to static HTML using ‘getInitialProps’. This allows Next.js to emit hybrid applications that contain both server-rendered and statically generated pages. The built-in Next.js server (‘next start’) and programmatic API (‘app.getRequestHandler()’) both support this build output transparently. There is no configuration or special handling required. Statically generated pages are still reactive: Next.js will hydrate the application client-side for full interactivity. Furthermore, Next.js will update the application after hydration also, if the page relies on query parameters in the URL. API Routes To start using API routes, users have to create a directory called ‘api/’ inside the ‘pages/ directory’. All files in this directory will be automatically mapped to ‘/api/<your route>’, in the same way as other page files are mapped to routes. All the files inside the ‘pages/api/’ directory export a request handler function instead of a React Component. Besides using incoming data, the API endpoint will also return data. Next.js will provide ‘res.json()’ by default making it easier to send data. When making changes to API endpoints in development, the user need not restart the server as the code is automatically reloaded. Production Optimizations Prefetching in-Viewport <Link>s Next.js 9 will automatically prefetch <Link> components as they appear in-viewport. This feature improves the responsiveness of users application by making navigations to new pages quicker. Next.js uses an Intersection Observer to prefetch the assets necessary in the background. These requests have low-priority and yield to ‘fetch()’ or XHR requests. Next.js will avoid automatically prefetching if the user has data-saver enabled. Optimized AMP by Default Next.js 9 will render optimized AMP by default. Optimized AMP is up to 50% faster than traditional AMP. Dead Code Elimination for typeof window Branches Next.js 9 replaces ‘typeof window’ with its appropriate value (undefined or object) during server and client builds. This change allows Next.js to remove dead code from compiled code automatically. Developer Experience Improvements Next.js 9 aims to bring unobtrusive and ease-of-use improvements to help its users develop in the best way. Compiling Indicator An RFC / "good first issue" has been created to discuss potential solutions for the problem of indicating that work is being done. Users will also see a small triangle to show that Next.js is doing compilation work, at the bottom right corner of the page. Console Output Starting from Next.js 9, the log output will jump less and will no longer clear the screen. This allows for a better overall experience as the users terminal window will have more relevant information and will flicker less, while Next.js will integrate better. Users are very happy with the striking features introduced in Next.js 9. https://twitter.com/johnbrett_/status/1148167900840255489 https://twitter.com/chanlitohem/status/1148167705834352640 A user on Reddit says that, “That API routes feature looks amazing. Will definitely check it out.” Another Redditor comments, “Gonna give v9 a try today. Very stoked for the new dynamic routing!” Head over to the Next.js official blog for more details. Next.js 7, a framework for server-rendered React applications, releases with support for React context API and Webassembly Meet Sapper, a military grade PWA framework inspired by Next.js 16 JavaScript frameworks developers should learn in 2019

Two days ago, the team behind Debian announced the release of Debian stable version 10 (codename - ‘buster’), which will be supported for the next 5 years. Debian 10 will use the Wayland display server by default, includes over 91% of source reproducible projects, and ships with several desktop applications and environments.  Yesterday, Debian also released the GNU/Hurd 2019, which is a port release. It is currently available for the i386 architecture with about 80% of the Debian archive. What's new in Debian 10 Wayland display server In this release, GNOME will use the Wayland display server by default, instead of Xorg. Wayland’s simple and modern design provides advantages in terms of security. The Xorg display server is installed in Debian 10, by default. Users can use the default display manager to change the display server in their session. Reproducible Builds project In Debian 10, the Reproducible Builds project plans to have over 91% of the source packages  built in bit-for-bit identical binary packages. This will work as an important verification feature for users as it will protect them against malicious attempts to tamper with compilers and build networks.  