Tech News - Full-Stack Web Development

Last week, Raymond Hill, the developer behind uBlock Origin shared that the extension’s dev build 1.22.5rc1 was rejected by Google's Chrome Web Store (CWS). uBlock Origin is a free and open-source browser extension widely used for content-filtering and adblocking.  Google stated that the extension did not comply with its extension standards as it bundles up different purposes into a single extension. An email to Hill from Google reads, “Do not create an extension that requires users to accept bundles of unrelated functionality, such as an email notifier and a news headline aggregator.” Hill on a GitHub issue mentioned that this is basically “stonewalling” and in the future, users may have to switch to another browser to use uBlock Origin. He does plans to upload the stable version. He commented, “I will upload stable to the Chrome Web Store, but given 1.22.5rc2 is rejected, logic dictates that 1.23.0 will be rejected. Actually, logic dictates that 1.22.5rc0 should also be rejected and yet it's still available in the Chrome Web Store.” Users’ reaction on Google rejecting the uBlock Origin dev build This news sparked a discussion on Hacker News and Reddit. Users speculated that probably this outcome is the result of the “crippling” update Google has introduced in Chrome (beta and dev versions currently): deprecating the blocking ability of the WebRequest API. The webRequest API permits extensions to intercept requests to modify, redirect, or block them. The basic flow of handling a request using this API is, Chrome receives the request, asks the extension, and then gets the result. In Manifest V3, the use of this API will be limited in its blocking form. While the non-blocking form of the API, which permit extensions to observe network requests will be allowed.  In place of webRequest API, Google has introduced the declarativeNetRequest API. This API allows adding up to 30,000 rules, 5000 dynamic rules, and 100 pages. Due to its limiting nature, many ad blocker developers and maintainers have expressed that this API will impact the capabilities of modern content blocking extensions. Google’s reasoning for introducing this change is that this API is much more performant and provides better privacy guarantees. However, many developers think otherwise. Hill had previously shared his thoughts on deprecating the blocking ability of the webRequest API.  “Web pages load slow because of bloat, not because of the blocking ability of the webRequest API -- at least for well-crafted extensions. Furthermore, if performance concerns due to the blocking nature of the webRequest API was their real motive, they would just adopt Firefox's approach and give the ability to return a Promise on just the three methods which can be used in a blocking manner.” Many users also mentioned that Chrome is using its dominance in the browser market to dictate what type of extensions are developed and used. A user commented, “As Chrome is a dominant platform, our work is prevented from reaching users if it does not align with the business goals of Google, and extensions that users want on their devices are effectively censored out of existence.” Others expressed that it is better to avoid all the drama by simply switching to some other browser, mainly Firefox. “Or you could cease contributing to the Blink monopoly on the web and join us of Firefox. Microsoft is no longer challenging Google in this space,” a user added. While some others were in support of Google saying that Hill could have moved some of the functionalities to a separate extension. “It's an older rule. It does technically apply here, but it's not a great look that they're only enforcing it now. If Gorhill needed to, some of that extra functionality could be moved out into a separate extension. uBlock has done this before with uBlock Origin Extra. Most of the extra features (eg. remote font blocking) aren't a huge deal, in my opinion.” How Google reacted to the public outcry Simeon Vincent, a developer advocate for Chrome extensions commented on a Reddit discussion that the updated extension was approved and published on the Chrome Web Store.  “This morning I heard from the review team; they've approved the current draft so next publish should go through. Unfortunately it's the weekend, so most folks are out, but I'm planning to follow up with u/gorhill4 with more details once I have them. EDIT: uBlock Origin development build was just successfully published. The latest version on the web store is 1.22.5.102.” He also further said that this whole confusion was because of a “clunkier” developer communication process. When users asked him about the Manifest V3 change he shared, “We've made progress on better supporting ad blockers and content blockers in general in Manifest V3. We've added rule modification at runtime, bumped the rule limits, added redirect support, header modification, etc. And more improvements are on the way.” He further added, “But Gorhill's core objection is to removing the blocking version of webRequest. We're trying to move the extension platform in a direction that's more respectful of end-user privacy, more secure, and less likely to accidentally expose data – things webRequest simply wasn't designed to do.” Chrome ignores the autocomplete=off property In other Chrome related news, it was reported that Chrome continues to autofill forms even if you disable it using the autocomplete=off property. A user commented, “I've had to write enhancements for Web apps several times this year with fields which are intended to be filled by the user with information *about other users*. Not respecting autocomplete="off" is a major oversight which has caused a lot of headache for those enhancements.” Chrome decides on which field should be filled with what data based on a combination of form and field signatures. If these do not match, the browser will resort to only checking the field signatures.  A developer from the Google Chrome team shared, “This causes some problems, e.g. in input type="text" name="name", the "name" can refer to different concepts (a person's name or the name of a spare part).” To solve this problem the team is working on an experimental feature that gives users the choice to “(permanently) hide the autofill suggestions.”  Check out the reported issue to know more in detail. Google Chrome developers “clarify” the speculations around Manifest V3 after a study nullifies their performance hit argument Is it time to ditch Chrome? Ad blocking extensions will now only be for enterprise users Chromium developers propose an alternative to webRequest API that could result in existing ad blockers’ end GitHub updates to Rails 6.0 with an incremental approach React DevTools 4.0 releases with support for Hooks, experimental Suspense API, and more!

