Tech News - Web Development

Uber’s design and engineering team has introduced a universal system called Base Web design system, which was open sourced in 2018. Base Web is a suite of React components implementing the “base” design language quickly and easily creating web applications. At Uber, developers, product managers, operations teams, and other employees have to interact with different web applications on a daily basis. As all of these web applications function differently, it puts an additional overhead of learning how to interact with them most effectively. To reduce this time and effort, Uber wanted an universal system, which will act as “a foundation, a basis for initiating, evolving, and unifying web products”. Having a universal design system helps teams of engineers, designers, and product managers to easily work together. It also helps new engineers and designers to quickly get an hang of the possible components and design tokens used by a given engineering organization. One of the key reasons for introducing Base Web was to make it easy for developers to reuse components. Uber’s design and engineering team after talking to its engineers determined that they mainly needed access to: Style customizations The ability to modify the rendering of a component So, they introduced a unified overrides API, which comes with the following benefits: Eliminates top-level properties API overload There is no longer extra properties proxying inconsistently across the composable components Allows you to completely replace the components. Uber is now using Base Web across teams to create its web applications. “Open sourced in 2018 to enable others to experience the benefits of this solution, Base Web is now used across Uber, ensuring a seamless development experience across our web applications,” reads the announcement. To read the official announcement, visit Uber’s official website. Uber open-sources Peloton, a unified Resource Scheduler Introducing ‘Quarkus’, a Kubernetes native Java framework for GraalVM & OpenJDK HotSpot Uber and Lyft drivers strike in Los Angeles  

In January this year, Brave announced that it is previewing its new advertising feature, Brave Ads. It opened this feature to all users of its desktop browser for macOS, Windows, and Linux yesterday. Brave Ads is an opt-in digital advertising feature built with user privacy in mind. https://twitter.com/brave/status/1121081425254473728 Previously, we have seen many pay-to-surf sites, but most of them eventually disappeared because of the dot-com bubble. However, Brendan Eich, the CEO, and co-founder of Brave software is pretty confident about his plan. He said, “With Brave Ads, we are launching a digital ad platform that is the first to protect users’ data rights and to reward them for their attention.” He further adds, “Brave Ads also aims to improve the economics and conversion of the online advertising industry, so that publishers and advertisers can thrive without the intermediaries that collect huge fees and that contribute to web-wide surveillance. Privacy by design and no tracking are integral to our mission to fix the Web and its funding model.” Brave is working with various ad networks and brands to create Brave ads catalog inventory. These catalogs are pushed to available devices on a recurring basis. The ads for these catalogs are supplied by Vice, Home Chef, Ternio BlockCard, MyCrypto, eToro, BuySellAds, TAP Network, AirSwap, Fluidity, and Uphold. How Brave Ads work? Brave is based on Chromium that blocks tracking scripts and other technologies that spy on your online activity. So advertisements are generally not shown by default when one uses the Brave browser. Now, Brave Ads puts users in control by allowing them to decide how many ads they would like to see. It ensures user privacy by doing ad matching directly on the users’ device so that their personal data is not leaked to anyone. Out of the revenue generated by viewing these ads, users will get a 70% share and the remaining 30% will go to Brave. This 70% percent cut is estimated to be about $5 per month according to Eich. Users will be paid with Brave’s bitcoin-style "cryptocurrency” called Basic Attention Tokens (BAT). Users can claim these tokens at the close of every Brave Rewards monthly cycle. To view Brave Ads, users are required to enable Brave Rewards by going to the Brave Rewards “setting” page (brave://rewards/). Those who are already using Brave Rewards will get a notification screen to enable this feature. Once a user opts into Brave Rewards, they are presented with offers in the form of notifications. When users click on these notifications, they will be directed to a full page ad in a new ad tab. Right now, users can auto-contribute their earned rewards to their favorite websites or content creators. The browser will soon allow users to use BAT for premium content and also redeem it for real-world rewards such as hotel stays, restaurant vouchers, and gift cards. It also plans to bring an option that will let users convert their BAT into local fiat currency through exchange partners. Brave Ads have received a very mixed reaction from the users. While some compare its advertising model with that of YouTube, others think that the implementation is unethical. One user on Reddit commented, “This idea is very interesting. It reminds me of how YouTube shares their ad revenue with content creators, and that in turn grows YouTube's network and business...The more one browsed or shared of their data, the more one would get paid. It's simple business.” A skeptical user said, “I'm a fan of Brave's mission, and the browser itself is great (basically Chromium but faster), but the practice of hiding publisher's ads but showing their own, which may or may not end up compensating the publisher, seems fairly unethical.” For more details, check out the official announcement by Brave. Brave introduces Brave Ads that share 70% revenue with users for viewing ads Brave Privacy Browser has a ‘backdoor’ to remotely inject headers in HTTP requests: HackerNews Brave 0.55, ad-blocking browser with 22% faster load time and is generally available and works on Chromium