Desktop applications Debian 10 “buster” ships with several desktop applications and environments. Some of the desktop environments include: Cinnamon 3.8 GNOME 3.30 KDE Plasma 5.14 LXDE 0.99.2 Other highlights in Debian 10 AppArmor, a mandatory access control framework for restricting programs' capabilities, is installed and enabled by default for security-sensitive environments. All methods provided by Advanced Package Tool (APT) (except cdrom, gpgv, and rsh) can optionally make use of seccomp-BPF sandboxing. The https method for APT is included in the apt package and does not need to be installed separately.  Network filtering, based on the nftables framework is set by default. Starting with iptables v1.8.2, the binary package includes two variants of the iptables command line interface: iptables-nft and iptables-legacy. The UEFI (Unified Extensible Firmware Interface), which is a specification for a software program that connects a computer's firmware to its operating system, introduced in Debian 7, has been greatly improved in Debian 10.  The Secure Boot support is included in this release for amd64, i386 and arm64 architectures and will work on most Secure Boot-enabled machines. This means that users will not have to disable the Secure Boot support in the firmware configuration. The cups and cups-filters packages installed by default in Debian 10, allows users to take advantage of driverless printing.  This release includes numerous updated software packages such as Apache 2.4.38, BIND DNS Server 9.11, Chromium 73.0, Emacs 26.1, Firefox 60.7 and more.  Visit the Debian official website, for more details on Debian 10. What’s new in Debian GNU/Hurd 2019 An Advanced Configuration and Power Interface Specification (ACPI) translator has been made available, it is currently only used to shut down the system.  The LwIP TCP/IP stack, which is a widely used open-source TCP/IP stack designed for embedded systems, is now available as an option.  A Peripheral Component Interconnect (PCI) arbiter has been introduced and will be useful to properly manage PCI access, as well as to provide fine-grain hardware access.   New optimizations now include protected payloads, better paging management and message dispatch, and gsync synchronization.  Support for LLVM has also been introduced.  Besides the Debian installer, a pre-installed disk image is also available for installing ISO images.  The general reaction to both the Debian news has been positive with users praising Debian for always staying up to date with the latest features. A Redditor says, “Through the years I've seen many a "popular" distro come and go, yet Debian remains.” Another user on Hacker News adds, “I left Redhat at 8.0(long time ago, before Fedora) and started using debian/ubuntu and never looked back, in my opinion, while Redhat made a fortune by its business model, Debian and ubuntu are the true community OS, I can't ask for more. Debian has been my primary Server for the last 15 years, life is good with them. Thank you so much to the maintainers and contributors for putting so much effort into them.” Read the Debian mailing list, for more information on Debian GNU/Hurd. Debian GNU/Linux port for RISC-V 64-bits: Why it matters and roadmap Debian maintainer points out difficulties in Deep Learning Framework Packaging Debian project leader elections goes without nominations. What now?

Last week, the team behind Babel announced the release of Babel 7.5.0. This release ships with improved support for a few ECMAScript proposals including the F# variant of the Stage 1 pipeline operator and an official plugin for the Stage 4 dynamic import() proposal. It also comes with an experimental TypeScript namespaces support. Following are some of the highlights from Babel 7.5.0: F# pipeline operator The pipeline operator proposal introduces a syntactic sugar (|>) for greater readability when chaining several functions together. This operator is similar to F#, OCaml, Elixir, Elm, Julia, Hack, and LiveScript, as well as UNIX pipes. Starting from the 7.0.0-beta release, Babel had the “minimal” variant of the pipeline operator proposal. Then came the “Smart” variant in Babel 7.3.0 and with this release we have the F# variant. The difference between the smart and F# variant is that the latter uses the concept of arrow functions instead of "topic references" (#). “This has the advantage of being more similar to current JavaScript, at the cost of a slightly less concise syntax,” the team explained as the advantage for this change. You can test this new variant by adding ‘@babel/plugin-proposal-pipeline-operator’ to your Babel configuration. You can also try it out in the REPL by enabling the "Stage 1" preset. Dynamic import transform Though Babel has support for parsing dynamic imports, it does not provide a consistent way to transform them. It allows parsing import(foo), but asks developers to use webpack or ‘babel-plugin-dynamic-import-node’ to transpile it. To solve this problem, Babel 7.5.0 introduces the ‘@babel/plugin-proposal-dynamic-import’ plugin, which you can use alongside one of the module transform plugins. Experimental TypeScript namespaces support When TypeScript support initially came