Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletter Hub
Free Learning
Arrow right icon
timer SALE ENDS IN
0 Days
:
00 Hours
:
00 Minutes
:
00 Seconds

Tech News - Web Development

354 Articles
Matthew Emerick
17 Aug 2020
6 min read
Save for later

Understanding React's useRef Hook from ui.dev's RSS Feed

Matthew Emerick
17 Aug 2020
6 min read
The marketing pitch for useState is that it allows you to add state to function components. This is true, but we can break it down even further. Fundamentally, the useState Hook gives you two things - a value that will persist across renders and an API to update that value and trigger a re-render. const [value, setValueAndReRender] = React.useState( 'initial value' ) When building UI, both are necessary. Without the ability to persist the value across renders, you’d lose the ability to have dynamic data in your app. Without the ability to update the value and trigger a re-render, the UI would never update. Now, what if you had a use case where you weren’t dealing with any UI, so you didn’t care about re-rendering, but you did need to persist a value across renders? In this scenario, it’s like you need the half of useState that lets you persist a value across renders but not the other half that triggers a re-render — Something like this. function usePersistentValue (initialValue) { return React.useState({ current: initialValue })[0] } Alright, stick with me here. Remember, useState returns an array with the first element being a value that will persist across renders and the second element being the updater function which will trigger a re-render. Since we only care about the first element, the value, we append [0] to the invocation. Now, whenever we invoke usePersistentValue, what we’ll get is an object with a current property that will persist across renders. If it’s still fuzzy, looking at an actual example may help. If you’re not familiar with the native browser APIs setInterval and clearInterval, you can read about them here before continuing on. Let’s say we were tasked to build an app that had a counter that incremented by 1 every second and a button to stop the counter. How would you approach this? Here’s what one implementation might look like. function Counter () { const [count, setCount] = React.useState(0) let id const clear = () => { window.clearInterval(id) } React.useEffect(() => { id = window.setInterval(() => { setCount(c => c + 1) }, 1000) return clear }, []) return ( <div> <h1>{count}</h1> <button onClick={clear}>Stop</button> </div> ) } 💻 Play with the code. id is created inside of useEffect but we need to access it inside of the clear event handler to stop the interval. To do that, we move the declaration of id up to the main scope and then initialize it with the id when the effect runs. All good, right? Sadly, no. The reason for this is because id doesn’t persist across renders. As soon as our count state variable changes, React will re-render Counter, re-declaring id setting it back to undefined. What we need is a way to persist the id across renders 😏. Luckily for us, we have our usePersistentValue Hook we created earlier. Let’s try it out. function usePersistentValue(initialValue) { return React.useState({ current: initialValue })[0] } function Counter() { const [count, setCount] = React.useState(0) const id = usePersistentValue(null) const clearInterval = () => { window.clearInterval(id.current) } React.useEffect(() => { id.current = window.setInterval(() => { setCount(c => c + 1) }, 1000) return clearInterval }, []) return ( <div> <h1>{count}</h1> <button onClick={clearInterval}>Stop</button> </div> ) } 💻 Play with the code. Admittedly, it’s a bit hacky but it gets the job done. Now instead of id being re-declared on every render, because it’s really a value coming from useState, React will persist it across renders. As you probably guessed by now, the ability to persist a value across renders without causing a re-render is so fundamental that React comes with a built-in Hook for it called useRef. It is, quite literally, the same as our usePersistentValue Hook that we created. To prove this, here’s the exact same code as before except with useRef instead of usePersistentValue. function Counter() { const [count, setCount] = React.useState(0) const id = React.useRef(null) const clearInterval = () => { window.clearInterval(id.current) } React.useEffect(() => { id.current = window.setInterval(() => { setCount(c => c + 1) }, 1000) return clearInterval }, []) return ( <div> <h1>{count}</h1> <button onClick={clearInterval}>Stop</button> </div> ) } 💻 Play with the code. useRef follows the same API we created earlier. It accepts an initial value as its first argument and it returns an object that has a current property (which will initially be set to whatever the initial value was). From there, anything you add to current will be persisted across renders. The most popular use case for useRef is getting access to DOM nodes. If you pass the value you get from useRef as a ref prop on any React element, React will set the current property to the corresponding DOM node. This allows you to do things like grab input values or set focus. function Form () { const nameRef = React.useRef() const emailRef = React.useRef() const passwordRef = React.useRef() const handleSubmit = e => { e.preventDefault() const name = nameRef.current.value const email = emailRef.current.value const password = passwordRef.current.value console.log(name, email, password) } return ( <React.Fragment> <label> Name: <input placeholder="name" type="text" ref={nameRef} /> </label> <label> Email: <input placeholder="email" type="text" ref={emailRef} /> </label> <label> Password: <input placeholder="password" type="text" ref={passwordRef} /> </label> <hr /> <button onClick={() => nameRef.current.focus()}> Focus Name Input </button> <button onClick={() => emailRef.current.focus()}> Focus Email Input </button> <button onClick={() => passwordRef.current.focus()}> Focus Password Input </button> <hr /> <button onClick={handleSubmit}>Submit</button> </React.Fragment> ) } 💻 Play with the code. If you want to add state to your component that persists across renders and can trigger a re-render when it’s updated, go with useState or useReducer. If you want to add state to your component that persists across renders but doesn’t trigger a re-render when it’s updated, go with useRef.
Read more
  • 0
  • 0
  • 1819

article-image-openjs-foundation-accepts-electron-js-in-its-incubation-program
Fatema Patrawala
12 Dec 2019
3 min read
Save for later

OpenJS Foundation accepts Electron.js in its incubation program

Fatema Patrawala
12 Dec 2019
3 min read
Yesterday, at the Node+JS Interactive in Montreal, the OpenJS Foundation announced the acceptance of Electron into the Foundation’s incubation program. The OpenJS Foundation provides vendor-neutral support for sustained growth within the open source JavaScript community. It's supported by 30 corporate and end-user members, including GoDaddy, Google, IBM, Intel, Joyent, and Microsoft. Electron is an open source framework created for building desktop apps using JavaScript, HTML, and CSS, it is based on Node.js and Chromium. Additionally, Electron is widely used on many well-known applications including Discord, Microsoft Teams, OpenFin, Skype, Slack, Trello, Visual Studio Code, etc. “We’re heading into 2020 excited and honored by the trust the Electron project leaders have shown through this significant contribution to the new OpenJS Foundation,” said Robin Ginn, Executive Director of the OpenJS Foundation. He further added, “Electron is a powerful development tool used by some of the most well-known companies and applications. On behalf of the community, I look forward to working with Electron and seeing the amazing contributions they will make.” Electron’s cross-platform capabilities make it possible to build and run apps on Windows, Mac, and Linux computers. Initially developed by GitHub in 2013, today the framework is maintained by a number of developers and organizations. Electron is suited for anyone who wants to ship visually consistent, cross-platform applications, fast and efficiently. “We’re excited about Electron’s move to the OpenJS Foundation and we see this as the next step in our evolution as an open source project,” said Jacob Groundwater, Manager at ElectronJS and Principal Engineering Manager at Microsoft. “With the Foundation, we’ll continue on our mission to play a prominent role in the adoption of web technologies by desktop applications and provide a path for JavaScript to be a sustainable platform for desktop applications. This will enable the adoption and development of JavaScript in an environment that has traditionally been served by proprietary or platform-specific technologies.” What this means for developers Electron joining the OpenJS Foundation does not change how Electron is made, released, or used — and does not directly affect developers building applications with Electron. Even though Electron was originally created at GitHub, it is currently maintained by a number of organizations and individuals. In 2019, Electron codified its governance structure and invested heavily into formalizing how decisions affecting the entire project are made. The Electron team believes that having multiple organizations and developers investing in and collaborating on Electron makes the project stronger. Hence, lifting Electron up from being owned by a single corporate entity and moving it into a neutral foundation focused on supporting the web and JavaScript ecosystem is a natural next step as they mature in the open-source ecosystem. To know more about this news, check out the official announcement from the OpenJS Foundation website. The OpenJS Foundation accepts NVM as its first new incubating project since the Node.js Foundation and JSF merger Node.js and JS Foundations are now merged into the OpenJS Foundation Denys Vuika on building secure and performant Electron apps, and more
Read more
  • 0
  • 0
  • 7642

