Why? Fingerprinting. Rather than these APIs being used for what they are meant for, they end up being used for gross ad tech. As in, “hey, we don’t know exactly who you are, but wait, through a script we can tell your phone stopped being idle from 8:00 am to 8:13 am and were near the Bluetooth device JBL BATHROOM, so it’s probably dad taking his morning poop! Let’s show him some ads for nicer speakers and flannel shirts ASAP.”… Read article “Apple declined to implement 16 Web APIs in Safari due to privacy concerns”
HTTPS is Easy!
I’ve been guilty of publicly bemoaning the complexity of HTTPS. In the past, I’ve purchased SSL certificates from third-party vendors and had trouble installing them. I’ve had certificates expire and had to scramble to fix them. I’ve had to poke and prod hosting companies to help me ensure things were going to renew correctly, and left unsatisfied.
But I’d say in the last few years, this has really chilled out. CSS-Tricks went HTTPS around five years ago, so we’re well … Read article “HTTPS is Easy!”
“Link In Bio” is a slow knife
Chris Coyier
If Instagram users could post links willy-nilly, they might even be able to connect directly to their users, getting their email addresses or finding other ways to communicate with them. Links represent a threat to closed systems.
On CodePen, we have a TextExpander snippet we use for every single Instagram post we schedule through Buffer and it expands to this:
… Read article ““Link In Bio” is a slow knife”Looking for the code? It’s open-source on CodePen, follow the link 🔗 in our profile and find
Detecting Inactive Users
Most of the time you don’t really care about whether a user is actively engaged or temporarily inactive on your application. Inactive, meaning, perhaps they got up to get a drink of water, or more likely, changed tabs to do something else for a bit. There are situations, though, when tracking the user activity and detecting inactive-ness might be handy.
Let’s think about few examples when you just might need that functionality:
- tracking article reading time
- auto saving form or
Weekly Platform News: Upgrading Navigations to HTTPS, Sale of .org Domains, New Browser Engine
In this week’s roundup: DuckDuckGo gets smarter encryption, a fight over the sale of dot org domains, and a new browser engine is in the works.
Let’s get into the news!… Read article “Weekly Platform News: Upgrading Navigations to HTTPS, Sale of .org Domains, New Browser Engine”
CSS Security Vulnerabilities
Don’t read that headline and get worried. I don’t think CSS is a particularly dangerous security concern and, for the most part, I don’t think you need to worry about it.
But every once in a while, articles tend to circulate and get some attention as to the possibilities of what CSS can do that might surprise or worry you.
Here’s a little roundup.… Read article “CSS Security Vulnerabilities”
Firefox blocks third-party tracking cookies and cryptominers
Robin Rendle
This is super interesting stuff from Mozilla: the most recent update of Firefox will now block cryptominers and third-party tracking scripts by default.… Read article “Firefox blocks third-party tracking cookies and cryptominers”
What I Like About Vue
Robin Rendle
Dave Rupert digs into some of his favorite Vue features and one particular issue that he has with React:
… Read article “What I Like About Vue”I’ve come to realize one thing I don’t particularly like about React is jumping into a file, reading the top for the state, jumping to the bottom to find the render function, then following the method calls up to a series other sub-rendering functions only to find the component I’m looking for is in another castle. That cognitive load is taxing
Zoom, CORS, and the Web
It’s sorta sad by funny that that big Zoom vulnerability thing was ultimately related to web technology and not really the app itself.
There is this idea of custom protocols or “URL schemes.” So, like gittower:// or dropbox:// or whatever. A native app can register them, then URLs that hit them get passed to the native app. iOS has “universal links” which are coming to the web apparently. (Atishay Jain has an excellent write-up on them.) But … Read article “Zoom, CORS, and the Web”
Weekly Platform News: Favicon Guidelines, Accessibility Testing, Web Almanac
In this week's news, Google defines guidelines for favicons, a new a11y testing tool from The Paciello Group, and changes to how the W3C plans to engage the community, plus more.
