Linkbait 33 – QuirksBlog


Linkbait 33 – QuirksBlog

Linkbait 33




For the first time in years.




  • Useful for newbies: the Spellbook of Modern Web Dev. Gives a metric shitload of links to important topics, and goes decidedly light on build tools, frameworks, and so on. It’s almost as if this was written to teach people how to be actual web developers instead of framework-copy-paste peons. Lovely!
  • Yet another article about Chrome turning into IE6, this time on The Verge. The article was met by a predictable level of ennui; as someone wrote, any browser nowadays can be the new IE6.
    Still, the point is not that Chrome is technically behind other browsers (it isn’t, to put it mildly), but that it’s approaching Microsoft’s old dominance in the web sphere. And that is a problem; the web is best off when no browser is dominant. So we’ll have to go through a new cycle of dominance and challenge.
  • In other browser news, UC, the third-largest mobile browser, is moving from WebKit to Chromium. Chromium 57, to be exact. Why? My personal guess: CSS Grids, combined with a general feeling that WebKit isn’t cutting the cake any more.
    Not only does this make UC somewhat more predictable in terms of support, it also makes Apple the only browser vendor still to use WebKit.
    It’s unclear whether UC Mini, the proxy browser, will follow this move to Chromium. My guess is that it won’t in the next few years — changing a proxy browsing system is a lot more difficult than changing a full, installable browser — see also Opera Mini, which still uses Presto.
  • A report, with bubble graphs, about the state of JavaScript around the world, with an accompanying summary article. Well, it’s really about frameworks, although “No Framework” is also mentioned, and ends up at about 20%, I’d say from the graphs.
    Also gives breakdown for a number of countries, which is interesting data, although I’m uncertain whether we should attack any meaning to the fact that in France React use is higher than average, while Angular 2 use is lower than average.
    Does not mention jQuery. I dislike a State of JavaScript report not mentioning one of the most important libraries.
  • OK, so jQuery is a library, and not a framework. Yawn. Besides, this semantic trick could be deployed solely because Angular, React, etc. numbers wouldn’t look so great if they’re compared to jQuery. Or I’m wrong and jQuery is going down. In any case, we can’t tell because the data is missing.
    Remy discussed jQuery at length, and includes a graph that shows jQuery so far ahead of other libraries (not frameworks!) that it’s not funny any more.
    I’d love to see a comparison between the frameworks and the libraries. The split appears artificial to me if your goal is to show which ones are popular and which ones aren’t.
  • Another useful data-driven article about how web bloat affects people with slow connections. It does, the problems are huge, and here’s some data to back that up.
    Not than anyone will care. The solution entails cutting down drastically on frameworks and other tools, and web developers aren’t yet ready for that.
  • An XSS attack aimed at gathering credit card numbers and related data by simply reading out form fields. Very easy to do if you can get your malicious script in place.
    In this case, the malicious script was spread via npm. Create an innocent-sounding module, convince others to include it as a dependency, add the malicious code, make sure the code only operates at night, when the QA people are asleep, and bingo! XSS attack succeeded.
    Web developers should stop their mindless copying. It’ll lead to problems like this.
  • Permissions on the web suck. It’s often unclear why you should give a certain permission, the interface is atrocious, and in general web developers (or marketing people) just add asking for permissions for no good reason other than that push notifications are hip.
  • A while ago I wrote about styling and scripting sliders. Recently, Ana Tudor cranked the volume up to 11 with an excellent article that, among other things, goes into how inspectors show (or don’t show) sliders, and the problems that gives. Worth a read if you’re using sliders.
  • The Mozilla Security Blog gives a good overview of the consequences of Meltdown and Spectre for JavaScript. In practice, SharedArrayBuffer will be disabled, and the resolution of performance.now() will be drastically reduced.
    Still, my question remains how much this will actually affect your average JavaScript-heavy site. To me, it seems that there won’t be much of an effect since both items are fairly niche and not in use in most sites.
    I asked on Twitter, but nobody seemed to be sure. Nobody pushed back against my theory that the practical effect is close to zero, so that’s what I’m going to assume for now.
    On the other hand, Tab Atkins warns that more areas of web development could be used as high-res timers, though, and that we’re not out of the woods yet.
  • Google gives in on AMP URLs. Pretty soon, AMP pages will be served from the publishers’ URLs, and not from google.com/amp.
    This is a bigger deal than you might think: might have effect on Facebook as well. Publishers are forced to go through AMP and Facebook because their own sites are so very bad, and because Facebook is where the audience is. BUT if they did nothing, they’d lose their own branding and news would become commoditised. Thus they want to retain some aspect of their identity. Google is now giving them that. Will Facebook follow?
  • Speaking of Facebook, here’s a good article on Facebook’s flawed business model. For Facebook itself it might be good to move away from an ad-driven revenue stream, but the shareholders won’t accept it, so it won’t happen. (Did I mention that shareholders are the most serious problem we have on earth right now?). The article closes with the idea that Zuckerberg might ignore shareholders anyway. I’d like to see that before I believe it.
  • Six months ago I wrote about woman speakers and attendees at the conferences I co-organised in Amsterdam. Turns out that two months later Jeremy replied to and disagreed with one of my statements. I apologise; I saw this only yesterday.
    I said that I did not believe in having 50% woman speakers at conferences, since the audience does not consist of 50% women. I did this partly in order to get people to think, and I wasn’t sure what the best percentage should be.
    Jeremy disagrees; his argument is that a line-up should be at least partly aspirational: how many women (or other non-white non-men) do we want to have in the audience. That, according to him, is the crux of the matter.
    That is a solid argument that I am sensitive to, but it still doesn’t tell us how many women there should be. But that’s a very difficult question, and neither Jeremy nor I have a pre-cooked answer for you.
    The absolute minimum of women speakers for the conference I co-organise is 2 per day, or 25%. In practice, we’re usually somewhat above that number. Good enough? Not good enough? I don’t know, but so far I’m pretty happy with how it turned out.
  • Have anything for the next Linkbait? Let me know.
READ  Code Review Etiquette | CSS-Tricks










Source link