to Babel, it did not include namespaces as they require type information that can only be provided by a full TypeScript compiler and type-checker. Starting from Babel 7.5.0, you can enable experimental support for namespaces in the TypeScript plugin using the ‘allowNamespaces’ option of ‘@babel/plugin-transform-typescript’. However, there are some limitations in this experimental support that you need to keep in mind: one, namespaces can only export immutable bindings and second, when merging multiple namespaces with the same name, their scope isn't shared. These were some of the updates in Babel 7.5.0. To know more in detail check out the official announcement and also the release notes. Babel 7 released with Typescript and JSX fragment support How to create a native mobile app with React Native [Tutorial] Meteor 1.8 addresses technical debt of 1.7 with delayed legacy builds, upgraded to Babel 7, Mongo 4

Update: Added response from Rahul Vohra, CEO of Superhuman. Last week, Mike Davidson, the former VP of design at Twitter and founder of Newsvine, questioned the ethics and responsibility of Superhuman, one of Silicon Valley’s most talked about email app in a blog post. He called the app a “surveillance tool” that embed tracking pixels inside emails sent by its customers.  https://twitter.com/mikeindustries/status/1146092247437340672 Superhuman was founded in 2017 by Rahul Vohra with the aims to reinvent the email experience. It is an invitation-only service, mainly targeted towards business users that costs $30/month. Last month, the startup was able to raise a $33 million investment round that was led by Mr. Andreessen’s firm, Andreessen Horowitz and is now valued at $260 million. https://twitter.com/Superhuman/status/1144380806036516864   “Superhuman teaches its users to surveil by default” The email app bundles many modern features like snoozing, scheduling, undo send, insights from social networks, and more. The feature that Davidson talked about was “Read Receipts”, which is an opt-in common feature we see in many messaging email clients that indicates the read/unread status.  Davidson highlights that Superhuman gives you this read/unread status in a very detailed way. It allows sending and receiving emails embedded with tracking pixels, which is a small and hidden image in an email. When the recipient clicks on the email, the image reports a running log of every single time the recipient has opened the mail, including their location, regardless of the email client the recipient is using. The worst part is that it is on by default and many users do not usually bother to change the default settings. Here’s a log that Davidson shared in his post: Source: Mike Davidson’s blog post What do people think of this feature? Many people felt that sharing the number of times an email was read, geolocation of the recipient, and other information is intrusive and violates user privacy. In his post, Davidson talked about several “bad things” people can do using this technology, that the developers might have not even intended for. Some users agreed to this and pointed out that sharing such personal information can prove to be very dangerous for the recipients.  https://twitter.com/liora_/status/1146122407737876481 Others gave the rationale that many email clients are doing the same thing including Gmail, Apple Mail, and Outlook. Embedding tracking pixels in an email is also very commonly used by email marketing platforms.  https://twitter.com/nickabouzeid/status/1144296483778228224 https://twitter.com/bentruyman/status/1146137938121543680 https://twitter.com/chrisgrayson/status/1146319066493313024   As a response to this, Davidson rightly said, “The main point here is: just because technology is being used unethically by others does not mean you should use it unethically yourself. Harmful pesticides have also been around for years. That doesn’t mean you should use them yourself.” Davidson further explained what making such unethical decisions means for a company in the long run. In the beginning days of a company, there are no set principles for its people to make decisions. It is basically what the founders think is right for the company. At that time,  every decision that you make, whether it is good or bad, makes the foundation of what Davidson calls as “decision genome”. He adds, “With each decision a company makes, its “decision genome” is established and subsequently hardened.” He says the decisions that seem small in the beginning actually become the basis of many other big decisions you will make in the future. This will ultimately affect your company’s ethical trajectory. “The point here is that companies decide early on what sort of companies they will end up being. The company they may want to be is often written in things like “core values” that are displayed in lunch rooms and employee handbooks, but the company they will be is a product of the actual