Tech News - Web Development

Last week, the Internet Engineering Task Force (IETF) published JSON Meta Application Protocol (JMAP) as RFC 8260, now marked as “Proposed Standard”. The protocol is authored by Neil Jenkins, Director and UX Architect at Fastmail and Chris Newman, Principle Engineer at Oracle. https://twitter.com/Fastmail/status/1152281229083009025 What is JSON Meta Application Protocol (JMAP)? Fastmail started working on JMAP in 2014 as an internal development project. It is an internet protocol that handles the submission and synchronization of emails, contacts, and calendars between a client and a server providing a consistent interface to different data types. It is developed to be a possible successor to IMAP and a potential replacement for the CardDAV and CalDAV standards. Why is it needed? According to the developers, the current standards for email protocols, that is IMAP and SMTP, for client-server communication are outdated and complicated. They are not well-suited for modern mobile networks and high-latency scenarios. These limitations in current standards have led to stagnation in the development of new good email clients. Many have also started coming up with proprietary alternatives like Gmail, Outlook, Nylas, and Context.io. Another drawback is that many mobile email clients proxy everything via their own server instead of talking directly to the user’s mail store, for example, Outlook and Newton. This is not only bad for client authors who have to run server infrastructure in addition to just building their clients, but also raises security and privacy concerns. Here’s a video by FastMail explaining the purpose behind JMAP: https://www.youtube.com/watch?v=8qCSK-aGSBA How JMAP solves the limitations in current standards? JMAP is designed to be easier for developers to work with and enable efficient use of network resources. Here are some of its properties that address the limitations in current standards: Stateless: It does not require a persistent connection, which fits best for mobile environments. Immutable Ids: It is more like NFS or filesystems with inodes rather than a name-based hierarchy, which makes renaming easy to detect and cheap to sync. Batchable API calls: It batches multiple API calls in a single request to the server resulting in reduced round trips and better battery life for mobile users. Provides flood control: The client can put limits on how much data the server is allowed to send. For instance, the command will return a ‘tooManyChanges’ error on exceeding the client’s limit, rather than returning a million * 1 EXPUNGED lines as can happen in IMAP. No custom parser required: Support for JSON, a well understood and widely supported encoding format, makes it easier for developers to get started. A backward compatible data model: Its data model is backward compatible with both IMAP folders and Gmail-style labels. Fastmail is already using JMAP in production for its Fastmail and Topicbox products. It is also seeing some adoption in organizations like the Apache Software Foundation, who added experimental support for JMAP in its free mail server Apache in version 3.0. Many developers are happy about this announcement. A user on Hacker News said, “JMAP client and the protocol impresses a lot. Just 1 to a few calls, you can re-sync entire emails state in all folders. With IMAP need to select each folder to inspect its state. Moreover, just a few IMAP servers support fast synchronization extensions like QRESYNC or CONDSTORE.” However, its use of JSON did spark some debate on Hacker News. “JSON is an incredibly inefficient format for shareable data: it is annoying to write, unsafe to parse and it even comes with a lot of overhead (colons, quotes, brackets and the like). I'd prefer s-expressions,” a user commented. To stay updated with the current developments in JMAP, you can join its mailing list. To read more about its specification check out its official website and also its GitHub repository. Wireshark for analyzing issues and malicious emails in POP, IMAP, and SMTP [Tutorial] Google announces the general availability of AMP for email, faces serious backlash from users Sublime Text 3.2 released with Git integration, improved themes, editor control and much more!  

On Monday, Twitter rolled out the new website to the general public. Those who have already seen it, may find the new design refreshing in its subtlety. A few things have been rearranged in the new three-column design, and the site is noticeably faster, but according to users it seems there aren’t a lot of drastic updates. The official blog post reads, “a refreshed and updated website that is faster, easier to navigate and more personalized. The site has an updated look and feel that is more consistent with the Twitter you see on other devices, making it easier to access some of your favorite features, and with more options to make it your own.” The Twitter engineering team on Monday posted a separate blog on the new Twitter website and its architecture. They say that their goal was to create one codebase website that is responsive to more than just design and the screen size. The team posted, “Our goal was to create one codebase - one website - capable of delivering the best experience possible to each person.” The engineering team also wrote, “On web, we believe in the “write once, run everywhere” philosophy.” They said the goal for this new website is two fold. First to make it easier and faster to develop new features for people worldwide. Secondly, provide each person and each device with the right experience. This post gained a lot of attention on Hacker News and the users commented of appreciating the single code base for mobile and web but they feel the major turn off is how the Home timeline appeared on the mobile and desktop. One of the users commented, “To the posted article, I think it's impressive they are shipping a single codebase for mobile and desktop. Modular features you can turn off for different views. It's smart and I'll be curious to see if other sites follow suit. Unfortunately they've now ported one of the most offensive features from mobile to desktop. The "Home" timeline, with tweets out of order. And the real kicker; you can still select "latest Tweets first" but then the app literally undoes your preference every week or two, forcing you back to their "Home" view. It's offensive. Also a small thing, but the new desktop Twitter now has obfuscated CSS classes for everything. The names change frequently too, maybe at every deploy? Anyway it makes it a lot harder to modify the desktop HTML presentation with an extension or set of ad blocker rules.” Finally let us check out the new features added to Twitter. Updates to new Twitter With the new features listed below the team at Twitter has tried to make conversations easier to find and follow – and a bit more fun: More of What’s Happening: They have brought over Explore to bring the same great content found in our apps; you can expect more live video and local moments personalized for wherever you are in the world. Get context with profile information within conversations and check out your Top Trends in any view so you never miss what’s happening. Easy Access to Your Favorite Features: Bookmarks, Lists, and your Profile are right up front and have their own spot on the side navigation, making it easier and faster to jump between different tabs. Direct Messages All in One Place: Direct Messages have been expanded so you can see your conversations and send messages all from the same view. Now there’s less hassle switching between screens to send a message. Login, Logout Struggle No More: Whether you have one profile or a few, now you can switch between accounts faster, directly from the side navigation Make Twitter Yours: The love is real for dark mode themes Dim and Lights Out. Twitter has brought to you different themes and color options, along with two options for dark mode. However, the new site for Twitter was all about “Woah, What’s this? a shiny new Twitter.com is here. '' Users seem to be unhappy with the statement and posted dull comments on the announcement. The users feel new features were added to the site but a lot of it is still missing. Here’s some of the tweet responses to the official announcement. https://twitter.com/grandayy/status/1150948766851174402 https://twitter.com/BetterGarf/status/1150972967482023936 https://twitter.com/falcons_fan1966/status/1150833643046211596 https://twitter.com/Autumn_Antal/status/1150870408570134529 https://twitter.com/MrPuddins/status/1151342148626866178   Once again Twitter only focused on the web design and UI, made no efforts for better or healthier conversations on Twitter, which is actually their motto. Creative Commons’ search engine, now out of beta, indexes over 300 million public domain images Mozilla launches Firefox Preview, an early version of a GeckoView-based Firefox for Android Vue maintainers proposed, listened, and revised the RFC for hooks in Vue API