article-image-you-can-now-use-webassembly-from-net-with-wasmtime
Vincy Davis
05 Dec 2019
3 min read
Save for later

You can now use WebAssembly from .NET with Wasmtime!

Vincy Davis
05 Dec 2019
3 min read
Two months ago, ASP.NET Core 3.0 was released with an updated version of the Blazor framework. This framework allows the building of interactive client-side web UI with .NET. Yesterday, Peter Huene, a staff research engineer at Mozilla shared his experience of using Wasmtime with .NET. He affirms that using this format will enable developers to programmatically load and execute WebAssembly code directly from their .NET programs. Key benefits of using WebAssembly from .NET with Wasmtime Share more code across platforms Although .NET Core enables cross-platform use, developers find it difficult to use a native library as .Net Core requires native interop and a platform-specific build for each supported platform. However, if the native library is compiled to WebAssembly, then the same WebAssembly module can be used across many different platforms and programming environments, including .NET. Thus a more simplified distribution of the library and applications will allow developers to share more codes across platforms. Securely isolate untrusted code According to Huene, “The .NET Framework attempted to sandbox untrusted code with technologies such as Code Access Security and Application Domains, but ultimately these failed to properly isolate untrusted code.” This resulted in Microsoft deprecating its use for sandboxing and removing it from .NET Core. Huene asserts that since WebAssembly is designed for the web, its module will enable users to call the external explicitly imported function from a host environment and will also give access to only a region of memory given to it by the host. With WebAssembly, users can also leverage this design to sandbox code in a .NET program. Improved interoperability with interface types In August this year, WebAssembly’s interface types permitted users to run WebAssembly with many programming languages like Python, Ruby, and Rust. This interoperability reduced the amount of glue code which was necessary for passing complex types between the hosting application and a WebAssembly module. According to Huene, if Wasmtime implements official support for interface types for .NET API in the future, it will enable a seamless exchange of complex types between WebAssembly and .NET. Users have liked the approach of using WebAssembly from .NET with Wasmtime. https://twitter.com/mattferderer/status/1202276545840197633 https://twitter.com/seangwright/status/1202488332011347968 To know how Peter Huene used WebAssembly from .NET, check out his demonstrations on the Mozilla Hacks blog. Exploring .Net Core 3.0 components with Mark J. Price, a Microsoft specialist .NET Framework API Porting Project concludes with .NET Core 3.0 Wasmer’s first Postgres extension to run WebAssembly is here! Wasmer introduces WebAssembly Interfaces for validating the imports and exports of a Wasm module Introducing SwiftWasm, a tool for compiling Swift to WebAssembly
Read more
  • 0
  • 0
  • 5544
Banner background image

article-image-firefox-71-released-with-new-developer-tools-features
Savia Lobo
04 Dec 2019
5 min read
Save for later

Firefox 71 released with new developer tools features

Savia Lobo
04 Dec 2019
5 min read
Yesterday, the Firefox team announced its latest version, Firefox 71. This version includes a plethora of new developer tools features such as web socket message inspector, console multi-line editor mode, log on events, and network panel full-text search. Many of these features were first made available in the Firefox Developer Edition and later improved based on the feedback. Other highlights in Firefox 71 includes new web platform features such as CSS subgrid, column-span, Promise.allSettled, and the Media Session API. What’s new in Firefox 71? Improvements in speed and reliability In Firefox 71, the team took some help from the JavaScript team by improving the caching of scripts during a startup. This made both Firefox and DevTools start faster. “One Console test got an astonishing 40% improvement while times across every panel were boosted by 8-15%”, the official blog post mentions. Also, the links to scripts, for example, from the event handler tooltip in the Inspector or the stack traces in the Console, reliably gets you to the expected line and debugging sources loaded through eval() now also works as expected. WebSocket Message Inspector In Firefox 71, the Network panel has a new Messages tab. You can observe all messages sent and received through a WebSocket connection: Source: Mozilla Hacks Sent frames have a green up-arrow icon, while received frames have a red down-arrow icon. You can click on an individual frame to view its formatted data. Know more about WebSocket Message Inspector on the official post. Console multi-line editor mode Another developer tools feature in Firefox 71 is the new multi-line console. It combines the benefits of IDEs to authoring code with the workflow of repeatedly executing code in the context of the page. If you open the regular console, you’ll see a new icon at the end of the prompt row. Source: Mozilla Hacks Clicking this will switch the console to multi-line mode: Source: Mozilla Hacks Here you can enter multiple lines of code, pressing enter after each one, and then run the code using Ctrl + Enter. You can also move between statements using the next and previous arrows. The editor includes regular IDE features you’d expect, such as open/close bracket pair highlighting and automatic indentation. Inline variable preview in Debugger The JavaScript Debugger now provides inline variable previewing, which is a useful timesaver when stepping through your code. In previous versions, you had to scroll through the scope panel to find variable values or hover over a variable in the source pane. In the current version, when execution pauses, you can view relevant variable and property values directly in the source. Source: Mozilla Hacks Using the babel-powered source mapping, preview also works for variables that have been renamed or minified by build steps. Make sure to enable this power-feature by checking Map in the Scopes pane. Log on Event Listeners There have been a few updates in the event listener breakpoints in Firefox 71. A few improvements include, log on events lets you explore which event handlers are being fired in which order without the need for pausing and stepping. Hence, if we choose to log keyboard events, for example, the code no longer pauses as each event is fired: Source: Mozilla Hacks Instead, we can then switch to the console, and whenever we press a key we are given a log of where related events were fired. CSS improvements In Firefox 71, the new CSS includes subgrid, multicol, clip-path: path, and aspect ratio mapping. Subgrid A feature that has been enabled in 71 after being supported behind a pref for a while, the subgrid value of grid-template-columns and grid-template-rows allows you to create a nested grid inside a grid item that will use the main grid’s tracks. This means that grid items inside the subgrid will line up with the parent’s grid tracks, making various layout techniques much easier. Multicol — column-span CSS multicol support has moved forward in a big way with the inclusion of the column-span property in Firefox 71. This allows you to make an element span across all the columns in a multicol container (generated using column-width or column-count). Clip-path: path() The path() value of the clip-path property is now enabled by default — this allows you to create a custom mask shape using a path() function, as opposed to a predefined shape like a circle or ellipse. Aspect ratio mapping Finally, the height and width HTML attributes on the <img> element are now mapped to an internal aspect-ratio property. This allows the browser to calculate the image’s aspect ratio early on and correct its display size before it has loaded if CSS has been applied that causes problems with the display size. There are also a few minor JavaScript changes in this release including, Promise.allSettled(), the Media Session API, and WebGL multiview. A lot of users are excited about this release and are looking forward to trying it out. https://twitter.com/IshSookun/status/1201897724943036417 https://twitter.com/awhite/status/1202163413021077504 To know more about this news in detail, read Firefox 71 official announcement. The new WebSocket Inspector will be released in Firefox 71 Firefox 70 released with better security, CSS, and JavaScript improvements Google and Mozilla to remove Extended Validation indicators in Chrome 77 and Firefox 70
Read more
  • 0
  • 0
  • 5854