Full stack developer has been named as one of the most common developer roles according to the latest stack overflow survey. But what exactly does a full stack developer do and what does a typical full stack developer job description look like? Full stack developers bridge the gap between the font end and back end Full stack developers deal with the full spectrum of development, from back end to front end development. They are hugely versatile technical professionals, and because they work on both the client and server side, they need to be able to learn new frameworks, libraries and tools very quickly. There’s a common misconception that full stack developers are experts in every area of web development. They’re not – they’re often generalists with broad knowledge that doesn’t necessarily run deep. However, this lack of depth isn’t necessarily a disadvantage. Because they have experience in both back end and front end development they know how to provide solutions to working with both. But most importantly, as Agile becomes integral to modern development practices, developers who are able to properly understand and move between front and back ends is vital. From an economic perspective it also makes sense – with a team of full-stack developers you have a team of people able to perform multiple roles. What a full stack developer job description looks like Every full-stack developer job description looks different. The role is continually evolving and different organizations will require different skills. Here are some of the things you’re likely to see: HTML / CSS JavaScript JavaScript frameworks like Angular or React Experience of UI and API design SQL and experience with other databases At least one backend programming language (python, ruby, java etc) Backend framework experience (for example, ASP.NET Core, Flask) Build and release management or automation tools such as Jenkins Virtualization and containerization knowledge (and today possibly serverless too) Essentially, it’s up to the individual to build upon their knowledge by learning new technologies in order to become an expert full stack developer. Full stack developers need soft skills But soft skills are also important for full-stack developers. Being able to communicate effectively, manage projects and stakeholders is essential. Of course, knowledge of Agile and Scrum are always in-demand; being collaborative is also vital, as software development is never really a solitary exercise. Similarly, commercial awareness is highly valued - a full stack developer that understands they are solving business problems, not just software problems is invaluable.

On Monday, Google announced that it has partnered with Automattic Inc., the parent company of WordPress.com, to develop an advanced open-source publishing and revenue-generating platform for news organizations named Newspack. Under the Google News Initiative, they have invested $1.2 million towards their efforts in building this platform. The purpose of this platform is to help journalists put their full energy in covering stories instead of worrying about designing websites, configuring CMSes, or building commerce systems. Google mentioned in the post, “It is trying to help small publishers succeed by building best practices into the product while removing distractions that may divert scarce resources. We like to call it "an opinionated CMS:” it knows the right thing to do, even when you don’t.” It will also provide publishers full access to all the plugins created by the WordPress developer community. Automattic, in an announcement, called for small and medium-sized digital news organizations to become charter participants in the development of Newspack. If you want to become one of the partners, you can fill in the form issued by Automattic, which is due by 11:59 p.m. Eastern Time (UTC -5:00) on February 1. The platform’s beta version is estimated to be released near the end of July and will be made available to publishers globally later this year. To get a better idea of the features and capabilities needed by publishers and their business impact, Automattic will be working with Spirited Media and News Revenue Hub. Spirited Media operates local digital news sites in Denver, Philadelphia, and Pittsburgh, and News Revenue Hub provides revenue solutions for digital publishers. In addition to Google, other funding organizations for this platform include The Lenfest Institute for Journalism, ConsenSys, the organization backing Civil Media, and The John S. and James L. Knight Foundation. WordPress 5.0 (Bebo) released with improvements in design, theme and more Introduction to WordPress Plugin Google and Waze share their best practices for canary deployment using Spinnaker