Yesterday, Syrus Akbary, the founder and CEO of Wasmer, introduced WebAssembly interfaces. It provides a convenient s-expression (symbolic expression) text format that can be used to validate the imports and exports of a Wasm module. Why WebAssembly Interfaces are needed? The Wasmer runtime initially supported only running Emscripten-generated modules and later on added support for other ABIs including WASI and Wascap. WebAssembly runtimes like Wasmer have to do a lot of checks before starting an instance. It does that to ensure a WebAssembly module is compliant with a certain Application Binary Interface (Emscripten or WASI). It checks whether the module imports and exports are what the runtime expects, namely the function signatures and global types match. These checks are important for: Making sure a module is going to work with a certain runtime. Assuring a module is compatible with a certain ABI. Creating a plugin ecosystem for any program that uses WebAssembly as part of its plugin system. The team behind Wasmer introduced WebAssembly Interfaces to ease this process by providing a way to validate imports and exports are as expected. This is how a WebAssembly Interface for WASI looks like: Source: Wasmer WebAssembly Interfaces allow you to run various programs with each ABI, such as Nginx (Emscripten) and Cowsay (WASI). When used together with WAPM (WebAssembly Package Manager), you will also be able to make use of the entire WAPM ecosystem to create, verify, and distribute plugins. They have also proposed it as a standard for defining a specific set of imports and exports that a module must have, in a way that is statically analyzable. Read the official announcement by Wasmer. Fastly CTO Tyler McMullen on Lucet and the future of WebAssembly and Rust [Interview] LLVM WebAssembly backend will soon become Emscripten’s default backend, V8 announces Qt 5.13 releases with a fully-supported WebAssembly module, Chromium 73 support, and more

On Monday, Kadir Topal, a Senior Product Manager at Mozilla announced that the new React frontend of MDN Web Docs is now in Beta. MDN Web Docs, formerly known as Mozilla Developer Network, is the one-stop for web developer documentation. Mozilla has been working on replacing the jQuery library with React for months now to provide developers a customized MDN experience while still ensuring faster page loading time. MDN has two modes: editing and viewing. While viewing is used by most developers visiting the site, only a small fraction of them use the editing mode. This is why the team broke these two use cases into different domains. You can access the editing mode on wiki.developer.mozilla.org and the viewing mode on beta.developer.mozilla.org. The team plans to decommission beta.developer.mozilla.org after the testing phase is complete. The editing mode will continue to be served by the old frontend wiki.developer.mozilla.org. The discussion on this decision started earlier this year. While many praised it for this move, many felt that as a promoter of web standards it shouldn’t overlook web components for a custom framework. A developer commented on MDN’s GitHub repository, “As a user, I would like to see Mozilla that uses web standards to promote web standards. As a developer, I would like to see Mozilla and their developers using web standards and promote them. I don't need to see the nth React project.” Another developer commented, “The message that the No. 1 resource for Web development is ditching the same Web technologies it advocates, would be as disastrous as that, implicitly claiming a defeat for the Web, hence seppuku in the long term for the platform nobody would care much anymore.” In its support a developer remarked, “At the end of the day, none of us should care what MDN uses - we should care that the devs who have put so much effort into building a resource that has massively contributed to our own education and will continue to do so on a daily basis are productive and happy.” David Flanagan, one of the developers behind this project, affirmed that this decision was purely pragmatic. Flanagan shared that the MDN team is very tiny and they only had occasional help from volunteer contributions. Choosing React for MDN’s frontend may bring more contributors, he believed. He said, “Fundamentally, I'm asking you all to trust us. We're hoping to do great things this year with MDN, and I think that the vast majority of our users will love what we do. Thank you for reading this far, and thank you for your passion about web standards and MDN.” The team is now seeking developers’ feedback on this release. In case of any issue, you can file a bug, reply on Discourse, or also contact Topal on Twitter. Mozilla announces a subscription-based service for providing ad-free content to users Mozilla launches Firefox Preview, an early version of a GeckoView-based Firefox for Android Mozilla makes Firefox 67 “faster than ever” by deprioritizing least commonly used features