article-image-django-3-0-released-with-built-in-async-functionality-and-support-for-mariadb-and-python-3-6-3-7-and-3-8
Sugandha Lahoti
03 Dec 2019
2 min read
Save for later

Django 3.0 released with built-in async functionality and support for MariaDB and Python 3.6, 3.7 and 3.8

Sugandha Lahoti
03 Dec 2019
2 min read
Yesterday, Django released its latest major update - Django 3.0. Django is a Python-based web framework designed to help developers build apps faster with less code. Django 3.0 now comes with built-in async functionality, Python 3.6, 3.7 and 3.8 support and third-party library support for the older version of Django. New features in Django 3.0 MariaDB support Django now officially supports MariaDB 10.1 and higher. To use MariaDB you should use the MySQL backend, which is shared between the two. ASGI support for async programming Django 3.0 provides support for running as an ASGI application, making Django fully async-capable (Django already has existing WSGI support). However, async features will only be available to applications that run under ASGI. As a side-effect of this change, Django is now aware of asynchronous event loops and will block you calling code marked as “async unsafe” - such as ORM operations - from an asynchronous context. This was one of the most eagerly awaited features. https://twitter.com/jmcampbell72/status/1201502666431619072 https://twitter.com/arocks/status/1201711143103807490 https://twitter.com/gtcarvalh0/status/1201475826564382720 Exclusion constraints on PostgreSQL Django 3.0 adds a new ExclusionConstraint class which adds exclusion constraints on PostgreSQL. Constraints are added to models using the Meta.constraints option. Filter expressions Expressions that output BooleanField may now be used directly in QuerySet filters, without having to first annotate and then filter against the annotation. Enumerations for model field choices Custom enumeration types TextChoices, IntegerChoices, and Choices are now available as a way to define Field.choices. TextChoices and IntegerChoices types are provided for text and integer fields. Django 3.0 has also dropped support for PostgreSQL 9.4 which ends in December 2019. It also removes private Python 2 compatibility APIs. The upstream support for Oracle 12.1 also ends in July 2021. Django 2.2 will be supported until April 2022. Django 3.0 officially supports Oracle 12.2 and 18c. The complete list of updates is available in the release notes. Django 3.0 is going async! Which Python framework is best for building RESTful APIs? Django or Flask? Django 2.2 is now out with classes for custom database constraints
Read more
  • 0
  • 0
  • 8090

article-image-firefox-preview-3-0-released-with-enhanced-tracking-protection-open-links-in-private-tab-by-default-and-more
Fatema Patrawala
28 Nov 2019
3 min read
Save for later

Firefox Preview 3.0 released with Enhanced Tracking Protection, Open links in Private tab by default and more

Fatema Patrawala
28 Nov 2019
3 min read
Earlier this month, the Firefox team released the Firefox Preview 3.0 with various features to make browsing and bookmarking safer and easier. This release features a default Enhanced Tracking Protection feature for all users, and notifications support for long-running downloads. Key features in Firefox Preview 3.0 Enhanced tracking protection The Enhanced tracking protection will protect you from ads, analytics, cryptomining and fingerprinting trackers. Open links in private tabs by default Firefox Preview 3.0 lets you open pages directly in private browsing, so you can search and browse without saving any history on the browser. Option to clear browsing information on exit The Quit option in the menu automatically deletes your browsing history every time they exit Firefox through that Quit option. Option to choose what information should be synced across devices  In this release you can choose what types of browsing information should be synced across devices. Set an autoplay or background behavior The latest Firefox Preview gives you lots of options for playing video and audio on phones, including background playback and auto-play settings. See and manage downloads You can easily download files from various sites within Firefox Preview. A progress bar displays in the Notifications panel when the download begins, giving you the ability to pause/resume or cancel the download. If the download fails, tap Try Again to restart it. If the download is successful, a confirmation pop-up displays where you can tap Open to open the file. Updated browser menu An updated browser menu has replaced the Quick Action bar present in older versions of Firefox. Manually add search engines Firefox Preview gives the ability to set a default search engine. There are a variety of search engines to choose from such as Google and Bing. You can also manually add other search engines and set them as your default. Move the navigation bar to the top or bottom By default, the Firefox Preview navigation bar displays at the bottom of the app. However, you can move it to the top of the app if desired. Force enable zoom With this, you’ll always have the ability to zoom in when accessing various websites. You can use the + sign that displays at the bottom of every website within Firefox Preview to zoom in if necessary. To know more about this release in detail, check out the official Firefox blog page. Firefox 70 released with better security, CSS, and JavaScript improvements The new WebSocket Inspector will be released in Firefox 71 Mozilla brings back Firefox’s Test Pilot Program with the introduction of Firefox Private Network Beta Firefox 69 allows default blocking of third-party tracking cookies and cryptomining for all users Scroll Snapping and other cool CSS features come to Firefox 68
Read more
  • 0
  • 0
  • 4228
Unlock access to the largest independent learning library in Tech for FREE!
Get unlimited access to 7500+ expert-authored eBooks and video courses covering every tech area you can think of.
Renews at $19.99/month. Cancel anytime
article-image-tim-berners-lee-launches-a-nine-principle-contract-for-the-web-to-save-the-web
Sugandha Lahoti
25 Nov 2019
7 min read
Save for later