Yesterday, the Svelte community announced the stable release of Svelte 3. In this version, the team has worked towards moving reactivity into the language. Developers will now be able to write components in Svelte with significantly less boilerplate. Svelte is a component framework, similar to JavaScript frameworks such as React and Vue, but comes with an important difference. In the case of traditional frameworks, the major part of the work happens in the browser. On the other hand, Svelte shifts this work into a compile step that happens at the time when your app is built. Instead of relying on techniques like virtual DOM diffing, with this framework, you can write code that surgically updates the DOM when the app state changes. Rich Harris, the Svelte developer, says Svelte aims to be more like spreadsheets. “Spreadsheets are pretty cool and we should be more like them...Wouldn’t it be wonderful if the tools we use to build the web becomes as accessible as spreadsheets are? And, that is one of the Svelte’s overriding goals to make web development accessible...” What’s new in Svelte 3? With the introduction of hooks to React, many other frameworks also started to experiment with their own implementation of hooks. However, Svelte realized that ‘hooks’ was not the “direction they wanted to go in.” Explaining the reason behind not implementing hooks, Harris said, “Hooks have some intriguing properties, but they also involve some unnatural code and create unnecessary work for the garbage collector. For a framework that's used in as well as animation-heavy interactives, that's no good.” Because of these reasons, the team has reached the conclusion that Svelte does not require any API and has chosen to go with no API at all. “We can just use the language,” shared Harris. Not only just components, but the team has also given a completely new look and feel to Svelte in this release. They have also updated the logo, website, and also updated their tagline from 'The magical disappearing UI framework' to 'Cybernetically enhanced web apps'. To know more detail, check out the official announcement by Svelte. Applying Modern CSS to Create React App Projects [Tutorial] React Native development tools: Expo, React Native CLI, CocoaPods [Tutorial] React Native 0.59 is now out with React Hooks, updated JavaScriptCore, and more!

Earlier this month, Dirk Lewandowski, Professor of Information Research & Information Retrieval  at Hamburg University of Applied Sciences, Germany, published a proposal for building an index of the Web. His proposal aims to separate the infrastructure part of search engine from the services part. Search engines are our way to the web, which makes them an integral part of the Web’s infrastructure. While there are a significant number of search engines present in the market, there are only a few relevant search engines that have their own index, for example, Google, Bing, Yandex and Baidu. Other search engines that pull results from these search engines, for instance, Yahoo, cannot really be considered search engines in the true sense. The US search engine market is split between Google and Bing with roughly two thirds to one-third, respectively, In most European countries, Google covers the 90% of the market share. Highlighting the implications of Google’s dominance in the current search engine market, the report reads, “As this situation has been stable over at least the last few years, there have been discussions about how much power Google has over what users get to see from the Web, as well as about anti-competitive business practices, most notably in the context of the European Commission's competitive investigation into the search giant.” The proposal aims to bring plurality in the search engine market, not only in terms of the numbers of search engine providers but also in the number of search results users get to see when using search engines. The idea is to implement the “missing part of the Web’s infrastructure” called searchable index. The author proposes to separate the infrastructure part of the search engine from services part. This will allow multitude of services, whether existing as search engines or otherwise to be run on a shared infrastructure. The following figure shows how the public infrastructure crawls the web for indexing its content and provides an interface to the services that are built on top of the index. The indexing stage is split into basic indexing and advanced indexing. Basic indexing is responsible for providing the data in a form that services built on top of the index can easily and rapidly process the data. Though services are allowed to do their further indexing to prepare the documents, the open infrastructure also provides some advanced indexing. This provides additional information to the indexed documents, for example, semantic annotations. This advanced indexing requires an extensive infrastructure for data mining and processing. Services will be able to decide for themselves to what extent they want to rely on the pre-processing infrastructure provided by the Open Web Index. A common design principle can be adopted is allowing services a maximum of flexibility. Credits: arXiv Many users are supporting this idea. One Redditor said, “I have been wanting this for years...If you look at the original Yahoo Page when Yahoo first started out it attempted to solve this problem.I believe this index could be regionally or language based.” Some others do believe that implementing an open web index will come with its own challenges. “One of the challenges of creating a "web index" is first creating indexes of each website. "Crawling" to discover every page of a website, as well as all links to external sites, is labour-intensive and relatively inefficient. Part of that is because there is no 100% reliable way to know, before we begin accessing a website, each and every URL for each and every page of the site. There are inconsistent efforts such "site index" pages or the "sitemap" protocol (introduced by Google), but we cannot rely on all websites to create a comprehensive list of pages and to share it,” adds another Redditor. To read more in detail, check out the paper titled: The Web is missing an essential part of infrastructure: an Open Web Index. Tim Berners-Lee plans to decentralize the web with ‘Solid’, an open-source project for “personal empowerment through data” Google Cloud Next’19 day 1: open-source partnerships, hybrid-cloud platform, Cloud Run, and more Dark Web Phishing Kits: Cheap, plentiful and ready to trick you  