On Monday, the CEO and Co-founder of Dark, Ellen Chisa, announced the project had raised $3.5 million in funding in a Medium post. Dark is a holistic project that includes a programming language (Darklang), an editor and an infrastructure. The value of this, according to Chisa, is simple: "developers can code without thinking about infrastructure, and have near-instant deployment, which we’re calling deployless." Along with Chisa, Dark is led by CTO, Paul Biggar, who is also the founder of CircleCI, the CI/CD pioneering company. The seed funding is led by Cervin Ventures, in participation with Boldstart, Data Collective, Harrison Metal, Xfactor, Backstage, Nextview, Promus, Correlation, 122 West and Yubari. What are the key features of the Dark programming language? One of the most interesting features in Dark is that deployments take a mere 50 milliseconds. Fast. Chisa says that currently the best teams can manage deployments around 5–10 minutes, but many take considerably longer, sometimes hours. But Dark was designed to change this. It's purpose-built, Chisa seems to suggest, for continuous delivery. “In Dark, you’re getting the benefit of your editor knowing how the language works. So you get really great autocomplete, and your infrastructure is set up for you as soon as you’ve written any code because we know exactly what is required.” She says there are three main benefits to Dark’s approach: An automated infrastructure No need to worry about a deployment pipeline ("As soon as you write any piece of backend code in Dark, it is already hosted for you,” she explains.) Tracing capabilities are built into your code. "Because you’re using our infrastructure, you have traces available in your editor as soon as you’ve written any code. There's undoubtedly a clear sense - whatever users think of the end result - that everything has been engineered with an incredibly clear vision. Dark has been deployed on SaaS platform and project tracking tools Chisa highlights how some customers have already shipped entire products on Dark. Chase Olivieri, who built Altitude, a subscription SaaS providing personalized flight deals, using Drark is cited by Chisa, saying that "as a bootstrapper, Dark has allowed me to move fast and build Altitude without having to worry about infrastructure, scaling, or server management." Downside of Dark is programmers have to learn a new language Speaking to TechCrunch, Chisa admitted their was a downside to Dark - you have to learn a new language. "I think the biggest downside of Dark is definitely that you’re learning a new language, and using a different editor when you might be used to something else, but we think you get a lot more benefit out of having the three parts working together." Chisa acknowledged that it will require evangelizing the methodology to programmers, who may be used to employing a particular set of tools to write their programs. But according to her the biggest selling point is that it will remove the complexity around deployment by bringing an integrated level of automation to the process. Is Darklang basically like AWS Lambda? The community on Hacker News compares Dark with AWS Lambda, with many pessimistic about its prospects. In particular they are skeptical about the efficiency gains Chisa describes. "It only sounds maybe 1 step removed from where aws [sic] lambda’s are now," said one user. "You fiddle with the code in the lambda IDE, and submit for deployment. Is this really that much different?” Dark’s Co-founder, Paul Biggar responded to this in the thread. “Dark founder here. Yes, completely agree with this. To a certain extent, Dark is aimed at being what lambda/serverless should have been." He continues by writing: "The thing that frustrates me about Lambda (and really all of AWS) is that we're just dealing with a bit of code and bit of data. Even in 1999 when I had just started coding I could write something that runs every 10 minutes. But now it's super challenging. Why is it so hard to take a request, munge it, send it somewhere, and then respond to it. That should be trivial! (and in Dark, it is)" The team has planned to roll out the product publicly in September. To find out more more about Dark, read the team's blog posts including What is Dark, How Dark is a functional language, and How Dark allows deploys in 50ms. The V programming language is now open source – is it too good to be true? “Why was Rust chosen for Libra?”, US Congressman questions Facebook on Libra security design choices Rust’s original creator, Graydon Hoare on the current state of system programming and safety

Yesterday, Joshua Litt from the Google Chromium team announced to add support for top-level await in V8. V8 is Google’s open source high-performance JavaScript and WebAssembly engine, written in C++. It is used in Chrome and in Node.js, among others. It implements ECMAScript and WebAssembly, and runs on Windows 7 or later, macOS 10.12+, and Linux systems that use x64, IA-32, ARM, or MIPS processors. V8 can run standalone, or can be embedded into any C++ application. The official documentation page on Google Chromium reads, “Adds support for parsing top level await to V8, as well as many tests.This is the final cl in the series to add support for top level await to v8.” Top-level await support will ease running JS script in V8 As per the latest ECMAScript proposal on top-level await allows the await keyword to be used at the top level of the module goal. Top-level await enables modules to act as big async functions: With top-level await, ECMAScript Modules (ESM) can await resources, causing other modules who import them to wait before they start evaluating their body. Earlier developers used IIFE for top-level awaits, a JavaScript function that runs as soon as it is defined. But there are certain limitations in using IIFE, that is with await only available within async functions, a module can include await in the code that executes at startup by factoring that code into an async function. And this pattern will be immediately invoked with IIFE and it is appropriate for situations where loading a module is intended to schedule work that will happen some time later. While Top-level await function lets developers rely on the module system itself to handle all of these, and make sure that things are well-coordinated. Community is really happy to know that top-level support has been added to V8. On Hacker News, one of the users commented, “This is huge! Finally no more need to use IIFE's for top level awaits”. Another user commented, “Top level await does more than remove a main function. If you import modules that use top level await, they will be resolved before the imports finish. To me this is most important in node where it's not uncommon to do async operations during initialization. Currently you either have to export a promise or an async function.” To know more about this read the official Google Chromium documentation page. Other interesting news in web development New memory usage optimizations implemented in V8 Lite can also benefit V8 LLVM WebAssembly backend will soon become Emscripten’s default backend, V8 announces V8 7.5 Beta is now out with WebAssembly implicit caching, bulk memory operations, and more  