Tim Berners-Lee launches a nine-principle ‘Contract for the Web’ to save the web

Sugandha Lahoti
25 Nov 2019
7 min read
Update: Mozilla declared on the 28th November, that they now support the Contract for the Web. However, they have not signed the contract yet but would consider doing so if stronger accountability measures are added. Mozilla said they would "like to see a clear method for accountability as part of the signatory process, particularly since some of the big tech platforms are high profile signatories." Tim Berners-Lee has been talking extensively about his plans to save the web in the past, also sharing a detailed outline which he called a ‘Contract for the Web’. Over the weekend, he finally launched this global plan to fight misinformation, fake news and propaganda, and other privacy violations. Berners-Lee had outlined his vision at the Web Summit event last year. He wanted to restore some degree of equilibrium and transparency to the digital realm. He had listed down three sources of problems that are affecting today’s web. Deliberate, malicious intent, such as state-sponsored hacking and attacks, criminal behavior, and online harassment. System design that creates perverse incentives where user value is sacrificed, such as ad-based revenue models that commercially reward clickbait and the viral spread of misinformation. Unintended negative consequences of benevolent design, such as the outraged and polarised tone and quality of online discourse. Although Berners-Lee was relatively light on detail at that time, the full contract was due to be published in May 2019. The plan got delayed by almost 6 months and was completely unveiled on Saturday, 23rd November 2019. The agenda of this Contract is to make the online world safe, empowering and genuinely welcoming for everyone. Contract for the Web outlines nine principles inviting governments, companies, civil society organizations and individuals to back the Contract and uphold its principles and clauses. The contract has nine core principles, while underneath them is a total of 76 clauses. Contract for the Web has been worked on by 80 organizations for more than a year. It has the backing of more than 150 organizations, from Microsoft, Google, Facebook, Twitter, Reddit, DuckDuckGo along with the digital rights group the Electronic Frontier Foundation. Amazon remained notable absent from endorsing the principles. The nine principles of ‘Contract for the Web’ For Governments Ensure everyone can connect to the internet By setting and tracking ambitious policy goals By designing robust policy-frameworks and transparent enforcement institutions to achieve such goals By ensuring systematically excluded populations have effective paths towards meaningful internet access Keep all of the internet available, all of the time By establishing legal and regulatory frameworks to minimize government-triggered internet disruptions, and ensure any interference is only done in ways consistent with human rights law By creating the capacity to ensure demands to remove illegal content are done in ways that are consistent with human rights law By promoting openness and competition in both internet access and content layers Respect and protect people’s fundamental online privacy and data rights By establishing and enforcing comprehensive data protection and rights frameworks By requiring that government demands for access to private communications and data are necessary and proportionate to the aim pursued By supporting and monitoring privacy and online data rights For Companies Make the internet affordable and accessible to everyone By crafting policies that address the needs of systematically excluded groups By working towards an ever-increasing quality of service. By ensuring full use of the internet by all, through close coordination with Government and Civil Society Respect and protect people’s privacy and personal data to build online trust By giving people control over their privacy and data rights, with clear and meaningful choices to control processes involving their privacy and data By supporting corporate accountability and robust privacy and data protection by design By making privacy and data rights equally available to everyone Develop technologies that support the best in humanity and challenge the worst By being accountable for their work, through regular reports By engaging with all communities in an inclusive way By investing in and supporting the digital commons For Citizens Be creators and collaborators on the Web by being active participants in shaping the Web, including content and systems made available through it. Build strong communities that respect civil discourse and human dignity by working towards a more inclusive Web. Fight for the Web by being active citizens so the Web remains open and a global public resource for people everywhere, now and in the future. Launching the Contract, Sir Tim said, “The power of the web to transform people’s lives, enrich society and reduce inequality is one of the defining opportunities of our time. But if we don’t act now — and act together — to prevent the web being misused by those who want to exploit, divide and undermine, we are at risk of squandering that potential. He added, “The forces taking the web in the wrong direction have always been very strong, whether you’re a company or a government, controlling the web is a way to make huge profits or a way of ensuring you remain in power. The people are arguably the most important part of this because it’s only the people who will be motivated to hold the other two to account.” The plan releases at a crucial moment in time as large internet companies like Facebook and Google are facing heightened regulatory pressure over how they handle consumers’ information and protect their privacy. Recently, Amnesty International released a new report calling for a radical transformation of the tech giants’ core business model. It said that Facebook and Google’s omnipresent surveillance of billions of people poses a systemic threat to human rights. Actor and comedian Sacha Baron Cohen also attacked  Facebook and other social media platforms in his speech at the Anti-Defamation League (ADL). He criticized them for enabling the proliferation of hate speech and misinformation describing Facebook as “the greatest propaganda machine in history”. However, the fact that Google and Facebook have signed up for this plan raised eyebrows. A comment on Hacker news reads, “Does Google and Facebook "signing" it means they agree to abide by the plan? If not, signing it means nothing. If so, then either they are lying, or the plan imposes so few restrictions that it is worthless.” The plan itself was met with mixed reactions on social media. While some appreciated and backed the contract. https://twitter.com/dsmooney/status/1198785438976221184 https://twitter.com/hopkinsdavid/status/1198859610481934336 Others felt that the plan isn't taking any strong stances and provides zero actionable guidance. A comment on Hacker News reads, “I'm sorry, but this just sounds like a bunch of feel-good babble that isn't taking anything seriously. Free speech? Fundamental rights? "Support the best in humanity"? "Build strong communities"? Yes, these are all good things. But also all in deep, fundamental conflict with each other. Moral and political philosophers have been debating how to resolve them for centuries... and the disagreements are just as strong as ever.” Another said, “This new scheme is a sort of UN for Web 1.0? And, like the UN, one that is totally powerless beyond sternly written letters and is governed by some of the greatest infringers of the very rights it's claiming to protect?” You can back the Contract for the Web at contractfortheweb.org. Read the full contract here. Tim Berners-Lee is on a mission to save the web he invented WWW turns 30: Tim Berners-Lee, its inventor, shares his plan to save the Web from its current dysfunctions Sir Tim Berners-Lee on digital ethics and socio-technical systems at ICDPPC 2018
Read more
  • 0
  • 0
  • 3686

article-image-wikipedia-co-founder-jimmy-wales-launches-wtsocial-to-counter-clickbait-nonsense-of-facebook-and-twitter
Bhagyashree R
19 Nov 2019
3 min read
Save for later

Wikipedia co-founder Jimmy Wales launches WT:Social to counter “clickbait nonsense” of Facebook and Twitter