Earlier this year, DuckDuckGo announced that its map and address-related searches are now powered by Apple's MapKit JavaScript framework. This enabled them to offer improved address searches, additional visual features, enhanced satellite imagery, and better privacy. Since then the company has further expanded the use of Apple Maps for enhanced search while adhering to its commitment to user privacy, according to a blog post shared yesterday. https://twitter.com/DuckDuckGo/status/1151166280088657921 Here are some of the map-related search enhancements in DuckDuckGo: Map re-querying Previously, for every new map-related search you were redirected to the regular DuckDuckGo Search page. Now, it will allow you to stay in its expanded map view to refine local searches instantly. Additionally, when you move around the map or zoom in and out, the search results will be updated to include places within the field of view. Source: DuckDuckGo Intelligent autocompletion To make searching much easier and faster, the search engine now provides intelligent auto-completion within the expanded map view. As you type or update a new search query, DuckDuckGo will dynamically show search suggestions that are tailored to the local region displayed. A dedicated Maps tab Similar to Google, you will see a dedicated Maps tab in DuckDuckGo at the top of every search results page. Previously, the Maps tab was shown only for map-related searches, but from now on you will consistently see the tab alongside Images, Videos, and News. So, if you search for “cupcakes” and go to the Maps tab you will see local cupcake places. “Privacy by design, without any tradeoffs” Along with these great enhancements, DuckDuckGo is also promising for stricter user privacy. “A lot has changed with using maps on DuckDuckGo making it an even smoother experience, but what hasn’t changed is the way we handle your data—or rather, the way we don’t do anything with your data. We are making local searches faster while retaining the privacy you expect,” the post reads. It further emphasized that they do not share any personally identifiable information such as IP address and also make it point to discard any such information immediately after use. It is great that DuckDuckGo is expanding the use of Apple Maps along with promising better privacy to its users. Many users appreciated this update and believe that this is the right step towards becoming “a worthy competitor to Google Search.” Others said that Apple Maps is way behind Google Maps. Users have experienced that Apple Maps’ quality seems to highly depend on the user location. A user shared his experience saying, “I’ve used Apple Maps as my primary map since it came out, and I’ve only gotten a wrong location one time in literally thousands of searches, and that was years ago. It wasn’t really ready when it launched, but it has gotten consistently better over time.” He further added, “The UX is great, in many cases, the satellite imagery is more up-to-date compared to Google, and it doesn’t maul my battery to use. Not saying it’s clearly better than Google, because it isn’t, but for my usage, it’s more than “good enough,” and I love to see Apple’s privacy-respecting products compete effectively with big G.” Read the full announcement on DuckDuckGo’s official website. Time for data privacy: DuckDuckGo CEO Gabe Weinberg in an interview with Kara Swisher DuckDuckGo proposes “Do-Not-Track Act of 2019” to require sites to respect DNT browser setting DuckDuckGo now uses Apple MapKit JS for its map and location-based searches

A vulnerability in the stack protection feature in LLVM's Arm backend becomes ineffective when the stack protector slot is re-allocated. This was notified as a vulnerability note in the Software Engineering Institute of the CERT Coordination Center. The stack protection feature is optionally used to protect against buffer overflows in the LLVM Arm backend. A cookie value is added between the local variables and the stack frame return address to make this feature work. After storing this value in memory, the compiler checks the cookie with the LocalStackSlotAllocation function. The function checks if the value has been changed or overwritten. It is terminated if the address value is found to be changed.  If a new value is allocated later on, the stack protection becomes ineffective as the new stack protector slot appears only after the local variables which it is supposed to protect. It is also possible that the value gets overwritten by the stack cookie pointer. This happens when the stack protection feature is rendered ineffective.  When the stack protection feature becomes ineffective, the function becomes vulnerable to stack-based buffer overflow. This can cause the return address to be changed or the cookie to be overwritten itself, thus causing an unintended value to be passed through the check. The proposed solution for the stack vulnerability is to apply the latest updates from both the LLVM and Arm. This year saw many cases of buffer overflow vulnerabilities. In the June release of VLC 3.0.7, many security issues were resolved. One of the high security issues resolved was about the stack buffer overflow in the RIST Module of VLC 4.0.  LLVM WebAssembly backend will soon become Emscripten’s default backend, V8 announces Google proposes a libc in LLVM, Rich Felker of musl libc thinks it’s a very bad idea Introducing InNative, an AOT compiler that runs WebAssembly using LLVM outside the Sandbox at 95% native speed

On Tuesday, Fabrice Bellard, the creator of FFmpeg and QEMU and Charlie Gordon, a C expert, announced the first public release of QuickJS. Released under MIT license, it is a “small but complete JavaScript engine” that comes with support for the latest ES2019 language specification. Features in QuickJS JavaScript engine Small and easily embeddable: The engine is formed by a few C files and does not have any external dependency. Fast interpreter: The interpreter shows impressive speed by running 56,000 tests from the ECMAScript Test Suite1 in just 100 seconds, and that too on a single-core CPU. A runtime instance completes its life cycle in less than 300 microseconds. ES2019 support: The support for ES2019 specification is almost complete including modules, asynchronous generators, and full Annex B support (legacy web compatibility). Currently, it does not has support for realms and tail calls. No external dependency: It can compile JavaScript source to executables without the need for any external dependency. Command-line interpreter: The command-line interpreter comes with contextual colorization and completion implemented in Javascript. Garbage collection: It uses reference counting with cycle removal to free objects automatically and deterministically. This reduces memory usage and ensures deterministic behavior of the JavaScript engine. Mathematical extensions: You can find all the mathematical extensions in the ‘qjsbn’ version, which are fully-backward compatible with standard Javascript. It supports big integers (BigInt), big floating-point numbers (BigFloat), operator overloading, and also comes with ‘bigint’ and ‘math’ mode. This news struck a discussion on Hacker News, where developers were all praises for Bellard’s and Gordon’s outstanding work on this project. A developer commented, “Wow. The core is a single 1.5MB file that's very readable, it supports nearly all of the latest standard, and Bellard even added his own extensions on top of that. It has compile-time options for either a NaN-boxing or traditional tagged union object representation, so he didn't just go for a single minimal implementation (unlike e.g. OTCC) but even had the time and energy to explore a bit. I like the fact that it's not C99 but appears to be basic C89, meaning very high portability. Despite my general distaste for JS largely due to websites tending to abuse it more than anything, this project is still immensely impressive and very inspiring, and one wonders whether there is still "space at the bottom" for even smaller but functionality competitive implementations.” Another wrote, “I can't wait to mess around with this, it looks super cool. I love the minimalist approach. If it's truly spec compliant, I'll be using this to compile down a bunch of CLI scripts I've written that currently use node. I tend to stick with the ECMAScript core whenever I can and avoid using packages from NPM, especially ones with binary components. A lot of the time that slows me down a bit because I'm rewriting parts of libraries, but here everything should just work with a little bit of translation for the OS interaction layer which is very exciting.” To know more about QuickJS, check out Fabrice Bellard's official website. Firefox 67 will come with faster and reliable JavaScript debugging tools Introducing Node.js 12 with V8 JavaScript engine, improved worker threads, and much more React Native 0.59 is now out with React Hooks, updated JavaScriptCore, and more!