Mozilla is constantly putting its efforts in developing new tools that ease the life of a data scientist. In March this year, it introduced Iodide, an experimental tool to create interactive documents using web technologies. And, yesterday, it has come up with another experimental tool called Pyodide to create a full Python data science stack that runs entirely in the browser. Why Pyodide is introduced? JavaScript, the most popularly-used web language, does not offer a mature suite of data science library. It also lacks a number of features for numerical computing such as operator overloading. Mozilla aims to change this and bring data science-related tools to JavaScript. Additionally, it is also argued that Python’s limitation of not being able to run in the browser can prove to be a threat to the language itself. Mozilla in the blog wrote, “with so much user interaction happening on the web or on mobile devices, it needs to work there or be left behind.” What is Pyodide? Pyodide provides a full, standard Python interpreter, which runs entirely in the browser. It has full access to all the APIs that a browser provides. While it is closely related to the Iodide project, Pyodide can also be used standalone in any context you want to run Python inside a web browser. Here’s an example of what you can do with this tool. This example shows a 3D plot of the density of calls to the City of Oakland, California “311” local information service. Here the data loading and processing is performed in Python. The plotting is taken care off by WebGL, a JavaScript API for rendering 2D and 3D graphics within a compatible web browser. Source: Mozilla For creating Pyodide, the team has used the source code of the mainstream Python interpreter, CPython and the scientific computing packages such as NumPy. They did some small set of changes to make these tools work in the new environment. And, finally, the code was compiled to WebAssembly using Emscripten’s compiler. Pyodide enables you to fetch things over the network using the browser’s APIs and will come with support for threading in the near future. However, there is very less chance that it will ever support features such as low-level networking sockets because of the browser’s security sandbox. Some of the big legends in Python have appreciated this project: https://twitter.com/gvanrossum/status/1118733186253479936 https://twitter.com/pwang/status/1118753387967909888 To know more in detail, check out the official announcement by Mozilla. Mozilla and Google Chrome refuse to support Gab’s Dissenter extension for violating acceptable use policy Mozilla developers have built BugBug which uses machine learning to triage Firefox bugs Mozilla introduces Iodide, a tool for data scientists to create interactive documents using web technologies  

Last week, the community behind Apache Flink announced the release of Apache Flink 1.8.0. This release comes with the finalized state evolution support, lazy cleanup strategies for state TTL, improved pattern matching support in SQL, and more. Finalized state schema evolution support This release marks the completion of the community-driven effort to provide a schema evolution story for user state managed by Flink. The following changes are made to finalize the state schema evolution support: The list of data types that support state schema evolution is now extended to include POJOs (Plain Old Java Objects). All Flink built-in serializers are upgraded to use the new serialization compatibility abstractions. Implementing abstractions using custom state serializers is now easy for advanced users. Continuous cleanup of old state based on TTL In Apache Flink 1.6, TTL (time-to-live) was introduced for the keyed state. TTL enables cleanup and makes keyed state entries inaccessible after a given timeout. The state can also be cleaned when writing a savepoint or checkpoint. With this release, continuous cleanup of old entries is also allowed for both the RocksDB state backend and the heap backend. Improved pattern-matching support in SQL This release extends the MATCH_RECOGNIZE clause by adding two new updates: user-defined functions and aggregations. User-defined functions are added for custom logic during pattern detection and aggregations are added for complex CEP definitions. New KafkaDeserializationSchema for direct access to ConsumerRecord A new KafkaDeserializationSchema is introduced to give direct access to the Kafka ConsumerRecord. This will give users access to all data that Kafka provides for a record including the headers. Hadoop-specific distributions will not be released Starting from this release Hadoop-specific distributions will not be released. If a deployment relies on ‘flink-shaded-hadoop2’ being included in ‘flink-dist’, then it must be manually downloaded and copied into the /lib directory. Updates in the Maven modules of Table API Users who have a ‘flink-table’ dependency are required to update their dependencies to ‘flink-table-planner’. If you want to implement a pure table program in Scala or Java, add  ‘flink-table-api-scala’ or ‘flink-table-api-java’ respectively to your project. To know more in detail, check out the official announcement by Apache Flink. Apache Maven Javadoc Plugin version 3.1.0 released LLVM officially migrating to GitHub from Apache SVN Apache NetBeans IDE 10.0 released with support for JDK 11, JUnit 5 and more!