Kweb is a library using which you can easily build web applications in the Kotlin programming language. It basically eliminates the separation between browser and server from the programmer’s perspective. This means that events that only manipulate the DOM don't need to do a server-roundtrip. As Kweb is written in Kotlin, users should have some familiarity with the Kotlin and Java ecosystem. Kweb allows you to keep all of the business logic in the server-side and enables the communication with the web browser through efficient websockets. To efficiently handle asynchronicity, it takes advantage of Kotlin’s powerful new coroutines mechanism. It also allows keeping consistent state across client and server by seamlessly conveying events between both. What are the features of Kweb? Makes the barrier between the web server and web browser mostly invisible to the programmer. Minimizes the server-browser chatter and browser rendering overhead. Supports integration with some powerful JavaScript libraries like Semantic, which is a UI framework designed for theming. Allows binding DOM elements in the browser directly to state on the server and automatically update them through the observer and data mapper patterns. Seamlessly integrates with Shoebox, a Kotlin library for persistent data storage that supports views and the observer pattern. Easily add to an existing project. Instantly update your web browser in response to code changes. The Kweb library is distributed via JitPack, a novel package repository for JVM and Android projects. Kweb takes advantage of the fact that in most web apps, logic occurs in the server side and the client can’t be trusted. This library is in its infancy but still works well enough to demonstrate that the approach is practical. You can read more about Kweb on its official website. Kotlin based framework, Ktor 1.0, released with features like sessions, metrics, call logging and more Kotlin 1.3 released with stable coroutines, multiplatform projects and more KotlinConf 2018: Kotlin 1.3 RC out and Kotlin/Native hits beta

DPAGE is a web page builder which developers can use to get simple web pages up and running on Blockstack's decentralized internet. DPAGE is built on top of Blockstack, an infrastructure in which you can build decentralized blockchain applications. You need a Blockstack account to log into and start using DPAGE. The Blockstack ID used to log in is stored on the blockchain. All user data is stored on a Gaia node which you can choose. This decentralized setup gives users several advantages over a conventional centralized app: Your data is yours: After using DPAGE, if you don't like it then you can create your own app. Alternatively, you can use any other web page builder and all your data will be with you and not owned by any web page/app. Users are not restricted by any vendor lock-ins. A Blockstack ID is virtually impossible to block unlike centralized identities. Google or Facebook IDs can be blocked by companies. All private user data is encrypted end-to-end. Which means that no one else can read it including the DPAGE creators. The data stored is not stored with DPAGE The profile details and user data are stored on a Blockstack’s Gaia storage hub by default. DPAGE itself doesn't store any user data on its servers. You can also run your own storage hub on a server of choice. They store data with Blockstack and they store it on ‘personal data lockers built on Google, AWS, and Azure’. It is safer than some centralized web pages As all private data is encrypted, it's more difficult for hackers to steal user data from the decentralized app. There is no central database that contains all the data, so hackers also have less incentive to hack into DPAGE. However, DDOS attacks are a possibility if the hackers target a specific Gaia hub. There is no user-specific tracking DPAGE only collects non-identifiable analytics of the users for improving the service. The service itself doesn't store or read private pages. There are some positive reactions on Hacker news: “This indeed a seriously cool product, hope more people realize it.” Another comment says: “Nice, I think this is what the web needs, a Unix approach so tools can be built on top and hosts are interchangeable.” To check out DPAGE, visit their website. The decentralized web – Trick or Treat? Origin DApp: A decentralized marketplace on Ethereum mainnet aims to disrupt gig economy platforms like Airbnb and Uber Microsoft announces ‘Decentralized Identity’ in partnership with DIF and W3C Credentials Community Group

Yesterday, the React team announced the release of React DevTools 4.0 for Chrome, Firefox, and Edge. In addition to better performance and navigation experience, this release fully supports React Hooks and provides a way to test the experimental Suspense API. Key updates in React DevTools 4.0 Better performance by reducing the “bridge traffic” The React DevTools extension is made up of two parts: frontend and backend. The frontend portion includes the components tree, the Profiler, and all the other things that are visible to you. On the other hand, the backend portion is the one that is invisible. This portion is in charge of notifying the frontend by sending messages through a “bridge”. In previous versions of React DevTools, the traffic caused by this notification process was one of the biggest performance bottlenecks. Starting with React DevTools 4.0, the team has tried to reduce this bridge traffic by minimizing the amount of messages sent by the backend to render the Components tree. The frontend can request more information whenever required. Automatically logs React component stack warnings React DevTools 4.0 now provides an option to automatically append component stack information to the console in the development phase. This will enable developers to identify where exactly in the component tree failure has happened. To disable this feature just navigate to the General settings panel and uncheck the “Append component stacks to warnings and errors.” Source: React Components tree updates Improved hooks support: Hooks allow you to use state and other React features without writing a class. In React DevTools 4.0, hooks have the same level of support as props and state. Component filters: Navigating through large component trees can often be tiresome. Now, you can easily and quickly find the component you are looking for by applying the component filters. "Rendered by" list and an owners tree: React DevTools 4.0 now has a new "rendered by" list in the right-hand pane that will help you quickly step through the list of owners. There is also an owners tree, the inverse of the "rendered by" list, which lists all the things that have been rendered by a particular component. Suspense toggle: The experimental Suspense API allows you to “suspend” the rendering of a component until a condition is met. In <Suspense> components you can specify the loading states when components below it are waiting to be rendered. This DevTools release comes with a toggle to let you test these loading states. Source: React Profiler changes Import and export profiler data: The profiler data can now be exported and shared among other developers for better collaboration. Source: React Reload and profile: React profiler collects performance information each time the application is rendered. This helps you identify and rectify any possible performance bottlenecks in your applications. In previous versions, DevTools only allowed profiling a “profiling-capable version of React.” So, there was no way to profile the initial mount of an application. This is now supported with a "reload and profile" action. Component renders list: The profiler in React DevTools 4.0 displays a list of each time a selected component was rendered during a profiling session. You can use this list to quickly jump between commits when analyzing a component’s performance. You can check out the release notes of React DevTools 4.0 to know what other features have landed in this release. React 16.9 releases with an asynchronous testing utility, programmatic Profiler, and more React Native 0.60 releases with accessibility improvements, AndroidX support, and more React Native VS Xamarin: Which is the better cross-platform mobile development framework?