decisions they make — especially the tough decisions,” he adds. Many agreed on the point Davidson makes here, and think that this is not just limited to a single company but in fact, the entire ecosystem. David Heinemeier Hansson, the creator of Ruby on Rails, believes that Silicon Valley especially is in serious need for recalibration. https://twitter.com/dhh/status/1146403794214883328 What can be some possible solutions One workaround can be disabling images in email by default since the tracking pixels are sent as images. However, Superhuman does not even allow that. “Superhuman doesn’t even let its own customers turn images off. So merely by using Superhuman, you are vulnerable to the exact same spying that Superhuman enables you to do to others,” Davidson mentions. The next step for Superhuman, Davidson suggests is to apologize and remove this feature. He further recommends that Superhuman should, in fact, protect its users from emails that have tracking pixels. Another mitigation he suggests is to add a “Sent via Superhuman”  signature so that the receiver is aware that their data will be sent to the sender. https://twitter.com/mikeindustries/status/1144360664275673088 If these do not suffice, Davidson gave a harsh suggestion to publicly post surveilled email on Twitter or other websites: https://twitter.com/mikeindustries/status/1144315861919883264 How Superhuman has responded to this criticism Yesterday, Rahul Vohra, the CEO of Superhuman responded that the company understands the severity of sharing such personal information, especially the state or country level location. He further shared what steps the company is taking to address the concerns raised against the feature. He listed the following changes:  We have stopped logging location information for new email, effective immediately. We are releasing new app versions today that no longer show location information. We are deleting all historical location data from our apps. We are keeping the read status feature, but turning it off by default. Users who want it will have to explicitly turn it on. We are prioritizing building an option to disable remote image loading. Many Twitter users appreciated Vohra’s quick response: https://twitter.com/chadloder/status/1146564393884254209 https://twitter.com/yuvalb/status/1146542900559405056 https://twitter.com/kmendes/status/1146569165211234304 Read Davidson’s post to know more in detail. Google announces the general availability of AMP for email, faces serious backlash from users A security researcher reveals his discovery on 800+ Million leaked Emails available online VFEMail suffers complete data wipe out!

After facing a device fingerprinting bug and security breach, Stack Overflow was again in the news on Thursday. This time it was about its homepage that showcased its new proprietary products while hiding away the primary feature it is widely known for: open, public Q&A. How the updated Stack Overflow homepage looked like? The updated homepage showed the various products Stack Overflow provides. However, it did not show any straightforward way to reach the Q&A site. Here is how the updated UI looked like: Source: Stack Overflow A Stack Overflow user wrote, how he felt when he first saw this homepage: Private Q&A. Oh, this one of those exclusive sites, maybe a forum, where you get to discuss stuff in private, probably need to pay for it, it says coworker, flagship, those are pricey words. Jobs? Oh, this must be like LinkedIn. Probably only professionals and such that only elevate themselves and talk boring stuff. You probably need to pay for exposing your account or something, as you need to on those other job sites to stand a chance. Create an account? And next they'll ask for my credit card, right? No thanks, I'll move on to TechNet or wherever. Other regular users also found this abrupt change frustrating and confusing. A Stack Overflow user compared the updated homepage to that of Facebook and LinkedIn where you require to have an account to post things. He wrote, "Today before I logged in I saw the new home page, and it immediately felt the same to me as going to Facebook or LinkedIn before you have an account. There's a big wall of gibberish that essentially says, "You can't do anything here until you start handing over information about yourself.” It is understandable that Stack Overflow is looking for new avenues for revenues. In 11 years of its existence, it has become much more than a Q&A site with voting and editing functionalities. It provides Stack Overflow for Teams, a private place for your team members to exchange questions and answers about your proprietary software. Another one is, Stack Overflow Talent that helps employers post job listings and discover talents around the globe for their organizations. Stack Overflow for Enterprise provides a platform for building a standalone Q&A community. Despite these new incredible offerings, for