Yesterday, Mozilla announced the release of Firefox 68, which brings new updates like support for BigInts, Contrast Checks, dark mode in reader view, and a reimplemented URL bar. They have also added Enhanced Tracking Protection which blocks known “third-party tracking cookies” by default. Improved extension security and discovery Firefox 68 comes with a new reporting feature in ‘about:addons’ using which you can report any security and performance issues with extensions and themes. The team has also redesigned the extensions dashboard in ‘about:addons’ where you can find all the information about your extensions including data and settings access required by each extension. You can get high quality, secure extensions from Mozilla’s Recommended Extensions program present in ‘about:addons’. These recommended extensions are indicated by special badging on addons.mozilla.org (AMO): Source: Mozilla Additionally, to provide users improved protection from threats and annoyances on the web, Firefox 68 comes with cryptomining and fingerprinting protections added to strict content blocking settings in Privacy & Security preferences. Read also: Mozilla adds protection against fingerprinting and Cryptomining scripts in Firefox Nightly and Beta Support for JavaScript BigInt Firefox 68 comes with support for JavaScript’s new BigInt numeric type, which is currently in stage 3 of the ECMAScript specification. Previously, JavaScript only had the Number numeric type. As JavaScript considers numbers as floating-point, they can represent both integers and decimal fractions. Source: Mozilla However, the limitation is that 64-bits floats fail to reliably represent integers larger than 2 ** 53. To make working with large number easier, a new primitive is introduced, BigInt. It provides a way to represent whole numbers larger than 2 ** 53. Updates in DevTools In addition to enhancing the already smart debugging tools, Firefox 68 brings more improvements in DevTools: Accessibility checks in DevTools: This release ships with a new capability for DevTools that check for basic accessibility issues in your web pages. The Accessibility Inspector now comes with a new ‘Check’ that currently reports any color contrast issue with text on a page. The Firefox team plans to add a number of audit tools to highlight accessibility problems on your website in future releases. A way to emulate print media from DevTools: A button is added to the Page inspector using which you can enable “print media emulation”. This makes it easy to see what elements of a page will be visible when printed. Improved CSS warnings: The Web console will show you more information about CSS warnings and include a link to related nodes. A Web console filter: You can now filter content in the Web console using a valid regular expression. Here’s a video showing how this works: https://youtu.be/E6bGOe2fvW0 Web compatibility This release fixes a few web compatibility issues to ensure that every user will be able to access a website regardless of their choice of device or browser: Internet Explorer’s legacy rules property and addRule() and removeRule() CSS methods are added to the CSSStyleSheet interface. Safari’s ‘-webkit-line-clamp’ CSS property is also added. Support for CSS scroll snapping Firefox 68 comes with support for CSS scroll snapping that gives you a standardized way to control the behavior of scrolling inside a container. It works in a very similar fashion to how native apps work on phones and tablets. Now that this update has landed in Firefox, developers will have the same version of the specification as Chrome and Safari. Developers who have used the old Firefox implementation of the Scroll Snap specification are required to update their code, otherwise scroll snapping will no longer work in Firefox 68 and up. The reimplemented URL bar, QuantumBar Firefox’s URL bar, which is also known as the AwesomeBar, has been completely reimplemented using HTML, CSS, and JavaScript web technologies. This overhauled version is named ”QuantumBar”. Though not much will change appearance-wise, its updated architecture behind the scenes will make it easier to maintain and extend in the future. Access to cameras and other media devices now require HTTPS Starting from Firefox 68, camera and microphone will require an HTTPS connection to work. The getUserMedia method will throw NotAllowedError if you try to access the media devices from an insecure HTTP connection, similar to how Chrome works. Many developers are happy with this update. A user on Hacker News commented, “It's fantastic that it works with localhost (and I assume 127.0.0.1?), and it's fantastic that it doesn't work with anything else. This is the best middle ground.” However, some are also worried considering that this will affect the current working of their apps or websites. “This sucks, my community[1] has a local offline-first video/audio call app that we run on a physical mesh network. This will make it impossible for people to talk to each other, without first needing to be connected online to some certificate authority, or without some extraordinarily difficult pre-installation process, which is often not even possible on a phone. HTTPS was important, but now it's being used to shoehorn dependency on a centralized online-only authority. Perfectly ripe to censor anyone.”, wrote a Hacker News user To know more in detail, check out the official announcement by Mozilla. Mozilla launches Firefox Preview, an early version of a GeckoView-based Firefox for Android Firefox 67 enables AV1 video decoder ‘dav1d’, by default on all desktop platforms Mozilla makes Firefox 67 “faster than ever” by deprioritizing least commonly used features