Last month, the team behind Selenium silently slipped in Selenium 4 alpha on the Maven Repository without any official announcement. Alpha release means that developers can start testing out the new updates in the software but are not recommended to use it in production. Selenium 4 is a major release, which was actually planned to ship by Christmas last year, as shared by Simon Stewart, one of the Selenium lead developers and the inventor of WebDriver, at the Selenium Conference India 2018. https://www.youtube.com/watch?v=ypmrrJmgM9U&feature=youtu.be However, going by the status on SeleniumHQ GitHub repository, we can expect more delay in this release. This situation is very similar to that of Selenium 3.0 release. Back in 2013, Stewart shared that Selenium 3.0 will be released by Christmas, which ended up hitting the market after 3 years of the announcement. "I did say Christmas, but I didn't specify what year," he jokingly said in a webinar in 2016. Following are some of the updates in Selenium 4 alpha release: Native support removed for Opera and PhantomJS Starting from this release, the Opera and PhantomJS browsers will not be supported natively as the WebDriver implementations for these browsers are no longer under active development. Since Opera is built on top of the Chromium open source projects, users are recommended to test with the Chrome browsers. PhantomJS users can use Firefox or Chrome in headless mode. Updates for W3C WebDriver Spec Compliance Selenium 4 WebDriver will be completely standardized with W3C. In lieu of this, the following changes are made in this release: Changes to the Actions API This release comes with a revamped Actions API to comply with the WebDriver specifications. The Actions API serves as a low-level interface for providing virtualized device input to the web browser. Currently, Actions is only supported in Firefox natively. Other browser users can use this API by putting the Actions class into “bridge mode”. It will then attempt to translate mouse and keyboard actions to the legacy API. Alternatively, users can continue using the legacy API via the ‘lib/actions’ module. However, it should be noted that the legacy API will be deprecated and will be removed in a minor release once other browsers start supporting the new API. Other changes This release comes with support for all window manipulation commands WebElement.getSize() and WebElement.getLocation() are now replaced with a single method, WebElement.getRect(). A new method, driver.switchTo().parentFrame() method is added To read what else has been updated in this release, check out change doc on Selenium GitHub repository. Selenium and data-driven testing: An interview with Carl Cocchiaro How to work with the Selenium IntelliJ IDEA plugin How to handle exceptions and synchronization methods with Selenium WebDriver API

Last month, the creator of the Feathers web-framework, David Luecke announced the release of Feathers 4. This release brings built-in TypeScript definitions, a framework-independent authentication mechanism, improved documentation, security updates in database adapters, and more. Feathers is a web framework for building real-time applications and REST APIs with JavaScript or TypeScript. It supports various frontend technologies including React, VueJS, Angular, and works with any backend. Read also: Getting started with React Hooks by building a counter with useState and useEffect It basically serves as an API layer between any backend and frontend: Source: Feathers Unlike traditional MVC and low-level HTTP frameworks that rely on routes, controllers, or HTTP requests and response handlers, Feathers uses services and hooks. This makes the application easier to understand and test and lets developers focus on their application logic regardless of how it is being accessed. This also enables developers to add new communication protocols without the need for updating their application code. Key updates in Feathers 4 Built-in TypeScript definitions The core libraries and database adapters in Feathers 4 now have built-in TypeScript definitions. With this update, you will be able to create a TypeScript Feathers application with the command-line interface (CLI). Read also: TypeScript 3.6 releases with stricter generators, new functions in TypeScript playground, better Unicode support for identifiers, and more A new framework-independent authentication mechanism Feathers 4 comes with a new framework-independent authentication mechanism that is both flexible and easier to use. It provides a collection of tools for managing username/password, JSON web tokens (JWT) and OAuth authentication, and custom authentication mechanisms. The authentication mechanism includes the following core modules: A Feathers service named ‘AuthenticationService’ to register authentication mechanisms and create authentication tokens. The ‘JWTStrategy’ authentication strategy for authenticating JSON web token service methods calls and HTTP requests. The ‘authenticate’ hook to limit service calls to an authentication strategy. Security updates in database adapters The database adapters in Feathers 4 are updated to include crucial security and usability features, some of which are: Querying by id: The database adapters now support additional query parameters for ‘get’, ‘remove’, ‘update’, and ‘patch’. In this release, a ‘NotFound’ error will be thrown if the record does not match the query, even if the id is valid. Hook-less service methods: Starting from this release, you can call a service method by simply adding ‘a _’ in front instead of using a hook. This will be useful in the cases when you need the raw data from the service without triggering any of its hooks. Multi updates: Mulitple update means you can create, update, or remove multiple records at once. Though it is convenient, it can also open your application to queries that you never intended for. This is why, in Feathers 4, the team has made multiple updates opt-in by disabling it by default. You can enable it by explicitly setting the ‘multi’ option. Along with these updates, the team has also worked on the website and documentation. “The Feathers guide is more concise while still teaching all the important things about Feathers. You get to create your first REST API and real-time web-application in less than 15 minutes and a complete chat application with a REST and websocket API, a web frontend, unit tests, user registration and GitHub login in under two hours,” Luecke writes. Read Luecke’s official announcement to know what else has landed in Feathers 4. Other news in web 5 pitfalls of React Hooks you should avoid – Kent C. Dodds Firefox 69 allows default blocking of third-party tracking cookies and cryptomining for all users How to integrate a Medium editor in Angular 8