Bhagyashree R
19 Nov 2019
3 min read
Last month, co-founder of Wikipedia, Jimmy Wales launched WikiTribune Social (WT:Social), a collaboratively editable news-focused social network. This site aims to compete with popular social networking platforms including Facebook and Twitter. WT:Social's business model What sets WT:Social apart from other popular social networking sites is its underlying business model. Instead of relying on pure advertising business model, WT:Social seeks donations from a small subset of users who want to donate. “The business model of social media companies, of pure advertising, is problematic. It turns out the huge winner is low-quality content,” Wales explained in an interview with Financial Times. Users who want free access are added to a waitlist. If you want to skip the queue, you can do that by paying a sum or inviting your friends. The subscription amount is $12.99 monthly and $100 yearly in the US. In the UK it is €10 monthly and €80 yearly. In Europe, the subscription costs are €12 a month or €90 a year. You can either pay through PayPal or your credit card. Since its launch in October, the site now has 200,000 members, Wales tweeted yesterday. https://twitter.com/jimmy_wales/status/1196571245569073153 WT:Social is a revamped version of WikiTribune, the collaborative news site that Wales and Orit Kopel, a human rights lawyer and founder of Glass Voices introduced in 2017. The site employed a team of journalists who worked with volunteer contributors to report, write, edit, fact-check and develop news stories. The Wired reports that WikiTribune’s initial crowdfunding round raised at least £137,000. However, in 2018 the company reported over £110,000 in losses and had to lay off its editorial staff. What is different in WT:Social as compared to WikiTribune is the concept of “subwikis”. Instead of covering news that interested readers all over the world, WT:Social builds small communities in the form of subwikis that can sustain themselves. There a number of subwikis on the site that you can join based on your interest. Source: WT:Social To combat fake news and “clickbait nonsense” of existing social networks, WT:Social simply allows users to edit misleading headlines. Wales shared with the Financial Times, “Almost everything on the platform is editable. That alone gives a huge incentive for good behavior because if you say something obnoxious, someone will just delete it.” This launch sparked a discussion on Hacker News where people appreciated this initiative, while some others were upset with the considerably steep subscription prices. Others were not very sure whether the “everything editable” policy will sustain when the site reaches million+ users. Some others talked about going for other alternatives like Mastodon and Micro.blog. “I'm not saying that this is similar to Netflix or Amazon or a national newspaper, but it's more about how the more popular as well as niche/premium services have priced themselves and how people perceive value. Comparatively, this $12.99/month or $100/year social network focused on the news seems like it's meant for some sections of first-world inhabitants. It could've probably done better with a currency-adjusted or purchasing power parity specific rate. For example, Cloudflare WARP+ costs about $0.97 a month (compared to $4.99 a month in the US),” a user commented. France and Germany reaffirm blocking Facebook’s Libra cryptocurrency Cryptographic key of Facebook’s Free Basics app has been compromised Wikipedia hit by massive DDoS (Distributed Denial of Service) attack; goes offline in many countries  
Read more
  • 0
  • 0
  • 3938

article-image-google-chrome-experiment-crashes-browsers-thousands-it-admins-worldwide
Sugandha Lahoti
18 Nov 2019
4 min read
Save for later

Google Chrome 'secret' experiment crashes browsers of thousands of IT admins worldwide

Sugandha Lahoti
18 Nov 2019
4 min read
On Thursday last week, thousands of IT admins were left aghast when their Google Chrome browsers went blank, the White Screen of Death, and effectively crashed the browser. This was because Google was silently experimenting with a new WebContents Occlusion feature. The WebContents Occlusion feature is designed to suspend Chrome tabs when you move other apps on top of them and reduce resource usage when the browser isn’t in use. This feature is expected to reduce battery usage (for Chrome and other apps running on the same machine). This feature had been under testing in Chrome Canary and Chrome Beta releases. However last week, Google decided to test it in the main stable release, so it could get more feedback on how it behaved. "The experiment/flag has been on in beta for ~5 months," said David Bienvenu, a Google Chrome engineer in a Chromium bug thread. "It was turned on for stable (e.g., M77, M78) via an experiment that was pushed to released Chrome Tuesday morning." The main issue was that this experiment was released silently to the stable release, without IT admins or users being warned about Google’s changes. Naturally, Chrome users were left confused and lashed out their anger and complaints on Google Chrome’s support forum. Business users who were affected included those that run Chrome on Windows Server "terminal server" environments and on Citrix servers. Due to browser-crashing, employees working in tightly controlled enterprise environments were unable to switch browsers impacting business-critical functionality. After multiple complaints from businesses and users, Google rolled back the change late on Thursday night. “I’ll rollback the launch of this experiment and try to figure out how to deal with Citrix,” noted Bienvenu in the bug thread. Later a new Chrome configuration file was pushed out to users. "I believe it's more of a pull than a push thing," Bienvenu said, "so once the update is live on the Google servers, the next time you launch Chrome, you should get the new config. Google's Chrome experiment left ID admins confused Many IT admins were also angry that they’ve wasted valuable resources and time on trying to fix issues in their environment thinking it was their own fault. “We spent the better part of yesterday trying to determine if an internal change had occurred in our environment without our knowledge”, wrote an angry user. “We did not realize this type of event could occur on Chrome unbeknownst to us. We are already discussing alternative options, none of them are great, but this is untenable.", writes an angry user. Others urged Google that they should be allowed to opt out of any Google Chrome experiments. “Would like to be excluded from further experimental changes. We have had the sporadic white screen of deaths over the past few weeks. How would we have ever known it was a part of the 1%?  We chalked it off as bad Chrome profiles. We still have fresh memories of the experimental Chrome sound issue. That was very disruptive too. Please test your changes in your internal rdsh/Citrix environment. Please give us the option to opt out of "experimental" changes.  Thank you for your consideration.” Another said, “We've been having random issues for quite some time, and our agents could be in this 1%. This last one was a huge impact on our customer-facing agents, not to mention working all day yesterday and today of troubleshooting. Is there a way to be excluded from these experimental changes? If Chrome is going to be an enterprise browser, we need stability.” With Google Chrome’s mishap, more people are advocating moving to different browsers that give more control to its end users. Chrome also came under fire recently when it started experimenting with Manifest V3 extension in Chrome 80 Canary build. Chrome’s ad-blocking changes received overwhelmingly negative feedback as it can stop the working of many popular ad-blockers. Other browsers are also popping up now and then which offer better user privacy and ad-blocking features - Brave 1.0 being the latest in the line. Brave 1.0 releases with focus on user privacy, crypto currency-centric private ads and payment platform Google starts experimenting with Manifest V3 extension in Chrome 80 Canary build. Expanding Web Assembly beyond the browser with Bytecode Alliance, a Mozilla, Fastky, Intel and Red Hat partnership.
Read more
  • 0
  • 0
  • 4252

article-image-brave-1-0-releases-with-focus-on-user-privacy-crypto-currency-centric-private-ads-and-payment-platform
Fatema Patrawala
14 Nov 2019
5 min read
Save for later

Brave 1.0 releases with focus on user privacy, crypto currency-centric private ads and payment platform