Last year in December, Mozilla announced its collaboration with Qualcomm to create an ARM64-native build of Firefox targeting Snapdragon-powered Windows 10 ‘Always On, Always Connected’ PCs. Yesterday, it shared that this Firefox build is now available in their Beta release channel. This release builds on top of Firefox Quantum, which is designed to efficiently work on multiple core processors. With this release, Mozilla aims to take this multi-paradigm one step further by making Firefox Quantum efficient for octa-core CPUs available from Qualcomm. To give users “a fast, personal, and convenient experience”, it takes advantage of Rust’s safe concurrency property to divide browsing tasks across the cores Qualcomm processors are being widely used in smartphones. At the Snapdragon Tech Summit 2018, the company shared that they are now moving into the PC space. They introduced the Always on, Always Connected PC category that aims to provide users smartphone-like features on a PC. These features include continuous connectivity and lightning-fast LTE speeds, multi-day battery life, location awareness, among others. Along with this, Qualcomm also announced that they are working with developers to bring a wide range of software applications that will be natively supported in these PCs and one of them was Firefox. Chuck Harmston, Mozilla's senior product manager for the Firefox Arm project, said, "One of the most compelling features of Windows laptops using Qualcomm's Snapdragon chipset is the battery life it enables, measured in days, rather than hours. We've been working hard to take advantage of that, offloading discrete tasks to small chips to use less power ... This was a big project that spanned the Firefox organization, touching almost every part of the browser." Developers are encouraged to try this latest Firefox beta release on their Snapdragon Windows 10 devices and submit bug and crash reports to Mozilla. To know more, check out the official announcement by Mozilla. Mozilla developers have built BugBug which uses machine learning to triage Firefox bugs Mozilla adds protection against fingerprinting and Cryptomining scripts in Firefox Nightly and Beta Mozilla is exploring ways to reduce notification permission prompt spam in Firefox  

Earlier this year, Gab, the “free speech” social network and a popular forum for far-right viewpoint holders and other fringe groups, launched a browser extension named Dissenter that creates an alternative comment section for any website. The plug-in is now removed from the extension stores of both Mozilla and Google, as the extension violates their acceptable use policy. This decision comes after Columbia Journalism Review reported about the extension to the tech giants. https://twitter.com/nausjcaa/status/1116409587446484994 The Dissenter plug-in, which goes by the tagline “the comment section of the internet”, allows users to discuss any topic in real-time without fearing that their posted comment will be removed by a moderator. The plug-in failed to pass the review process of Mozilla and is now disabled for Firefox users. But, the users who have already installed the plug-in can continue to use it. The Gab team took to Twitter complaining about Mozilla’s Acceptable Use Policy. https://twitter.com/getongab/status/1116036111296544768 When asked for more clarity on which policies Dissenter did not comply with, Mozilla said that they received abuse reports for this extension. It further added that the platform is being used for promoting violence, hate speech, and discrimination, but they failed to show any examples to add any credibility to their claims. https://twitter.com/getongab/status/1116088926559666181 The extension developers responded by saying that they do moderate any illegal conduct or posts happening on their platform as and when they are brought to their attention. “We do not display content containing words from a list of the most offensive racial epithets in the English language,” added the Gab developers. Soon after this, Google Chrome also removed the extension from Chrome Extension Store stating the same reason that the extension does not comply with their policies. After getting deplatformed, the Dissenter team has come to the conclusion that the best way forward is to create their own browser. They are thinking of forking Chromium or the privacy-focused web browser, Brave. “That’s it. We are going to fork Chromium and create a browser with Dissenter, ad blocking, and other privacy tools built in along with the guarantee of free speech that Silicon Valley does not provide.” https://twitter.com/getongab/status/1116308126461046784 Gab does not moderate views posted by its users until they are flagged for any violations and says it “treats its users as adults”. So, until people are complaining, the platform will not take any appropriate action against the threats and hate speech posted in the comments. Though it is known for its tolerance for fringe views and has drawn immense heat from the public, things took turn for the worse after the recent Christchurch shooting. A far-right extremist who shot dead 20+ Muslims and left 30 others injured in two Mosques in New Zealand, had shared his extremist manifesto on social media sites like Gab and 8chan. He had also live-streamed the shooting on Facebook, Youtube, and others. This is not the first time when Gab has been involved in a controversy. Back in October last year, PayPal banned Gab following the anti-Semitic mass shooting in Pittsburgh. It was reported that the shooter was an active poster on the Gab website and has hinted his intentions shortly before the attack. In the same month, hosting provider Joyent also suspended its services for Gab. The platform has also been warned by Stripe for the violations of their policies. Torba, the co-founder of Gab, said, “Payments companies like Paypal, Stripe, Square, Cash App, Coinbase, and Bitpay have all booted us off. Microsoft Azure, Joyent, GoDaddy, Apple, Google’s Android store, and other infrastructure providers, too, have denied us service, all because we refuse to censor user-generated content that is within the boundaries of the law.” Looking at this move by Mozilla, many users felt that this actually contradicts their goal of making the web free and open for all. https://twitter.com/VerGreeneyes/status/1116216415734960134 https://twitter.com/ChicalinaT/status/1116101257494761473 A Hacker News user added, “While Facebook, Reddit, Twitter and now Mozilla may think they're doing a good thing by blocking what they consider hateful speech, it's just helping these people double down on thinking they're in the right. We should not be afraid of ideas. Speech != violence. Violence is violence. With platforms banning more and more offensive content and increasing the label of what is bannable, we're seeing a huge split in our world. People who could once agree to disagree now don't even want to share the same space with one another. It's all call out culture and it's terrible.” Many people think that this step is nothing but a step towards mass-censorship. “I see it as an active endorsement of filter funneling comments sections online, given that despite the operators of Dissenter having tried to make efforts to comply with the terms of service Mozilla have imposed for being listed in their gallery, were given an unclear rationale as to how having "broken" these terms, and no clue as to what they were supposed to do to have avoided doing so,” adds a Reddit user. Mozilla has not revoked the add-on’s signature, so Dissenter can be distributed while guaranteeing that the add-on is safe and can be updated automatically. Manual installation of the extension from Dissenter.com/download is also possible. Mozilla developers have built BugBug which uses machine learning to triage Firefox bugs Mozilla adds protection against fingerprinting and Cryptomining scripts in Firefox Nightly and Beta Mozilla is exploring ways to reduce notification permission prompt spam in Firefox