most people the Q&A site is what Stack Overflow is, rest all is just an addition to the main product. Hiding the actual feature for which developers visit the site behind a hamburger, while giving the actual screen space to proprietary products is what has turned off many developers. How Stack Overflow responded? After facing backlash, Stack Overflow responded with a workaround for the moment and is currently reviewing the feedback it is getting from the users. Stack Overflow said, “Overall changes in design will not be made at this moment (we are still collecting the feedback you are all posting - thanks for that). And we are carefully reviewing it and will make them later if it's necessary, however, we do want to make it easier to get to the open Q&A as fast as possible, and that means not changing the design right now.” To make it somewhat easier for the users to reach the Q&A section, it has hyperlinked the "open community" in the description. Also, the blue button which was earlier called “Create an account” now goes directly to the Q&A page. Source: Stack Overflow Developers also suggested what Stack Overflow can do to fix this problem, while also showcasing its proprietary products. Here's what a user recommended: “If you're really serious about improving it, then I have some recommendations. 1) reduce the size of the hero banner by ~50%. 2) Remove the "for developers, by developers" section and have the "Developers" button at the top go straight to stackoverflow.com/questions. 3) Remove the section on SO for Teams pricing -- that belongs as a click-through page via the "Private Q&A" link on the "For business by developers" section. On that subject, "Private Q&A" should say "Teams (Private Q&A)". 4) Remove redundant .talent-slope div and .py64 div below it.” Providing teams and enterprises a private area to discuss their coding problems is an incredible idea and there is no wrong in advertising these products to people who love using Stack Overflow. However, it does feel a little overboard to make it the main centerpiece of the homepage, when Stack Overflow is mainly known for its free Q&A feature. Also, considering the huge user base, the whole outcry could have been avoided by a little consultation from the users. Approx. 250 public network users affected during Stack Overflow’s security attack Do Google Ads secretly track Stack Overflow users?

Yesterday, Mozilla announced the first preview of a redesigned version of Firefox for Android, called Firefox Preview. It is powered by the GeckoView rendering engine and will eventually replace the current Firefox app for Android. Why Mozilla is introducing a new Firefox for Android Back in 2016, Mozilla introduced Firefox Focus, a privacy-focused mobile browser for Android and iOS users. It was initially launched as a tracker-blocking application and then was developed into a minimalistic browser app. The team has been putting their efforts into improving the Firefox Focus app. However, the demand for a full-fledged private and secure mobile browsing experience has increased in recent years. The team realized this could be best addressed by launching a new browser app that is similar to Focus, but provides all the "ease and amenities of a full-featured mobile browser." Sharing the idea behind the new browser, Firefox Mobile Team said, "With Firefox Preview, we’re combining the best of what our lightweight Focus application and our current mobile browsers have to offer to create a best in class mobile experience." What features does Firefox Preview come with Unlike some of the major browsers that use the Blink rendering engine, Firefox Preview is backed by GeckoView. This gives Firefox and its users the independence of making decisions for what they want in the browser instead of enforcing whatever Google decides. GeckoView also accounts for “greater flexibility in terms of the types of privacy and security features" Mozilla can offer its mobile users.” Following are some of the features Firefox Preview offers: Up to two times faster: It is up to two times faster as compared to the previous versions of Firefox for Android. Minimalistic design: It comes with a minimalist start screen and bottom navigation bar to enable you get things done faster on the go. Includes Collections, a new take on bookmarks: Its Collections feature allows you to save, organize, and share collections of sites. Tracking Protection on by default: It comes with Tracking Protection on by default giving you freedom from advertising trackers and other bad actors. As a side effect, this also gives a faster browsing experience. This is an early version of the experimental browser for Android users based on GeckoView, which means there are many features like support for ad blocking extensions, Reader Mode is not yet available. You can try it out and provide feedback for improvements to the team via email or on Github. Check out the official announcement by Mozilla to know more. Mozilla introduces Track THIS, a new tool that will create fake browsing history and fool advertisers Mozilla releases Firefox 67.0.3 and Firefox ESR 60.7.1 to fix a zero-day vulnerability, being abused in the wild Mozilla to bring a premium subscription service to Firefox with features like VPN and cloud storage