Fatema Patrawala
14 Nov 2019
5 min read
Yesterday, Brave, the company co-founded by ex-Mozilla CEO, Brendan Eich, launched version 1.0 of its browser for Windows, macOS, Linux, Android and iOS. In a browser market where users have to compromise on their privacy, Brave is positioning itself as a fast option that preserves users’ privacy with strong default settings, as well as a crypto currency-centric private ads and payment platform that allows users to reward content creators. “Surveillance capitalism has plagued the Web for far too long and we’ve reached a critical inflection point where privacy-by-default is no longer a nice-to-have, but a must-have. Users, advertisers, and publishers have finally had enough, and Brave is the answer. Brave 1.0 is the browser reimagined, transforming the Web to put users first with a private, browser-based ads and payment platform. With Brave, the Web can be a rewarding experience for all, without users paying with their privacy.” said Brendan Eich, co-founder and CEO of Brave Software. “Either we all accept the $330 billion ad-tech industry treating us as their products, exploiting our data, piling on more data breaches and privacy scandals, and starving publishers of revenue; or we reject the surveillance economy and replace it with something better that works for everyone. That’s the inspiration behind Brave,” he added. The company also announced last month that Brave has about 8 million monthly active users. Brave offers a privacy-first approach to its users that natively blocks trackers, invasive ads, and device fingerprinting. This leads to substantial improvements in speed, privacy, security, performance, and battery life. It has default settings to block phishing, malware, and malvertising. Embedded plugins, which have proven to be an ongoing security risk, are disabled by default in Brave. Browsing data always stays private and on the user’s device, which means Brave will never see or store the data on its servers or sell user data to third-parties. Brave 1.0 key features Additionally Brave 1.0 offers some unique features to its users: Brave Rewards program to fund open web – By activating Brave Reward, users can support their favorite publishers and content creators and integrate Brave wallet on both desktop and mobile. This feature allows users to send Basic Attention Tokens (BAT) as tips for great content, either directly as they browse or by defaulting to recurring monthly payments to continuously support websites you visit frequently. There are over 300,000 verified websites on-boarded on Brave for this program including The Washington Post, The Guardian, Wikipedia, YouTube, Twitch, Twitter, GitHub and more. Brave Ads compensate users for their attention – Brave has a new blockchain-based advertising model that enables privacy and gives 70% of its revenue share in the form of Basic Attention Tokens (BAT) to users who view the Brave ads. These ads are a part of private ad network and Brave Rewards program. It allows users to opt-in to view relevant privacy-preserving ads in exchange for earning BAT. When users opt into Brave Rewards, Brave ads are enabled by default. As per the content viewed by a user, ad matching happens directly on the user’s device, so their data is never sent to anyone, and they see rewarding ads without mass surveillance. Users can also transfer their earned BAT from the wallet and convert into digital assets and fiat currencies, but they need to complete the verification process with Uphold, a digital money platform. Brave Shields for automatic ad and tracker blocking – Brave Shields, this feature is enabled by default and is customizable from the address bar. It blocks invasive third-party ads, trackers, and autoplay videos immediately – without needing to install any additional programs. On Hacker News, users have appreciated the way Brave browser operates and rewards its content consumers as well as the creators. One of them has explained its functioning in detail, “I've been using Brave rewards, both as a user and a content maker. It's really great, and I feel this may be a reasonable alternative to the invasive trackers+ads we have today. For the uninitiated, Brave lets users opt-in to Brave rewards: - You set your browser to reward content creators with Basic Attention Token (BAT). You set a budget (e.g. 10 BAT/month), and Brave distributes it the sites you use most, e.g. if you watch a particular YouTube channel 30% of your browsing time, it will send 30% of 10 BAT each month to that content creator. - As a user, you can get paid in BAT. You tell Brave if you're willing to see ads, and how often. If so, you get paid in BAT, which you can then distribute to content creators. Brave ads are different: rather than intrusive in-page ads, Brave ads show up as a notification in your operating system outside of the page. This prevents slow downs of the page, keeping your browsing focused, while still allowing support of content creators. And of course, Brave ads are optional and opt-in.” You can download Brave for free, by visiting official Brave page, Google Playstore or the App Store. Google is circumventing GDPR, reveals Brave’s investigation for the Authorized Buyers ad business case Brave ad-blocker gives 69x better performance with its new engine written in Rust Edge, Chrome, Brave share updates on upcoming releases, recent milestones, and more at State of Browsers event Brave launches its Brave Ads platform sharing 70% of the ad revenue with its users Brave Privacy Browser has a ‘backdoor’ to remotely inject headers in HTTP requests: HackerNews
Read more
  • 0
  • 0
  • 3532
article-image-google-starts-experimenting-with-manifest-v3-extension-in-chrome-80-canary-build
Sugandha Lahoti
12 Nov 2019
3 min read
Save for later

Google starts experimenting with Manifest V3 extension in Chrome 80 Canary build

Sugandha Lahoti
12 Nov 2019
3 min read
In spite of the overwhelmingly negative feedback on the Manifest V3 extension system, Google is standing firm on Chrome’s ad-blocking changes. Last month, the company announced that it has begun testing its upcoming extension manifest V3 in the latest Chrome Canary build. As of October 31st, the Manifest V3 developer preview has been made available in the Chrome 80 Canary build. Manifest v3 and why it can end multiple ad blockers Manifest v3 has become a bone of contention for many ad-block companies. This is because Google developers have introduced an alternative to the webRequest API (earlier used for ad-blocking) named the declarativeRequest API, which limits the blocking version of the webRequest API. Chrome developers listed two reasons behind this new update, one was performance (although that was nullified in a study by WhoTracks.me) and the other was a better privacy guarantee to users. Chrome currently imposes a limit of 30,000 rules. However, most popular ad-blocking rules lists use almost 75,000 rules. Although Google claimed that they’re looking to increase this number, they didn’t assure it. Many ad blocker maintainers and developers felt that the introduction of the declarativeNetRequest API can lead to the crippling of many already existing ad blockers. The lead developer of popular ad blocker uBlock Origin, which relies on the original functionality of the webRequest API, commented, “This breaks uBlock Origin and uMatrix, [which] are incompatible with the basic matching algorithm picked, ostensibly designed to enforce EasyList-like filter lists,” he explained in an email to The Register. “A blocking webRequest API allows open-ended content blocker designs, not restricted to a specific design and limits dictated by the same company which states that content blockers are a threat to its business.” Many users also mentioned that Chrome is using its dominance in the browser market to dictate what type of extensions are developed and used. A user commented, “As Chrome is a dominant platform, our work is prevented from reaching users if it does not align with the business goals of Google, and extensions that users want on their devices are effectively censored out of existence.” Others expressed that it is better to avoid all the drama by simply switching to some other browser, mainly Firefox. “Or you could cease contributing to the Blink monopoly on the web and join us of Firefox. Microsoft is no longer challenging Google in this space,” a user added. Manifest V3 proposed changes As a part of Chrome 80 Canary build, the Chrome team is continuing to iterate on the declarativeNetRequest API and its capabilities. As a part of this release, background service workers (killing background page and scripts) are now available for testing in manifest version 2 and 3 extensions in Canary. Remotely-hosted code restrictions and host permissions changes are currently a work in progress. They are also working on combining page_action and browser_action APIs to single-action API. The manifest v3 proposed changes are not finalized yet, and several features are currently works in progress. The MV3 stable release is expected in 2020. As part of this launch, Google has created a Migrating to Manifest V3 guide that developers can use to migrate their existing extensions. They have also built a guide specifically for migrating from background pages to service workers. Is it time to ditch Chrome? Ad blocking extensions will now only be for enterprise users Chromium developers propose an alternative to webRequest API that could result in existing ad blockers’ end. Google Chrome developers “clarify” the speculations around Manifest V3 after a study nullifies their performance hit argument.
Read more
  • 0
  • 0
  • 5285

article-image-apple-shares-tentative-goals-for-webkit-2020
Sugandha Lahoti
11 Nov 2019
3 min read
Save for later