Photon Micro is an open-source, lightweight and modular GUI, which comprises of fine-grained and flyweight ‘elements’. It uses a declarative C++ code with a heavy emphasis on reuse, to form deep element hierarchies. Photon has its own HTML5 inspired canvas drawing engine and uses Cairo as a 2D graphics library. Cairo supports the X Window System, Quartz, Win32, image buffers, PostScript, PDF, and SVG file output. Joel de Guzman, the creator of Photon Micro GUI, and the main author of the Boost.Spirit Parser library, the Boost.Fusion library and the Boost.Phoenix library says, “One of the main projects I got involved with when I was working in Japan in the 90s, was a lightweight GUI library named Pica. So I went ahead, dusted off the old code and rewrote it from the ground up using modern C++.” The Photon Micro GUI client can use the following gallery code: Image Source: Cycfi This pops up a warning: Image Source: Cycfi Some highlights of Photon Micro GUI Modularity and reuse are two important design aspects of the Photon Micro GUI. It is supported by the following functionalities: Share Photon Micro GUI can be shared using std::shared_ptr. Hold Hold can be used to share an element somewhere in the view hierarchy. Key_intercept It is a delegate element that intercepts key-presses. Fixed_size Elements are extremely lightweight, fixed_size fixes the size of the GUI contained element. margin, left_margin These are two of the many margins, including right_margin, top_margin, etc. It adds padding around the element like the margin adds 20 pixels all around the contained element. The left_margin adds a padding of 20 pixels to separate the icon and the text box. vtile, htile Vertical and horizontal fluid layout elements allocate sufficient space to contained elements. This enables stretchiness, fixed sizing, and vertical and horizontal alignment, to place elements in a grid. Stretchiness is the ability of elements to stretch within a defined minimum and maximum size limit. Guzman adds, “While it is usable, and based on very solid architecture and design, there is still a lot of work to do. First, the Windows and Linux ports are currently in an unusable state due to recent low-level refactoring.” Some developers have shown interest in the elements of Photon Micro GUI. https://twitter.com/AlisdairMered/status/1148242189354450944 A user on Hacker News comments, “Awesome, that looks like an attempt to replace QML by native C++. Would be great if there was a SwiftUI inspired C++ UI framework (well, of course C++ might not lend itself so well for the job, but I'm just very curious what it would look like if someone makes a real attempt).” Some users feel that more work needs to be done to make this GUI more accessible and less skeuomorphic. [box type="shadow" align="" class="" width=""]Skeuomorphism is a term most often used in graphical user interface design to describe interface objects that mimic their real-world counterparts in how they appear and/or how the user can interact with them (IDF).[/box] A user says, “Too many skeuomorphic elements. He needs to take the controls people know and understand and replace them with cryptic methods that require new learning, and are hidden from view by default. Otherwise, no one will take it seriously as a modern UI.” Another user on Hacker News adds, “don’t use a GUI toolkit like this, that draws its own widgets rather than using platform standard ones when developing a plugin for a digital audio workstation (e.g. VST or Audio Unit), as this author is apparently doing. Unless someone puts in all the extra effort to implement platform-specific accessibility APIs for said toolkit.” For details about the other highlights, head over to Joel de Guzman’s post. Apple showcases privacy innovations at WWDC 2019: Sign in with Apple, AdGuard Pro, new App Store guidelines and more Google and Facebook allegedly pressured and “arm-wrestled” EU expert group to soften European guidelines for fake news: Open Democracy Report Google I/O 2019 D1 highlights: smarter display, search feature with AR capabilities, Android Q, linguistically advanced Google lens and more  

Last week, Mozilla disclosed the winners of Mozilla Research Grants for the first half of 2019. Among the winning proposals was “Bringing Julia to the Browser” that aligns with Mozilla’s goal to bring data science and scientific computing tools to the browser. Mozilla had said it was specifically interested in receiving submissions about supporting R or Julia at the browser level. Every six months Mozilla awards grants of value $25,000 to support research in emerging technologies and also topics relevant to Mozilla. It started accepting proposals for 2019 H1 funding series in April this year. https://twitter.com/jofish/status/1121860158835978241 These proposals were expected to address any one of the twelve research questions under the following three categories: Growing the Web: WASM, Rust, Digital trust for cost-conscious users, Beyond online behavioral advertising (OBA) New Interaction Modes: Iodide: R or Julia in the Browser, Fathom, Futures, Mixed Reality, Voice, Common Voice Privacy & Security: Data, Privacy & Security for Firefox Mozilla has been constantly putting its efforts to make the life of data scientists easier on the web. In March, it introduced Iodide that allows data scientists to create interactive documents using web technologies. In April, it came up with Pyodide that brings the Python runtime to the browser via WebAssembly. By funding this research by Valentin Churavy, an MIT Ph.D. student and a member of the official Julia team, Mozilla is taking the next step towards improving access to popular data science tools on the web. They are planning to port R or Julia, languages that are popular among statisticians and data miners, to WebAssembly. Their ultimate goal is to introduce a plugin for Iodide that will automatically convert data basic types between R/Julia and Javascript and will be able to share class instances between R/Julia and Javascript. Though Python and R have been developers’ first choice, Julia is also catching up in becoming one of the promising languages for scientific computing. Its execution speeds are comparable to that of C/C++ and high-level abstractions are comparable to MATLAB. It offers support for modern machine learning frameworks such as TensorFlow and MXNet. Developers can also use Flux, a Julia machine learning library to easily write neural networks. Following are all the Mozilla Research Grants for 2019H1: Source: Mozilla Research Mozilla will be opening a new round of grants in fall this year (probably in November). To know more, check out its official announcement and also join the mailing list. Mozilla introduces Pyodide, a Python data science stack compiled to WebAssembly Mozilla introduces Iodide, a tool for data scientists to create interactive documents using web technologies Mozilla’s Firefox Send is now publicly available as an encrypted file sharing service