Looks like Brave has also jumped on the bandwagon of writing or rewriting its components in the Rust programming language. Yesterday, its team announced that they have reimplemented its ad-blocker in Rust that was previously written in C++. As a result, the ad-blocker is now 69x faster as compared to the current engine. The team chose Rust as it is a memory-safe and performant language. The new ad-blocker implementation can be compiled to native code and run within the native browser core. It can also be packaged in a standalone Node.js module. This reimplemented version is available on Brave’s  Dev channel and Nightly channel. How does this new ad-blocking algorithm work? The previous ad-blocking algorithm relied on the observation that most of the requests were passed through without blocking. It used the Bloom filter data structure that tracks fragments of requests that may match and rules out those that do not. The new implementation is based on uBlock Origin and Ghostery’s ad-blocking approach, which is tokenization specific to add-block rule matching against URLs and rule evaluation optimized to the different kinds of rules. What makes this new algorithm faster is that it quickly eliminates any rules that are not likely to match a request from search. “To organize filters in a way that speeds up their matching, we observe that any alphanumeric (letters and numbers) substring that is part of a filter needs to be contained in any matching URL as well,” the team explained. All these substrings are hashed to a single number that results in a number of tokens. The tokens make matching much easier and faster when a URL is tokenized in the same way. The team further wrote, “Even though by nature of hashing algorithms multiple different strings could hash to the same number (a hash collision), we use them to limit rule evaluation to only those that could possibly match.” If a rule has a specific hostname, it is tokenized too. If a rule contains a single domain option, the entire domain is hashed as another token. Performance gains made by the reimplementation For the performance evaluation, the team has used the dataset published with the Ghostery ad-blocker performance study that includes 242,945 requests across 500 popular websites. The new ad-blocker was tested against this dataset with different ad-block rule lists including the biggest one: EasyList and EasyPrivacy combined.  The team performed all the benchmarks on the adblock-rust 0.1.21 library. They used a 2018 MacBook Pro laptop with 2.6 GHz Intel Core i7 CPU and 32GB RAM. Following are performance gains this new ad-blocker showed: The new algorithm with its optimized set of rules is 69x faster on average as compared to the current engine. When tested with the popular filter list combination of EasyList and EasyPrivacy, it gave a “class-leading performance of spending only 5.7μs on average per request.” It already supports most of the filter rule syntax that has evolved beyond the original specification. This will enable the team to handle web compatibility issues better and faster. The browser does some of the work that can be helpful to the ad-blocker. This further reduces the overheads resulting in an ad-blocker with the best in class performance. Head over to Brave’s official website to know more in detail. Edge, Chrome, Brave share updates on upcoming releases, recent milestones, and more at State of Browsers event Brave introduces Brave Ads that share 70% revenue with users for viewing ads Chromium-based Brave browser shows 22% faster page load time than its Muon-based counterpart  

Yesterday, Vivaldi released the latest version of their browser, Vivaldi 2.6, with two striking features - privacy and customization. These features will allow users to block abusive ads and feel safe on the web. Also, Vivaldi 2.6 provides users with many customization options for creating multiple personalities of users without logging into a different operating system. There are also other improvements such as filter saved passwords, visually enhanced search field and more. Vivaldi 2.6 is available as a free download for Windows, Mac, and Linux. Users can also import data from a variety of browsers, including Opera, Chrome, Edge, Internet Explorer and -- via HTML export -- Firefox. Browse safely with no abusive ads Vivaldi’s new functionality allows users to block adverts that use abusive technologies such as fake messages, misleading site behavior, etc. Users can use this feature to stop ads from sites, that are causing problems like, pop-ups that prevent them