Apple shares tentative goals for WebKit 2020

Sugandha Lahoti
11 Nov 2019
3 min read
Apple has released a list of tentative goals for WebKit in 2020 catering to WebKit users as well as Web, Native, and WebKit Developers. These features are tentative and there is no guarantee if these updates will ship at all. Before releasing new features, Apple looks at a number of factors that are arranged according to a plan or system. They look at developer interests and harmful aspects associated with a feature. Sometimes they also take feedback/suggestions from high-value websites. WebKit 2020 enhancements for WebKit users Primarily, WebKit is focused on improving performance as well as privacy and security. Some performance ideas suggested include Media query change handling, No sync IPC for cookies, Fast for-of iteration, Turbo DFG, Async gestures, Fast scrolling on macOS, Global GC, and Service Worker declarative routing. For privacy, Apple is focusing on improving Address ITP bypasses, logged in API, in-app browser privacy, and PCM with fraud prevention. They are also working on improving Authentication, Network Security, JavaScript Hardening, WebCore Hardening, and Sandbox Hardening. Improvements in WebKit 2020 for Web Developers For web platforms, the focus is on three qualities - Catchup, Innovation, and Quality. Apple is planning to bring improvements in Graphics and Animations (CSS overscroll-behavior, WebGL 2, Web Animations), Media (Media Session Standard MediaStream Recording, Picture-in-Picture API) and DOM, JavaScript, and Text. They are also looking to improve CSS Shadow Parts, Stylable pieces, JS builtin modules, Undo Web API and also work on WPT (Web Platform Tests). Changes suggested for Native Developers For Native Developers in the obsolete legacy WebKit, the following changes are suggested: WKWebView API needed for migration Fix cookie flakiness due to multiple process pools WKWebView APIs for Media Enhancements for WebKit Developers The focus is on improving Architecture health and service & tools. Changes suggested are: Define “intent to implement” style process Faster Builds (finish unified builds) Next-gen layout for line layout Regression Test Debt repayment IOSurface in Simulator EWS (Early Warning System) Improvements Buildbot 2.0 WebKit on GitHub as a project (year 1 of a multi-year project) On Hacker News, this topic was widely discussed with people pointing out what they want to see in WebKit. “Two WebKit goals I'd like to see for 2020: (1) Allow non-WebKit browsers on iOS (start outperforming your competition instead of merely banning your competition), and (2) Make iOS the best platform for powerful web apps instead of the worst, the leader instead of the spoiler.” Another pointed, “It would be great if SVG rendering, used for diagrams, was of equal quality to Firefox.” One said, “WebKit and the Safari browsers by extension should have full and proper support for Service Workers and PWAs on par with other browsers.” For a full list of updates, please see the WebKit Wiki page. Apple introduces Swift Numerics to support numerical computing in Swift Apple announces ‘WebKit Tracking Prevention Policy’ that considers web tracking as a security vulnerability Apple’s MacOS Catalina in major turmoil as it kills iTunes and drops support for 32 bit applications
Read more
  • 0
  • 0
  • 4809

article-image-snyks-javascript-frameworks-security-report-2019-shares-the-state-of-security-for-react-angular-and-other-frontend-projects
Bhagyashree R
04 Nov 2019
6 min read
Save for later

Snyk’s JavaScript frameworks security report 2019 shares the state of security for React, Angular, and other frontend projects

Bhagyashree R
04 Nov 2019
6 min read
Last week, Snyk, an open-source security platform published the State of JavaScript frameworks security report 2019. This report mainly focuses on security vulnerabilities and risks in React and Angular ecosystems. It further talks about security practices in other common JavaScript frontend ecosystem projects including Vue.js, Bootstrap, and JQuery. https://twitter.com/snyksec/status/1189527376197246977 Key takeaways from the State of JavaScript frameworks security report Security vulnerabilities in core Angular and React projects In the report, the ‘react’, ‘react-dom’, and ‘prop-types’ libraries were considered as the core modules of React since they often form the foundation for React web applications. Snyk’s research team was able to find three cross-site scripting (XSS) vulnerabilities in total: two in ‘react’ and one in ‘react-dom’. The two vulnerabilities in the ‘react’ library were present in its pretty older versions, 0.5.x versions and the versions prior to 0.14. However, the vulnerability in react-dom was found in a recent release, version 16.x. Its occurrence depends on other pre-conditions as well, such as using the library within a server-rendering context. All these vulnerabilities’ Common Vulnerability Scoring System (CVSS) score ranged 6.5 and 7.1, which basically means that they were all medium to high severity vulnerabilities. Coming to Angular, Snyk found 19 vulnerabilities across six different release branches of Angular 1.x or AngularJS, which is no longer maintained. Angular 1.5 has the highest number of vulnerabilities, with seven vulnerabilities in total. Out of those seven, three had high severity and four had medium severity. The good thing is that with every new version, the vulnerabilities have decreased both in terms of severity and count. Security risks of indirect dependencies React and Angular projects are often generated with a scaffolding tool that provides a boilerplate. While in React, we use the ‘create-react-app’ npm package, in Angular we use the ‘@angular/cli’ npm package. In a sample React and Angular project created using these scaffolding tools, it was found that both included development dependencies with vulnerabilities. The good thing is that neither of them had any production dependency security issues. “It’s worthy to note that Angular relies on 952 dependencies, which contain a total of two vulnerabilities; React relies on 1257 dependencies, containing three vulnerabilities and one potential license compatibility issue,”  the report states. Here’s the list of security vulnerabilities that were found in these sample projects: Source: Snyk Security vulnerabilities in the Angular module ecosystem For the purposes of this study, the Snyk research team divided the Angular ecosystem into three areas: Angular ecosystem modules, malicious versions of modules, developer tooling. The Angular module ecosystem has the following vulnerable modules: Source: Snyk Talking about the malicious versions of modules, the report lists three malicious versions for the ‘angular-bmap’, ‘ng-ui-library’, ‘ngx-pica’ modules. The ‘angular-bmap’ 0.0.9 version included a malicious code that collected sensitive information related to password and credit cards from forms. It then used to send this information to an attacker-controlled URL. Thankfully, this version is now taken down from the npm registry. The ‘ng-ui-library’ 1.0.987 has the same malicious code as  ‘angular-bmap’ 0.0.9, despite that it is still maintained. The third module, 'ngx-pica' (from versions 1.1.4 to 1.1.6) also has the same malicious code as the above two modules. In developer tooling, the module ‘angular-http-server’ was found vulnerable to directory traversal twice. Security vulnerabilities in the React module ecosystem In React’s case, Snyk found four malicious packages namely ‘react-datepicker-plus’, ‘react-dates-sc’, ‘awesome_react_utility’, and ‘reactserver-native’. These contain malicious code that harvests credit card and other sensitive information and attacks compromised modules on the React ecosystem. Notable vulnerable modules that were found in React’s ecosystem during this study: The ‘react-marked-markdown’ module has a high-severity XSS vulnerability that does not have any fix available as of now. The ‘preact-render-to-string’ library is vulnerable to XSS in all versions prior to 3.7.2. The ‘react-tooltip’ library is vulnerable to XSS attacks for all versions prior to 3.8.1. The ‘react-svg’ library has a high severity XSS vulnerability that was disclosed by security researcher Ron Perris affecting all versions prior to 2.2.18. The 'mui-datatables' library has the CSV Injection vulnerability. “When we track all the vulnerable React modules we found, we count eight security vulnerabilities over the last three years with two in 2017, six in 2018 and two up until August 2019. This calls for responsible usage of open source and making sure you find and fix vulnerabilities as quickly as possible,” the report suggests. Along with listing the security vulnerabilities in React and Angular, the report also shares the overall security posture of the two. This includes secure coding conventions, built-in secure capabilities, responsible disclosure policies, and dedicated security documentation for the project. Vue.js security In total, four vulnerabilities were detected in the Vue.js core project spanning from December 2017 to August 2018: three medium and one low regular expressions denial of service vulnerability. As for Vue’s module ecosystem, the report lists the following vulnerable modules: The ‘bootstrap-vue’ library has a high severity XSS vulnerability that was disclosed in January 2019 and affects all versions prior to <2.0.0-rc.12. The ‘vue-backbone’ library had a malicious version published. Bootstrap security The Snyk research team was able to track a total of seven XSS vulnerabilities in Bootstrap. Out of those seven, three were disclosed in 2019 for recent Bootstrap v3 versions and three security vulnerabilities were disclosed in 2018, one of which affects the newer 4.x Bootstrap release. All these vulnerabilities have security fixes and an upgrade path for users to remediate the risks. Among the vulnerable modules in the Bootstrap ecosystem are: The ‘bootstrap-markdown’ library that includes an unfixed XSS vulnerability affecting all versions. The ‘bootstrap-vuejs’ library has a high severity XSS vulnerability that affects all versions prior to bootstrap-vue 2.0.0-rc.12. The ‘bootstrap-select’ library also includes a high severity XSS vulnerability. This article touched upon some of the key findings of the report. Check out the full report by Snyk to know more in detail. React Native 0.61 introduces Fast Refresh for reliable hot reloading React Conf 2019: Concurrent Mode preview out, CSS-in-JS, React docs in 40 languages, and more Vue maintainers proposed, listened, and revised the RFC for hooks in Vue API
Read more
  • 0
  • 0
  • 6673
article-image-fedora-31-releases-with-performance-improvements-dropping-support-for-32-bit-and-docker-package
Fatema Patrawala
31 Oct 2019
2 min read
Save for later