Today an exciting news was awaiting the Next.js users, five months after Next.js 8 was released. Today the Next.js team has released their next version Next.js 9. The major highlights of this release are the built in zero-config TypeScript support, automatic static optimization, API routes and improved developer experience. All the features are backwards compatible with the earlier versions of Next.js. Some of the major features are explained in brief below: Built-In Zero-Config TypeScript Support Automated Setup Getting started with TypeScript in Next.js is easy: rename any file, page or component, from ‘.js’ to ‘.tsx’. Then, run ‘next dev’. Next.js will also create a default ‘tsconfig.json’ with sensible defaults, if not already present. Integrated Type-Checking While in development Next.js will show type errors after saving a file. Type-checking happens in the background, allowing users to interact with the updated application in the browser instantly. Type errors will propagate to the browser as they become available. Next.js will also automatically fail the production build, if type errors are present. This helps prevent shipping broken code to production. Dynamic Route Segments Next.js supports creating routes with basic named parameters, a pattern popularized by ‘path-to-regexp’. Creating a page that matches the route ‘/post/:pid’ can now be achieved by creating a file in your pages directory named: ‘pages/post/[pid].js’. Next.js will automatically match requests like ‘/post/1, /post/hello-nextjs’, etc and render the page defined in ‘pages/post/[pid].js’. The matching URL segment will be passed as a query parameter to your page with the name specified between the ‘[square-brackets]’. Automatic Static Optimization Starting with Next.js 9, users will no longer have to make the choice between fully server-rendering or statically exporting their application. Users can now do both on a per-page basis. Automatic Partial Static Export A heuristic was introduced to automatically determine if a page can be prerendered to static HTML using ‘getInitialProps’. This allows Next.js to emit hybrid applications that contain both server-rendered and statically generated pages. The built-in Next.js server (‘next start’) and programmatic API (‘app.getRequestHandler()’) both support this build output transparently. There is no configuration or special handling required. Statically generated pages are still reactive: Next.js will hydrate the application client-side for full interactivity. Furthermore, Next.js will update the application after hydration also, if the page relies on query parameters in the URL. API Routes To start using API routes, users have to create a directory called ‘api/’ inside the ‘pages/ directory’. All files in this directory will be automatically mapped to ‘/api/<your route>’, in the same way as other page files are mapped to routes. All the files inside the ‘pages/api/’ directory export a request handler function instead of a React Component. Besides using incoming data, the API endpoint will also return data. Next.js will provide ‘res.json()’ by default making it easier to send data. When making changes to API endpoints in development, the user need not restart the server as the code is automatically reloaded. Production Optimizations Prefetching in-Viewport <Link>s Next.js 9 will automatically prefetch <Link> components as they appear in-viewport. This feature improves the responsiveness of users application by making navigations to new pages quicker. Next.js uses an Intersection Observer to prefetch the assets necessary in the background. These requests have low-priority and yield to ‘fetch()’ or XHR requests. Next.js will avoid automatically prefetching if the user has data-saver enabled. Optimized AMP by Default Next.js 9 will render optimized AMP by default. Optimized AMP is up to 50% faster than traditional AMP. Dead Code Elimination for typeof window Branches Next.js 9 replaces ‘typeof window’ with its appropriate value (undefined or object) during server and client builds. This change allows Next.js to remove dead code from compiled code automatically. Developer Experience Improvements Next.js 9 aims to bring unobtrusive and ease-of-use improvements to help its users develop in the best way. Compiling Indicator An RFC / "good first issue" has been created to discuss potential solutions for the problem of indicating that work is being done. Users will also see a small triangle to show that Next.js is doing compilation work, at the bottom right corner of the page. Console Output Starting from Next.js 9, the log output will jump less and will no longer clear the screen. This allows for a better overall experience as the users terminal window will have more relevant information and will flicker less, while Next.js will integrate better. Users are very happy with the striking features introduced in Next.js 9. https://twitter.com/johnbrett_/status/1148167900840255489 https://twitter.com/chanlitohem/status/1148167705834352640 A user on Reddit says that, “That API routes feature looks amazing. Will definitely check it out.” Another Redditor comments, “Gonna give v9 a try today. Very stoked for the new dynamic routing!” Head over to the Next.js official blog for more details. Next.js 7, a framework for server-rendered React applications, releases with support for React context API and Webassembly Meet Sapper, a military grade PWA framework inspired by Next.js 16 JavaScript frameworks developers should learn in 2019

Two days ago, the team behind Debian announced the release of Debian stable version 10 (codename - ‘buster’), which will be supported for the next 5 years. Debian 10 will use the Wayland display server by default, includes over 91% of source reproducible projects, and ships with several desktop applications and environments.  Yesterday, Debian also released the GNU/Hurd 2019, which is a port release. It is currently available for the i386 architecture with about 80% of the Debian archive. What's new in Debian 10 Wayland display server In this release, GNOME will use the Wayland display server by default, instead of Xorg. Wayland’s simple and modern design provides advantages in terms of security. The Xorg display server is installed in Debian 10, by default. Users can use the default display manager to change the display server in their session. Reproducible Builds project In Debian 10, the Reproducible Builds project plans to have over 91% of the source packages  built in bit-for-bit identical binary packages. This will work as an important verification feature for users as it will protect them against malicious attempts to tamper with compilers and build networks.  Desktop applications Debian 10 “buster” ships with several desktop applications and environments. Some of the desktop environments include: Cinnamon 3.8 GNOME 3.30 KDE Plasma 5.14 LXDE 0.99.2 Other highlights in Debian 10 AppArmor, a mandatory access control framework for restricting programs' capabilities, is installed and enabled by default for security-sensitive environments. All methods provided by Advanced Package Tool (APT) (except cdrom, gpgv, and rsh) can optionally make use of seccomp-BPF sandboxing. The https method for APT is included in the apt package and does not need to be installed separately.  Network filtering, based on the nftables framework is set by default. Starting with iptables v1.8.2, the binary package includes two variants of the iptables command line interface: iptables-nft and iptables-legacy. The UEFI (Unified Extensible Firmware Interface), which is a specification for a software program that connects a computer's firmware to its operating system, introduced in Debian 7, has been greatly improved in Debian 10.  The Secure Boot support is included in this release for amd64, i386 and arm64 architectures and will work on most Secure Boot-enabled machines. This means that users will not have to disable the Secure Boot support in the firmware configuration. The cups and cups-filters packages installed by default in Debian 10, allows users to take advantage of driverless printing.  This release includes numerous updated software packages such as Apache 2.4.38, BIND DNS Server 9.11, Chromium 73.0, Emacs 26.1, Firefox 60.7 and more.  Visit the Debian official website, for more details on Debian 10. What’s new in Debian GNU/Hurd 2019 An Advanced Configuration and Power Interface Specification (ACPI) translator has been made available, it is currently only used to shut down the system.  The LwIP TCP/IP stack, which is a widely used open-source TCP/IP stack designed for embedded systems, is now available as an option.  A Peripheral Component Interconnect (PCI) arbiter has been introduced and will be useful to properly manage PCI access, as well as to provide fine-grain hardware access.   New optimizations now include protected payloads, better paging management and message dispatch, and gsync synchronization.  Support for LLVM has also been introduced.  Besides the Debian installer, a pre-installed disk image is also available for installing ISO images.  The general reaction to both the Debian news has been positive with users praising Debian for always staying up to date with the latest features. A Redditor says, “Through the years I've seen many a "popular" distro come and go, yet Debian remains.” Another user on Hacker News adds, “I left Redhat at 8.0(long time ago, before Fedora) and started using debian/ubuntu and never looked back, in my opinion, while Redhat made a fortune by its business model, Debian and ubuntu are the true community OS, I can't ask for more. Debian has been my primary Server for the last 15 years, life is good with them. Thank you so much to the maintainers and contributors for putting so much effort into them.” Read the Debian mailing list, for more information on Debian GNU/Hurd. Debian GNU/Linux port for RISC-V 64-bits: Why it matters and roadmap Debian maintainer points out difficulties in Deep Learning Framework Packaging Debian project leader elections goes without nominations. What now?