Yesterday, Apple released Safari 13 for iOS 13, macOS 10.15 (Catalina), macOS Mojave, and macOS High Sierra. This release comes with opt-in dark mode support, FIDO2-compliant USB security keys support, updated Intelligent Tracking Prevention, and much more. Key updates in Safari 13 Desktop-class browsing for iPad users Starting with Safari 13, iPad users will have the same browsing experience as macOS users. In addition to displaying websites same as the desktop Safari, it will also provide the same capabilities including more keyboard shortcuts, a download manager with background downloads, and support for top productivity websites. Updates related to authentication and passwords Safari 13 will prompt users to strengthen their passwords when they sign into a website. On macOS, users will able to use FIDO2-compliant USB security keys in Safari. Also, support is added for “Sign in With Apple” to Safari and WKWebView. Read also: W3C and FIDO Alliance declare WebAuthn as the web standard for password-free logins Security and privacy updates A new permission API is added for DeviceMotionEvent and DeviceOrientationEvent on iOS. The DeviceMotionEvent class encapsulates details like the measurements of the interval, rotation rate, and acceleration of a device. Whereas, the DeviceOrientationEvent class encapsulates the angles of rotation (alpha, beta, and gamma) in degrees and heading. Other updates include updated third-party iframes to prevent them from automatically navigating the page. Intelligent Tracking Prevention is updated to prevent cross-site tracking through referrer and link decoration. Performance-specific updates While using Safari 13, iOS users will find that the initial rendering time for web pages is reduced. The memory consumption by JavaScript including for non-web clients is also reduced. WebAPI updates Safari 13 comes with a new Pointer Events API to enable consistent access to mouse, trackpad, touch, and Apple Pencil events. It also supports the Visual Viewport API that adjusts web content to avoid overlays, such as the onscreen keyboard. Deprecated features in Safari 13 WebSQL and Legacy Safari Extensions are no longer supported. To replace your previously provided Legacy Safari Extensions, Apple provides two options. First, you can configure your Safari App Extension to provide an upgrade path that will automatically remove the previous Legacy Safari Extension when it is installed. Second, you can manually convert your Legacy Safari Extension to a Safari App Extension. In a discussion on Hacker News, users were pleased with the support for the Pointer Events API. A user commented, “The Pointer Events spec is a real joy. For example, if you want to roll your own "drag" event for a given element, the API allows you to do this without reference to document or a parent container element. You can just declare that the element currently receiving pointer events capture subsequent pointer events until you release it. Additionally, the API naturally lends itself to patterns that can easily be extended for multi-touch situations.” Others also expressed their concern regarding the deprecation of Legacy Safari Extensions. A user added, “It really, really is a shame that they removed proper extensions. While Safari never had a good extension story, it was at least bearable, and in all other regards its simply the best Mac browser. Now I have to take a really hard look at switching back to Firefox, and that would be a downgrade in almost every regard I care about. Pity.” Check out the official release notes of Safari 13 to know more in detail. Other news in web development New memory usage optimizations implemented in V8 Lite can also benefit V8 5 pitfalls of React Hooks you should avoid – Kent C. Dodds Firefox 69 allows default blocking of third-party tracking cookies and cryptomining for all users