Google Chrome will soon support something called LazyLoad, a feature that allows browsers to delay the loading of out-of-view images and iframes until the user scrolls near them, shared Scott Little, a Chromium developer yesterday. Why LazyLoad is introduced? Very often, web pages have images and other embedded content like ads placed below the fold and users don’t always end up scrolling all the way down. LazyLoad tries to take the advantage of this behavior to optimize the web browser by loading the important content much faster and hence reducing the network data and memory usage. LazyLoad waits to load images and iframes that are out of view until the user scrolls near them. It is up to the browser to decide exactly how “near”, but it should typically start loading the out-of-view content some distance before the content comes in view. Currently, there are few JavaScript libraries that can be used for lazy loading images or other kinds of content. But, natively supporting such feature in the browser itself will make it easier for websites to take advantage of lazy loading. Additionally, with this feature browsers will be able to automatically find and load content that are suitable for lazy loading. The LazyLoad solution will be supported on all platforms. Web pages just need to use loading="lazy" on the img and iframe elements. For Android Chrome users who have Data Saver turned on, elements with loading="auto" or unset will also be lazily loaded if Chrome finds them to be good candidates for lazy loading based on heuristics. If you set loading="eager" on the image or iframe element they will not be lazily loaded. To read more in detail about LazyLoad, check out its GitHub repository. Google’s Cloud Healthcare API is now available in beta Ian Goodfellow quits Google and joins Apple as a director of machine learning Google dissolves its Advanced Technology External Advisory Council in a week after repeat criticism on selection of members  

Yesterday, Microsoft released the first preview builds of its Chromium-powered Edge browser for Windows 10. This comes after Microsoft announced last year in December that it will be adopting the Chromium open source project in the development of Microsoft Edge for desktop. You can download these preview builds for testing from the Microsoft Edge Insider site. The new builds are available through three different Microsoft Edge Insider Channels: Beta, Canary, and Developer. Canary builds are the ones that will receive updates every night. Developer builds are much more stable than the Canary builds and will be updated weekly. Beta builds are the most stable ones as compared to the three and will receive updates every 6 weeks. Source: Microsoft Right now, Microsoft is only opening the Developer and Canary channels. Though the company was not so clear about the timeline in the announcement, it does promises that the Beta builds and support for Mac and all the other supported versions of Windows will come in the future. However, there is no mention of whether this new overhauled Microsoft Edge will support Linux. In these preview builds, the team has mostly focussed on the fundamentals. So, current users will not see an extensive range of features and language support. These new Chromium-based Microsoft Edge preview builds do look strikingly similar to Google Chrome. Among the similarities include subtle design finishes, a dark mode, and the ability to manage your sign-in profile. In this Chromium-based Edge implementation, Microsoft has removed or replaced about 50 services that are included in Chromium. Some of them are Google Now, Google Cloud Messaging, and Chrome-OS related services. More details regarding the updates will be shared during a BlinkOn 10 keynote today. These preview builds also bring support for an expanded selection of extensions. Users will no longer have to just choose from the limited set of extensions available on Microsoft’s store as extensions from other third-party stores like Chrome Web Store are also supported. Since this is based on Chromium, it also comes with support for Progressive Web Apps and supports the same developer tools as Chromium. Microsoft is working closely with the team at Google and hopes to work with the broader Chromium community going forward. Their latest contributions to the Chromium open source project includes in areas like accessibility, touch, ARM64, and others. In the future, it plans to introduce smooth scrolling, a reading view free of distractions, grammar tools, and Microsoft Translator integration. Users who have tested these preview builds are finding it unsurprisingly very similar to Chrome. One of the users are Reddit remarks, “To the surprise of no one, its basically chrome. Even my google account came in logged in automatically, same recent sites etc. I wonder if the roadmap will include things like dark mode, I never used the annotations feature so can't vouch much for it. I'm yet to try to make a MS Teams call but looking good so far.” The Verge, after testing the preview builds, shared that the Chromium-powered Edge is showing even better performance than Google Chrome. Many users are also saying that instead of joining hands with Google, Microsoft could have instead gone with Firefox to make the web fair and accessible. “I wish they've would have gone with Firefox's Quantum, in order to try and at least balance out web market shares. MSFT no longer has any leverage in the web, so trying to keep it fair and accessible (no browser monopolies) should be a priority for them (especially since they have quite a few web platforms like office 365),” adds a redditor. To read the official announcement, check out the Microsoft blog. Microsoft’s #MeToo reckoning: female employees speak out against workplace harassment and discrimination Microsoft, Adobe, and SAP share new details about the Open Data Initiative Microsoft reportedly ditching EdgeHTML for Chromium in the Windows 10 default browser