Last week, the team behind Babel announced the release of Babel 7.5.0. This release ships with improved support for a few ECMAScript proposals including the F# variant of the Stage 1 pipeline operator and an official plugin for the Stage 4 dynamic import() proposal. It also comes with an experimental TypeScript namespaces support. Following are some of the highlights from Babel 7.5.0: F# pipeline operator The pipeline operator proposal introduces a syntactic sugar (|>) for greater readability when chaining several functions together. This operator is similar to F#, OCaml, Elixir, Elm, Julia, Hack, and LiveScript, as well as UNIX pipes. Starting from the 7.0.0-beta release, Babel had the “minimal” variant of the pipeline operator proposal. Then came the “Smart” variant in Babel 7.3.0 and with this release we have the F# variant. The difference between the smart and F# variant is that the latter uses the concept of arrow functions instead of "topic references" (#). “This has the advantage of being more similar to current JavaScript, at the cost of a slightly less concise syntax,” the team explained as the advantage for this change. You can test this new variant by adding ‘@babel/plugin-proposal-pipeline-operator’ to your Babel configuration. You can also try it out in the REPL by enabling the "Stage 1" preset. Dynamic import transform Though Babel has support for parsing dynamic imports, it does not provide a consistent way to transform them. It allows parsing import(foo), but asks developers to use webpack or ‘babel-plugin-dynamic-import-node’ to transpile it. To solve this problem, Babel 7.5.0 introduces the ‘@babel/plugin-proposal-dynamic-import’ plugin, which you can use alongside one of the module transform plugins. Experimental TypeScript namespaces support When TypeScript support initially came to Babel, it did not include namespaces as they require type information that can only be provided by a full TypeScript compiler and type-checker. Starting from Babel 7.5.0, you can enable experimental support for namespaces in the TypeScript plugin using the ‘allowNamespaces’ option of ‘@babel/plugin-transform-typescript’. However, there are some limitations in this experimental support that you need to keep in mind: one, namespaces can only export immutable bindings and second, when merging multiple namespaces with the same name, their scope isn't shared. These were some of the updates in Babel 7.5.0. To know more in detail check out the official announcement and also the release notes. Babel 7 released with Typescript and JSX fragment support How to create a native mobile app with React Native [Tutorial] Meteor 1.8 addresses technical debt of 1.7 with delayed legacy builds, upgraded to Babel 7, Mongo 4