Yesterday, Mr Macintosh website reported of Google Chrome Keystone updated to remove the /var symlink on NON SIP protected Mac computers, causing account and booting issues. Few MacAdmins started to report that their systems would not boot properly. And they had following issues:   1. After rebooting the affected system it would Kernel Panic. The system will reboot only to KP again 2. User Logs out and the system shows the Setup Assistant. 3. The System Kernel Panics into a boot Loop.   The MacOS versions 10.9 – 10.14 Mojave were affected by this. It seems the issue affects all Macs that have SIP (System Integrity Protection) Disabled or turned off. Google Chrome keystone update causes booting issues AVID users were some of the first to report the issue. They said that AVID Media Creators use 3rd Party Graphics cards connected to their Mac Pro. When the issue hit yesterday, it was thought that AVID was the main cause of the problems since all the users experiencing the issue had AVID software. Only later after a MacAdmins dived deep in an investigation. After investigation from some of the top minds in the MacAmins Slack Chat #varsectomy channel it was found that the Google Chrome Keystone Updater was at the heart of the issue. How to check if the /var symlink was modified You can check to see if the /var symlink was modified by running the following command. ls -ldO /var The following outputs appear. The first one below means that your /var volder is SIP protected (notice the restrictedflag) and the proper sym link /var -> private/var lrwxr-xr-x@ 1 root wheel restricted,hidden 11 Apr 1 2018 /var -> private/var The next one means that your symlink is broken and the folder is NOT SIP Protected. drwxr-xr-x 5 503 wheel - 170 Sep 24 14:37 /var If you find /var in this condition you are affected! If you LOGOUT, SHUTDOWN OR RESTART your Mac will NOT Boot! You will need to boot into recovery, repair the /var symlink and reset the restricted flags. And there are two ways to fix the issue. First is to fix from MacAdmins User Juest and second is from Google Support, you need to use commands while booting through macOS Recovery. Community hates automatic updates from Google Chrome On Hacker News, users are discussing about sudden updates on Google Chrome Keystone which cause such issues and prefer using Safari or Firefox instead of Chrome. One of them commented, “I've always hated that "service" (more like malware given this news) like everything else that installs itself into the autolaunch sequence without permission, and remove* it whenever I notice/remember it, but it keeps coming back whenever I touch Google Chrome, which I prefer not to use in favor of Safari/FireFox because of reasons like this. Things like these (including secretly signing you into Search when you sign into YouTube† or refusing to support PiP on iPadOS/macOS) just solidify Google's image in my mind as a forever scummy, intrusive company that I wish I could leave behind like I did Microsoft, but sadly Google Search and YouTube still don't have good enough alternatives yet.” Another user commented, “The trends that Google has spearheaded have had a real effect on me over the years. I feel alienated from my computer. Subtle things will just change. If I really dig I might be able to find out why, but I don't have the time, so I just accept it. Usually very small things that are barely noticeable. My Chromecast extension disappeared and was integrated into the browser. My brain could not help but notice this benign change, which caused a hard to place sense of unease. Or when Google decided to remove rotation from the home screen on Android 2.3 -- it wasn't a huge problem, but I could have sworn that something changed. Users were conflicted, many convincing themselves that the homescreen never rotated at all. It has made me not trust my computer. I second guess myself much more. If some option no longer exists, I wonder if it was just my imagination or if it was quietly deprecated while I wasn't looking. Does it even matter? I think that we are being trained to see devices as ephemeral, and not to get too attached to them.” To know more about Google Chrome Keystone update and the issue regarding this, check out the Mr. Macintosh website. Other interesting news in web development Google Chrome 76 now supports native lazy-loading Google Chrome to simplify URLs by hiding special-case subdomains Google Chrome will soon support LazyLoad, a solution to lazily load below-the-fold images and iframes

Last year in October, the Node.js and JS Foundations announced their intent to create a joint organization. After six months of analyzing community feedback, deliberation, and collaboration, the two foundations finally merged into the OpenJS Foundation on Tuesday. https://twitter.com/nodejs/status/1105500455864598528 Dave Methvin, Technical Advisory Committee Chair, JS Foundation, explaining the motivation behind this merger said in the announcement, “This is an exciting step forward for the entire open source JavaScript community, as it strengthens the impact of our collective efforts under one united Foundation. A new merged Foundation is able to better serve the community and members to grow the JavaScript ecosystem from a technology and standards perspective.” The OpenJS Foundation is backed by 30 corporate and end-user members including Google, Microsoft, IBM, PayPal, and GoDaddy. It currently hosts a wide range of projects including Appium, Dojo, jQuery, Node.js, webpack, and many more. Goals of the OpenJS Foundation Providing resources and accelerating the development The OpenJS Foundation is responsible for expanding the JavaScript community and accelerating the development of JavaScript and other key ecosystem projects. It will provide financial and marketing resources to support projects and working groups. It will act as one stop for all projects within the open JavaScript community for fulfilling their infrastructure, technical, and marketing needs. Combined governance structure The merger will provide a combined governance structure to enable all projects, regardless of their sizes, to benefit from experienced mentors as they progress through the project life cycle. It will encourage collaboration across the JavaScript ecosystem and affiliated standard bodies to create a single home for any project in the JavaScript ecosystem. Improved membership experience The OpenJS Foundation brings together the goals of both the JavaScript and Node.js foundations, so companies or organizations that want to support JavaScript will no longer have to choose between the two. This will also eliminate the operational redundancies between the two organizations and streamline the experience for member companies that provide financial support. Additionally, it will provide a single point of entry to new and prospective members for getting involved in open source JavaScript project and create a simpler and more engaging experience for them. Many Twitter users were excited about this announcement and believe that this a major step towards the overall growth of the JavaScript open source ecosystem. https://twitter.com/gauravseth/status/1105888912608681984 https://twitter.com/agoric/status/1105534569992806400 To know more in detail, check out the official announcement. Node.js and JS Foundation announce intent to merge; developers have mixed feelings Node.js announces security updates for all their active release lines for August 2018 Why use JavaScript for machine learning?  