from leaving the site. Vivaldi 2.6’s built-in ad-blocker, will have an enabled-by-default blocklist, which can be switched off in the Privacy section of the Settings menu. This list is hosted by Vivaldi’s servers and is updated automatically and applied to intrusive websites so that users don't have to contact the server each time. This blocklist is hosted on its end-to-end encrypted servers. Here’s how to manually enable or disable abusive ad blocking: Select Vivaldi Menu > Tools > Settings, or use Alt-P to open the Preferences using the shortcut. Switch to the Privacy section. Remove the checkmark from Block ads on abusive violating sites. This turns the functionality off in the Vivaldi browser. In a statement to Packt, Vivaldi CEO, Jon von Tetzchner said, “We try to keep our users safe and will continue to look at more options to protect them. The way that we’ve implemented this functionality is an interesting step in the direction of relying less on third-party services.” Image source: Vivaldi More personality to User Profiles In March this year, Vivaldi had introduced support for User profiles which had different set of extensions, bookmarks, speed dials, cookies, history, and more. With this update, Vivaldi has brought in more customization options for users. Users can now create multiple “users” without logging into a different operating system, user account, or maintain multiple standalone installations of Vivaldi. This update brings a more personal touch for non-synced profiles, with the following additions : Update the avatars Add and delete profiles in the popup Edit avatar within the popup Image source: Vivaldi Other improvements Filter saved passwords: Users can find their saved passwords by filtering either through account names or websites. Keep a tab on unread tabs in the Window Panel: When a link is opened on a background tab, users will be notified in the Window Panel if it is unread. The unread tab counter will inform precisely the number of tabs unattended. Navigate faster with ‘Find in Page’ : Users can find a specific word or a term in a lengthy article with ‘Find in Page’ option. Visually enhanced Search Field: The magnifying glass on the Search Field on the right side of the Address Bar of Vivaldi now displays the favicon of the active search engine, helping users to easily identify the search engine. Support for headphone: A highly requested feature by users - Vivaldi will support headphone devices. Performance improvement: Vivaldi 2.6 has increased its performance to help users working with multiple tabs. Now, a user can easily tile tabs into split-screen views or move tabs to new windows. Opening, closing, and resizing of Panels in the sidebar is also much snappier. The privacy feature of Vivaldi comes at a time when many browsers are being cornered for having privacy issues. Earlier this month, Chrome had made it clear that its ad blocking extensions will only be available for enterprise users. This move by Google had garnered much criticism. Vivaldi, on the other hand, is getting praised for its new privacy-centric features. It also comes with DuckDuckGo search engine as default, which doesn’t track or profile users. https://twitter.com/rankbrite/status/1141726875728908288 A user on Hacker News states that “I'm seriously thinking of switching to Vivaldi now as my default development browser. It has incredible keyboard support and feature wise closest to the old Opera browser, which till date is the first browser I feel in love with.” Another user on Hacker News says that “I changed to Vivaldi about a year ago and it's the first browser ever which isn't constantly slowing down with time and I'm not constantly thinking should I change again.” Also, questions are being raised on Vivaldi, for linking ‘abusive ads’ to Google's guidelines for abusive ads. A user on Hacker News comments that “The "abusive ads" text links to Google's guidelines for abusive ads: is this what Vivaldi is using to determine what's "abusive"?” There are others who prefer Firefox over Vivaldi due to the latter’s slow-moving nature. A user explains that “I switched from Chrome to Vivaldi and back to Firefox for two reasons: 1) Vivaldi rendering performance is the worst I've ever seen in a browser. No idea how they managed that using webkit, but some sites would make tabs crash on a high end system. 2) The web developer tools are unusable due to bugs. 3) Fixing simple but impactful bugs takes too long. I really like their useful and plenty settings for everything, but 1) and 2) make it a no go for me.” For more information read Vivaldi’s blog. Mozilla puts “people’s privacy first” in its browser with updates to Enhanced Tracking Protection, Firefox Lockwise and Firefox Monitor Tor Browser 8.5, the first stable version for Android, is now available on Google Play Store! All about Browser Fingerprinting, the privacy nightmare that keeps web developers awake at night