Last week, Bleeping Computer reported that the latest versions of Google Chrome, Safari, Opera, and Microsoft Edge will not allow users to disable hyperlink auditing that was possible in previous versions. What is hyperlink auditing? The Web Applications 1.0 specification introduced a new feature in HTML5 called hyperlink auditing for tracking clicks on the links. To track user clicks, the “a” and “area” elements support a “ping” attribute that takes one or more URIs as a value. For example: When you click on the hyperlink, the “href” link will be loaded as expected, but additionally, the browser will also send an HTTP POST request to the ping URL. The request headers can then be examined by the scripts that receive the ping POST request to find out where the ping came from. Which browsers have made hyperlink auditing compulsory? After finding this issue in Safari Technology Preview 72, Jeff Johnson, a professional Mac, and iOS software engineer reported this to Apple. Despite this, Apple released Safari 12.1 without any settings to disable hyperlink auditing. Prior to Safari 12.1, users were able to disable this feature with a hidden preference. Similar to Safari, in Google Chrome hyperlink auditing was enabled by default. Users could previously disable this by going to “chrome://flags#disable-hyperlink-auditing” and setting the flag to “Disabled”. But, in Chrome 74 Beta and Chrome 75 Canary builds, this flag has been completely removed. Microsoft Edge and Opera 61 Developer build also removes the option to disable/enable hyperlink auditing. Firefox and Brave, on the other hand, have disabled hyperlink auditing by default. In Firefox 66, Firefox Beta 67, and Firefox Nightly 68 users can enable it using the browser.send_pings setting, the Brave browser, however, does not allow users to enable it at all. How people are reacting to this development? The hyperlink auditing feature has received mixed reactions from developers and users. While some were concerned about its privacy implications, others think that this process makes the user experience more transparent. Sharing how this development can be misused, Chris Weber co-founder of Casaba Security wrote in a blog post,  “the URL could easily be appended with junk causing large HTTP requests to get sent to an inordinately large list of URIs. Information could be leaked in the usual sense of Referrer/Ping-From leaks.” One Reddit user said that this feature is privacy neutral as this kind of tracking can be done with JavaScript or non-JavaScript redirects. Sharing other advantages of the ping attribute, another user said, “The ping attribute for hyperlinks aims to make this process more transparent, with additional benefits such as optimizing network traffic to the target page loads more quickly, as well as an option to disable sending the pings for more user-friendly privacy.” Though this feature brings some advantages, the Web Hypertext Application Technology Working Group (WHATWG) encourages user agents to put control in the hands of the users by providing them a feature to disable this behavior. “User agents should allow the user to adjust this behavior, for example in conjunction with a setting that disables the sending of HTTP `Referer` (sic) headers. Based on the user's preferences, UAs may either ignore the ping attribute altogether or selectively ignore URLs in the list,” mentions WHATWG. To read the full story, visit Bleeping Computer. Google dissolves its Advanced Technology External Advisory Council in a week after repeat criticism on selection of members Microsoft’s #MeToo reckoning: female employees speak out against workplace harassment and discrimination Mozilla is exploring ways to reduce notification permission prompt spam in Firefox