Yesterday, Google announced the release of Chrome 70. This version comes with support for Desktop Progressive Web apps on Windows and Linux and for public key credentials. Also, web Bluetooth is now supported for Windows 10 users. Support for Desktop Progressive Web Apps on Windows and Linux You can now install Desktop Progressive Web Apps on Windows and Linux. Once installed, they’re launched from the Start menu, and run like any other installed app, without an address bar or tabs. Credential Management API supports Public Key Credentials Signing in has become very simple with the introduction of the Credential Management API. It enables the communication between your site and the browser’s credential manager or federated account services like Google and Facebook to sign in. One more credential type named, Public Key Credential is introduced. It allows web applications to create and use, strong, cryptographically attested, and application-scoped credentials to authenticate users. Named workers With the help of workers, you can move JavaScript off the main thread and into the background. This will keep your site interactive as it will prevent the main thread from locking up when it is running an expensive or complex JavaScript computation. A new name attribute is added for workers in Chrome 70, which is specified by an optional argument on the constructor: const url = '/scripts/my-worker.js'; const wNYC = new Worker(url, {name: 'NewYork'}); const oSF = {name: 'SanFrancisco'}; const wSF = new Worker(url, oSF); You can now easily distinguish dedicated workers by name when you have multiple workers with the same URL. Miscellaneous updates Web Bluetooth is available for Windows 10 users. It allows your site to securely communicate with nearby user-selected Bluetooth devices. Chrome can now send intervention and deprecation messages to your servers using the Report-To HTTP Response header field or surface them in the ReportingObserver interface. Deprecations in Chrome 70 AppCache from insecure contexts removed AppCache potentially allows persistent online and offline cross-site scripting attacks, when used over insecure contexts. To avoid these attacks, AppCache is now only supported on origins that serve over HTTPS. Developers are advised to use service workers as an alternative. Gamepads.item() deprecated and removed The legacy item() accessor is no longer a part of the Gamepads array. This change improves compatibility with Firefox, the only browser to implement GamepadList. SpeechSynthesis.speak() without user activation deprecated Now an error is thrown by the speechSynthesis.speak() function if a document has not received a user activation. You can expect its removal in Chrome 71 by late November. They have listed all the deprecations in Chrome 70 on their official website. Read the full list of changes on the Google Developers website. Chrome 69 privacy issues: automatic sign-ins and retained cookies; Chrome 70 to correct these Google announces Chrome 67 packed with powerful APIs, password-free logins, PWA support, and more Google Chrome, Mozilla Firefox, and others to disable TLS 1.0 and TLS 1.1 in favor of TLS 1.2 or later by 2020

According to a story by Windows Central, Microsoft is working on a Chromium based web browser. This will likely be a replacement to their current web browser on Windows 10, Microsoft Edge. Edge never took off the Edge Microsoft Edge was launched in 2015 built from scratch with EdgeHTML. Microsoft tried to get it into adoption by making Windows 10 update free for a limited time. However, the browser was not well received at the early stage itself due to a large number of issues. Since then it has not been very stable driving developers and users away from it. Due to this, Microsoft is reportedly abandoning Edge and the EdgeHTML framework for Chromium. Chromium is a rendering engine used in Google Chrome. The new browser’s name is codenamed Anaheim and will be replacing Edge as the default browser in Windows. It is not known if Edge will be renamed and if the UI will be different. But EdgeHTML will no longer be used in Windows 10’s default browser. Using the Chromium engine instead Using Chromium means that the websites on Windows 10 default browser will load as they do on Google Chrome. Default browser users will no longer have to face the loading and connectivity issues that plagued EdgeHTML based Microsoft Edge. For smartphones, nothing will change much as Edge on smartphones already use platform specific engines. Recently, 9to5Google reported that Microsoft engineers are committing code to the Chromium project. This would suggest that they are working on their own browser by using Chromium instead of EdgeHTML. The browser may likely be out next year. Public reactions A comment on hacker news reads: “You[web developers] don't test your work in Edge and because you tell all your friends and family to use Chrome instead of Edge. So stop complaining about monoculture. Many of you helped create it.” Some sarcasm thrown in another comment: “I test my app in Edge, every time a new version is released. When it inevitably fails, I shake my head in disbelief that Microsoft still hasn't paid a dev to spend a couple months fixing their IndexedDB implementation, which has been incomplete since the IE days. Can't expect a small rag-tag group like Microsoft to compete with a rich corporate behemoth like Mozilla, I guess :)” Another comment says: “How can I test Edge when Microsoft don't release it for Mac and Linux? A browser for a single OS? Talk about monoculture.” https://twitter.com/headinthebox/status/1069796773017710592 Another Tweet suggests that this move towards Chromium is about ElectronJS stronghold over app development and not about Microsoft wanting a Chrome like browser experience on its default browser: https://twitter.com/SwiftOnSecurity/status/1069776335336292352 After years of Internet Explorer being ridiculed and Edge not being the success they hoped for, it would be nice to see the Windows default browser catching up with the likes of Chrome and Firefox. Introducing Howler.js, a Javascript audio library with full cross-browser support Firefox Reality 1.0, a browser for mixed reality, is now available on Viveport, Oculus, and Daydream Microsoft becomes the world’s most valuable public company, moves ahead of Apple