Fedora 31 releases with performance improvements, dropping support for 32 bit and Docker package

Fatema Patrawala
31 Oct 2019
2 min read
Yesterday, the Fedora team announced the release of Fedora 31. This release brings in a few visual changes and performance improvements for Fedora users. Key changes and features in Fedora 31 Let us take a look at the key changes and new features added in this release. Latest GNOME 3.34 release brings in performance improvement With the latest GNOME 3.34 update, Fedora Workstation users will find certain visual changes and performance improvements. It will be easier to change the background or lock screen wallpaper with GNOME 3.34. In addition to this, users can create application folders in the overview to organize app drawer. Basically, new features included in GNOME 3.34 directly reflects in this release. You can check out the official blog post by GNOME.org that covers important changes with GNOME 3.34 for Fedora 31. Dropping 32-bit support In this release, users will no longer find 32-bit bootable images. The team has completely dropped the support for 32-bit i686 kernel. However some of the most popular 32-bit packages like Steam and Wine will continue to work. Docker package removed If you are using Docker, it is worth noting that this release has enabled CGroups V2 by default and removed Docker package. The official Fedora wiki page highlights this particular change as follows: “The Docker package has been removed from Fedora 31. It has been replaced by the upstream package moby-engine, which includes the Docker CLI as well as the Docker Engine. However, we recommend instead that you use podman, which is a Cgroups v2-compatible container engine whose CLI is compatible with Docker’s. Fedora 31 uses Cgroups v2 by default.” Updated packages in Fedora 31 Several packages are updated, some of the notable upgrades are: Glibc 2.30 NodeJS 12 Python 3 Updated Fedora flavors & improved hardware support For desktop users, Fedora Workstation matters, but this release will have a significant impact on other Fedora editions like Fedora Astronomy, Fedora IoT and so on. The team has improved support for certain SoCs like Rock64, RockPro 64 and several other chips. If you want more details on this news, you can take a look at the official Fedora changelog page. Fedora announces the first preview release of Fedora CoreOS as an automatically updating Linux OS for containerized workloads Fedora Workstation 31 to come with Wayland support, improved core features of PipeWire, and more Fedora 30 releases with GCC 9.0, GNOME 3.32, performance improvements, and much more!
Read more
  • 0
  • 0
  • 3413

article-image-electron-7-0-releases-in-beta-with-windows-on-arm-64-bit-faster-ipc-methods-nativetheme-api-and-more
Fatema Patrawala
24 Oct 2019
3 min read
Save for later

Electron 7.0 releases in beta with Windows on Arm 64 bit, faster IPC methods, nativetheme API and more

Fatema Patrawala
24 Oct 2019
3 min read
Last week the team at Electron announced the release of Electron 7.0 in beta. It includes upgrades to Chromium 78, V8 7.8, and Node.js 12.8.1. The team has added a Window on Arm 64 release, faster IPC methods, a new nativeTheme API, and much more. This release is published to npm under the beta tag and can be installed via npm install electron@beta, or npm i electron@7.0.0-beta.7. It is packed with upgrades, fixes, and new features. Notable changes in Electron 7.0 There are stack upgrades in this release, Electron 7.0 will be compatible on Chromium 78, V8 7.8 and Node.js 12.8.1. In this release they have added Windows on Arm (64 bit). The team has added ipcRenderer.invoke() and ipcMain.handle() for asynchronous request/response-style IPC. These are strongly recommended over the remote module. They have added nativeTheme API to read and respond to changes in the OS's theme and color scheme. In this release they have switched to a new TypeScript Definitions generator, which generates more precise definitions files (d.ts) from C# model classes to build strongly typed web application where the server- and client-side models are in sync. Earlier Electron used Doc Linter and Doc Parser but it had a few issues and hence shifted to TypeScript to make definition files better without losing any information on docs. Other breaking changes The team has removed deprecated APIs in this release: Callback-based versions of functions that now use Promises. Tray.setHighlightMode() (macOS). app.enableMixedSandbox() app.getApplicationMenu(), app.setApplicationMenu(), powerMonitor.querySystemIdleState(), powerMonitor.querySystemIdleTime(), webFrame.setIsolatedWorldContentSecurityPolicy(), webFrame.setIsolatedWorldHumanReadableName(), webFrame.setIsolatedWorldSecurityOrigin() Session.clearAuthCache() no longer allows filtering the cleared cache entries. Native interfaces on macOS (menus, dialogs, etc.) now automatically match the dark mode setting on the user's machine. The team has updated the electron module to use @electron/get. Node 8 is the minimum supported node version in this release. The electron.asar file no longer exists. Any packaging scripts that depend on its existence should be updated by the developers. Additionally the team announced that Electron 4.x.y has reached end-of-support as per the project's support policy. Developers and applications are encouraged to upgrade to a newer version of Electron. To know more about this release, check out the Electron 7.0 GitHub page and the official blog post. Electron 6.0 releases with improved Promise support, native Touch ID authentication support, and more Electron 5.0 ships with new versions of Chromium, V8, and Node.js The Electron team publicly shares the release timeline for Electron 5.0
Read more
  • 0
  • 0
  • 4050