Yesterday, Mozilla announced that it is launching two experiments to understand how they can reduce “permission prompt spam” in Firefox. Last year, it did add a feature in Firefox that allows users to completely block the permission prompts. It is now planning to come up with a new option for those who do not want to take such a drastic step. Permission prompts have become quite common nowadays. It allows websites to get user permission for accessing powerful features when needed. But, often it gets annoying for users when they are shown unsolicited, out-of-context permission prompts, for instance, the ones that ask for permission to send push notifications. Mozilla's telemetry data shows that notifications prompt is the most frequently shown permission prompt, with about 18 million prompts shown on Firefox Beta from Dec 25 2018 to Jan 24 2019. Out of these 18 million prompts, not even 3 percent were accepted by users. And 19 percent of the prompts caused users to immediately leave the site. Such a low acceptance of this feature led to the following two conclusions: One, that there are some websites that show the notification prompt without the intent of using it to enhance the user experience, or fail to express their intent in the prompt clearly. Second, there are websites that show the notification permission prompt for too early, without giving users enough time to decide if they want them. To get a better idea on how and when websites should ask for notification permissions, Mozilla is launching these two experiments: Experiment 1: Requiring user interaction for notification permission prompts in Nightly 68 The first experiment involves requiring a user gesture, like a click or a keystroke to trigger the code that requests permission. From April 1st to 29th, requests for permission to use Notifications will be temporarily denied unless they follow a click or keystroke. In the first two weeks, no user-facing notifications will be shown when the restriction is applied to a website. In the last two weeks of this experiment, an animated icon will be shown in the address bar when this restriction is applied. If the user clicks on the icon, they will be presented with the prompt at that time. Experiment 2: Collecting interaction and environment data around permission prompts from release users Mozilla believes that requiring user interaction is not the perfect solution to the permission spam problem. To come up with a better approach, it wants to get more insights about how Firefox users interact with permission prompts. So, they are planning to launch an experiment in Firefox Release 67 to gather information about the circumstances in which users interact with permission prompts. They will collect information about: Have they been on the site for a long time? Have they rejected a lot of permission prompts before? With this experiment, it aims to collect a set of possible heuristics for future permission prompt restrictions. To know more in detail, visit Mozilla’s official blog. Mozilla launches Firefox Lockbox, a password manager for Android Mozilla’s Firefox Send is now publicly available as an encrypted file sharing service Mozilla Firefox will soon support ‘letterboxing’, an anti-fingerprinting technique of the Tor Browser  

Yesterday, the Django team announced the release of Django 2.2. This release comes with classes for custom database constraints, Watchman compatibility for runserver, and more. It comes with support for Python 3.5, 3.6, and 3.7. As this version is a long-term support (LTS) release it will receive security and data loss updates for at least the next three years. Also, this release marks the end of the mainstream support for Django 2.1 and it will continue to receive security and data loss fixes until December 2019. Following are some of the updates Django 2.2 comes with: Classes for custom database constraints Two new classes are introduced to create custom database constraints: CheckConstraint and UniqueConstraint. You can add constraints to the models using the 'Meta.constraints' option. Watchman compatibility for runserver This release comes with Watchman compatibility for runserver replacing Pyinotify. Watchman is a service used to watch files and record when they change and also trigger actions when matching files change. Simple access to request headers Django 2.2 comes with HttpRequest.headers to allow simple access to a request’s headers. It provides a case insensitive, dict-like object for accessing all HTTP-prefixed headers from the request. Each header name is stylized with title-casing when it is displayed, for example, User-Agent. Deserialization using natural keys and forward references To perform deserialization you can now use natural keys containing forward references by passing ‘handle_forward_references=True’ to ‘serializers.deserialize()’. In addition to this, forward references are automatically handled by ‘loaddata’. Some backward incompatible changes and deprecations Starting from this release, admin actions are not collected from base ModelAdmin classes. Support is dropped for Geospatial Data Abstraction Library (GDAL) 1.9 and 1.10. Now, the team has made sqlparse a required dependency to simplify Django’s database handling. Permissions for proxy models are now created using the content type of the proxy model. With this release, model Meta.ordering will not affect GROUP By queries such as  .annotate().values(). Now, a deprecation warning will be shown with the advice to add an order_by() to retain the current query. To read the entire list of updates, visit Django’s official website. Django 2.2 alpha 1.0 is now out with constraints classes, and more! Django is revamping its governance model, plans to dissolve Django Core team Django 2.1.2 fixes major security flaw that reveals password hash to “view only” admin users