Update: Added response from Rahul Vohra, CEO of Superhuman. Last week, Mike Davidson, the former VP of design at Twitter and founder of Newsvine, questioned the ethics and responsibility of Superhuman, one of Silicon Valley’s most talked about email app in a blog post. He called the app a “surveillance tool” that embed tracking pixels inside emails sent by its customers.  https://twitter.com/mikeindustries/status/1146092247437340672 Superhuman was founded in 2017 by Rahul Vohra with the aims to reinvent the email experience. It is an invitation-only service, mainly targeted towards business users that costs $30/month. Last month, the startup was able to raise a $33 million investment round that was led by Mr. Andreessen’s firm, Andreessen Horowitz and is now valued at $260 million. https://twitter.com/Superhuman/status/1144380806036516864   “Superhuman teaches its users to surveil by default” The email app bundles many modern features like snoozing, scheduling, undo send, insights from social networks, and more. The feature that Davidson talked about was “Read Receipts”, which is an opt-in common feature we see in many messaging email clients that indicates the read/unread status.  Davidson highlights that Superhuman gives you this read/unread status in a very detailed way. It allows sending and receiving emails embedded with tracking pixels, which is a small and hidden image in an email. When the recipient clicks on the email, the image reports a running log of every single time the recipient has opened the mail, including their location, regardless of the email client the recipient is using. The worst part is that it is on by default and many users do not usually bother to change the default settings. Here’s a log that Davidson shared in his post: Source: Mike Davidson’s blog post What do people think of this feature? Many people felt that sharing the number of times an email was read, geolocation of the recipient, and other information is intrusive and violates user privacy. In his post, Davidson talked about several “bad things” people can do using this technology, that the developers might have not even intended for. Some users agreed to this and pointed out that sharing such personal information can prove to be very dangerous for the recipients.  https://twitter.com/liora_/status/1146122407737876481 Others gave the rationale that many email clients are doing the same thing including Gmail, Apple Mail, and Outlook. Embedding tracking pixels in an email is also very commonly used by email marketing platforms.  https://twitter.com/nickabouzeid/status/1144296483778228224 https://twitter.com/bentruyman/status/1146137938121543680 https://twitter.com/chrisgrayson/status/1146319066493313024   As a response to this, Davidson rightly said, “The main point here is: just because technology is being used unethically by others does not mean you should use it unethically yourself. Harmful pesticides have also been around for years. That doesn’t mean you should use them yourself.” Davidson further explained what making such unethical decisions means for a company in the long run. In the beginning days of a company, there are no set principles for its people to make decisions. It is basically what the founders think is right for the company. At that time,  every decision that you make, whether it is good or bad, makes the foundation of what Davidson calls as “decision genome”. He adds, “With each decision a company makes, its “decision genome” is established and subsequently hardened.” He says the decisions that seem small in the beginning actually become the basis of many other big decisions you will make in the future. This will ultimately affect your company’s ethical trajectory. “The point here is that companies decide early on what sort of companies they will end up being. The company they may want to be is often written in things like “core values” that are displayed in lunch rooms and employee handbooks, but the company they will be is a product of the actual decisions they make — especially the tough decisions,” he adds. Many agreed on the point Davidson makes here, and think that this is not just limited to a single company but in fact, the entire ecosystem. David Heinemeier Hansson, the creator of Ruby on Rails, believes that Silicon Valley especially is in serious need for recalibration. https://twitter.com/dhh/status/1146403794214883328 What can be some possible solutions One workaround can be disabling images in email by default since the tracking pixels are sent as images. However, Superhuman does not even allow that. “Superhuman doesn’t even let its own customers turn images off. So merely by using Superhuman, you are vulnerable to the exact same spying that Superhuman enables you to do to others,” Davidson mentions. The next step for Superhuman, Davidson suggests is to apologize and remove this feature. He further recommends that Superhuman should, in fact, protect its users from emails that have tracking pixels. Another mitigation he suggests is to add a “Sent via Superhuman”  signature so that the receiver is aware that their data will be sent to the sender. https://twitter.com/mikeindustries/status/1144360664275673088 If these do not suffice, Davidson gave a harsh suggestion to publicly post surveilled email on Twitter or other websites: https://twitter.com/mikeindustries/status/1144315861919883264 How Superhuman has responded to this criticism Yesterday, Rahul Vohra, the CEO of Superhuman responded that the company understands the severity of sharing such personal information, especially the state or country level location. He further shared what steps the company is taking to address the concerns raised against the feature. He listed the following changes:  We have stopped logging location information for new email, effective immediately. We are releasing new app versions today that no longer show location information. We are deleting all historical location data from our apps. We are keeping the read status feature, but turning it off by default. Users who want it will have to explicitly turn it on. We are prioritizing building an option to disable remote image loading. Many Twitter users appreciated Vohra’s quick response: https://twitter.com/chadloder/status/1146564393884254209 https://twitter.com/yuvalb/status/1146542900559405056 https://twitter.com/kmendes/status/1146569165211234304 Read Davidson’s post to know more in detail. Google announces the general availability of AMP for email, faces serious backlash from users A security researcher reveals his discovery on 800+ Million leaked Emails available online VFEMail suffers complete data wipe out!

Yesterday, the team behind V8, an open source JavaScript engine, shared the work they with the community have been doing to make LLVM WebAssembly the default backend for Emscripten. LLVM is a compiler framework and Emscripten is an LLVM-to-Web compiler. https://twitter.com/v8js/status/1145704863377981445 The LLVM WebAssembly backend will be the third backend in Emscripten. The original compiler was written in JavaScript which used to parse LLVM IR in text form. In 2013, a new backend was written called Fastcomp by forking LLVM, which was designed to emit asm.js. It was a big improvement in code quality and compile times. According to the announcement the LLVM WebAssembly backend beats the old Fastcomp backend on most metrics. Here are the advantages this backend will come with: Much faster linking The LLVM WebAssembly backend will allow incremental compilation using WebAssembly object files. Fastcomp uses LLVM Intermediate Representation (IR) in bitcode files, which means that at the time of linking the IR would be compiled by LLVM. This is why it shows slower link times. On the other hand, WebAssembly object files (.o) already contain compiled WebAssembly code, which accounts for much faster linking. Faster and smaller code The new backend shows significant code size reduction as compared to Fastcomp.  “We see similar things on real-world codebases that are not in the test suite, for example, BananaBread, a port of the Cube 2 game engine to the Web, shrinks by over 6%, and Doom 3 shrinks by 15%!,” shared the team in the announcement. The factors that account for the faster and smaller code is that LLVM has better IR optimizations and its backend codegen is smart as it can do things like global value numbering (GVN). Along with that, the team has put their efforts in tuning the Binaryen optimizer which also helps in making the code smaller and faster as compared to Fastcomp. Support for all LLVM IR While Fastcomp could handle the LLVM IR generated by clang, it often failed on other sources. On the contrary, the LLVM WebAssembly backend can handle any IR as it uses the common LLVM backend infrastructure. New WebAssembly features Fastcomp generates asm.js before running asm2wasm. This makes it difficult to handle new WebAssembly features like tail calls, exceptions, SIMD, and so on. “The WebAssembly backend is the natural place to work on those, and we are in fact working on all of the features just mentioned!,” the team added. To test the WebAssembly backend you just have to run the following commands: emsdk install latest-upstream emsdk activate latest-upstream Read more in detail on V8’s official website. V8 7.2 Beta releases with support for public class fields, well-formed JSON.stringify, and more V8 7.5 Beta is now out with WebAssembly implicit caching, bulk memory operations, and more Google’s V8 7.2 and Chrome 72 gets public class fields syntax; private class fields to come soon