After launching the developer preview of accelerated mobile pages or AMP for email last year, Google announced its general availability yesterday. For utilizing AMP for email, you do not have to be restricted to Gmail as other major email providers including Yahoo Mail, Outlook.com, and Mail.Ru have also added support for AMP. What is AMP for email? AMP for email aims to take the simple text emails to the next level by making them interactive and engaging, which Google calls “dynamic emails”, like web pages without having the user to hit the browser. AMP for email promises that users will now be able to actually get things done within the email. For instance, users will be able to take actions like RSVP to an event, fill out a questionnaire, browse a catalog, or respond to a comment. AMP emails are designed to be compatible with the current email ecosystem using a new MIME part called “text/x-amp-html”. AMP for email supports many a subset of AMP markups, which includes carousels, forms, and lists. Also, if an email provider does not support AMP emails, it allows emails to fallback to HTML. How users and developers are reacting to this? Since the AMP initiative was first announced, it has faced criticism by many, so much so that there is a Twitter account named “GoogleAMPSucks”. Google AMP for email has also sparked a huge discussion on Hacker News. Many users think that this opens up an alternate channel for sending ads to users. One user commented, “Google is looking for alternative channels to sell ads through. Adding more complicated media to email increases the type of ads that can be sold. It won’t be right away, but it’s coming.” AMP for email provides senders new ways to revise the information in an email they have already sent. This will make emails mutable which is a concern for many users. Explaining how this feature can be misused, one of the users on Hacker News, said, “Sent an ad claiming that you had a given price for a full week, and then decided you didn't want to sell it for that anymore two days later? Handy that you can remove all evidence of your advertisement after you sent it.” Bron Gondwana, CEO of FastMail, also believes that the immutable behavior of emails is, in fact, its strength. He wrote in a blog post, “The email in your mailbox is your copy of what was said, and nobody else can change it or make it go away. The fact that the content of an email can’t be edited is one of the best things about POP3 and IMAP email standards. I admit it annoyed me when I first ran into it – why can’t you just fix up a message in place – but the immutability is the real strength of email. You can safely forget the detail of something that you read in an email, knowing that when you go back to look at it, the information will be exactly the same.” To read the official announcement, check out Google’s blog. European Union fined Google 1.49 billion euros for antitrust violations in online advertising Google announces Stadia, a cloud-based game streaming service, at GDC 2019 Google is planning to bring Node.js support to Fuchsia  

Yesterday, the team at Redox released Redox OS 0.5.0, a Unix like operating system written in Rust. The team has added important programs and libraries to this release. What’s new in Redox OS 0.50? Cairo This release comes with Cairo, a 2D graphics library that supports multiple output devices. It produces consistent output on all output media and takes advantage of display hardware acceleration when available. It is implemented as a library which is written in the C programming language, while the bindings are available for various programming languages. relibc Redox OS 0.50 features relibc, a portable POSIX C standard library which is written in Rust and supports Redox and Linux. It reduces the issues with newlib and further creates a safer alternative to a C standard library. It has been designed to be used under redox, as an alternative to newlib. Event system The event system has been redesigned for providing support for select and poll. This release comes with new packages added to the Cookbook as well as for memory mapping support implemented in it. Standard images This release comes with new images based on new bootloaders for coreboot and EFI. The team has worked towards providing libraries for EFI Rust development and for developing coreboot payloads in Rust. LLVM This release also features the LLVM Project which is a collection of modular and reusable compiler and toolchain technologies. The LLVM Core libraries come with a target-independent optimizer and a code generation support for popular CPUs.          GLib This version of Redox OS comes with GLib which is the low-level core library that forms the basis for projects such as GTK+ and GNOME.                   Pixman Redox OS 0.50 comes with Pixman that is a low-level software library for pixel manipulation that features image compositing and trapezoid rasterization. Orbital widget toolkit This release comes with Orbital Widget Toolkit which is a multi-platform GUI toolkit for building user interfaces with Rust. This toolkit is based on the entity component system pattern which provides a functional-reactive API. It provides fast performance and ease over cross-platform development. Few users are happy and excited about this release and are appreciating the Redox team. A user commented on HackerNews, “Congrats on getting another release out the door! I was beginning to fear that momentum was stalling in lieu of PopOS. Keep up the great work!” The developer of Redox OS shared that there are still security concerns in the kernel with regards to memory management. He commented, “There are a couple known security issues in the kernel regarding memory management. One is that memory is granted in pages, so buffers passed to a scheme are over-mapped for the process handling it. You have to be root to handle a scheme, so it was not a high severity issue.” He further added that there are concerns with the grants which can be dropped by owning process and highlighted that more kernel work is needed. He commented, “Another is that grants can be dropped by the owning process while in use by another process. This can lead to the re-allocation of said grants in the owning process, making memory accessible to the other users of the grant. More kernel work is needed to prevent schemes from leaking data in this manner.” To know more about this news in detail, check out Redox’s official announcement. Fedora 31 will now come with Mono 5 to offer open-source .NET support LLVM 8.0.0 releases! JUnit 5.4 released with an aggregate artifact for reducing your Maven and Gradle files