#symantec tls certificate distrust
Explore tagged Tumblr posts
Visit Tumblr Blog
Explore Tumblr blogs with no restrictions, modern design and the best experience.
Last Seen Tumblr Blogs
Fun Fact
There were a total of 171.5 billion posts on Tumblr in 2019.
Text
Navegadores populares recusarĆ£o certificados Symantec SSL / TLS no a partir de outubro
Navegadores populares recusarĆ£o certificados Symantec SSL / TLS no a partir deĀ outubro
Navegadores populares recusarĆ£o certificados Symantec SSL / TLS no a partir de outubro
Navegadores populares recusarĆ£o certificados Ć© um lembrete final de que os certificados TLS herdados emitidos pela Symantec, incluindo aqueles emitidos por autoridades como Thawte, Geotrust e RapidSSL, que usavam a Symantec como autoridade central, nĆ£o serĆ£o aceitos pelo Google ChromeĀ e peloĀ Mozilla Firefox aĀ Ā ā¦
View On WordPress
#ssl and tls certificates symantec#ssl and tls symantec#symantec ssl#symantec ssl tls#symantec ssl tls definition#symantec ssl/tls certificate#symantec ssl/tls certificates#symantec tls certificate distrust
0 notes
Text
New top story on Hacker News: Delaying Further Symantec TLS Certificate Distrust
Delaying Further Symantec TLS Certificate Distrust 101 by lainon | 47 comments from Blogger https://ift.tt/2pKX8dG
0 notes
Text
Delaying Further Symantec TLS Certificate Distrust
https://blog.mozilla.org/security/2018/10/10/delaying-further-symantec-tls-certificate-distrust/ Comments
0 notes
Text
Reminder: Popular Browsers To Distrust Symantec SSL/TLS Certificates Starting In October https://t.co/mGldm1LgZc
Reminder: Popular Browsers To Distrust Symantec SSL/TLS Certificates Starting In Octoberhttps://t.co/mGldm1LgZc
ā Wordfence (@wordfence) September 13, 2018
wordfence
0 notes
Text
Monthly Web Development Update 8/2018: The Cost Of JavaScript, Ethics In Open Source, And QUIC
Monthly Web Development Update 8/2018: The Cost Of JavaScript, Ethics In Open Source, And QUIC
Monthly Web Development Update 8/2018: The Cost Of JavaScript, Ethics In Open Source, And QUIC
Anselm Hannemann
2018-08-17T11:57:10+02:00 2018-08-17T10:16:34+00:00
Building technology and software has become a very responsible job. People trust the products we create, and they can have a significant impact on their lives, too. Considering this, we not only need to think about inclusive solutions, but also stand up and advocate for ethics, reliability, and security. Itās a position that gives us power.
Eric Meyer published an article elaborating the problems which an HTTPS-only web is bringing along. In it, he reveals that developing countries suffer a lot from this development as they often have bad internet connections and, due to the encryption, they now experience more website errors than before. Ben WerdmĆ¼ller jumped in and published the article āStop building for San Franciscoā in which he points out one of the biggest problems we have as developers: We use privileged hardware and infrastructure. We build experiences using the latest iPhones, Macbooks with Gigabit or fast 4G connections but never consider that most people weāre building for use devices and infrastructures that are far from being that well-equipped. Making the web more secure is a great idea, beyond question, but we should also keep in mind the consequences that the latest tech and our design decisions might have for others.
News
TypeScript 3.0 was released with a couple of convenient language features and fixes.
Implemented in Chrome since quite a while already, Client Hints are an amazing feature. To improve privacy, the functionality of Client Hints for responsive images changed with Chrome 67. Colin Bendell explains the differences and why Client Hints are so useful for performance.
Developers have been asking a lot about Safariās Intelligent Tracking Prevention (ITP) and how to debug websites with it enabled. Now the WebKit team shares the ITP Debug Mode which gives you a lot more flexibility and tools to track down issues.
Starting in October, most browsers will distrust Symantec TLS certificates entirely and, thus, block access to websites which still use them. Please update your certificate if you havenāt already.
The latest version of Chrome (68) brings a new ānot secureā notification when visiting HTTP pages. Be aware of this and upgrade your sites accordingly. Also new in Chrome 68 are the new Page Lifecycle API, a great new API for page events, as well as the Payment Handler API. HTTP cache is now ignored when requesting updates to a service worker, bringing Chrome in line with the spec and other browsers. Apart from that, the cursor values grab and grabbing are now unprefixed in the new version ā finally.
With so much happening on the web, what should we really pay attention to? At SmashingConf New York 2018
weāll explore everything from PWAs, font loading best practices, web performance and eCommerce UX optimization, to refactoring CSS, design workflows and convincing your clients. With Sarah Drasner, Dan Mall, Sara Soueidan, Jason Grigsby, and many other speakers. Oct 23ā24.
Check the speakersĀ ā
General
If youāre building for Open Source, you need to decide which license your project should use. Now thereās a new option, the Just World License. Itās for developers who āagree in general with the principles of open source software but are uncomfortable with their software being used as part of efforts to destroy lives, our environment and our futureā.
Deep-learning machines are a big topic these days, but some people are exploring even better algorithms that outperform deep-learning machines easily at video games.
Drew DeVaultās āSimple, correct, fast: in that orderā is a great reminder to set priorities straight in web and software development.
Jonathan Fulton wrote a handy resource called āThe basic architecture concepts I wish I knew when I was getting started as a web developerā, which is a great web architecture 101 and foundation for newcomers in our industry.
UI/UX
Ethics for Design is a project where twelve designers and researchers from eight European cities discuss the, sometimes harmful, impact of design on our societies and what designers can do to work for the good of all and not just a few.
Tooling
Prashant Palikhe wrote a long story about the art of debugging with Chromeās Developer Tools, which I can highly recommend as itās a very complete reference to get to know the developer tools of a browser. If you use another browser, thatās not a big problem as most tools are quite similar.
WebP is an image format with a couple of nice features and likely one of the best-known new formats besides the common JPEG/PNG ones. However, creating WebP images can still be a challenge, so Jeremy Wagner wrote a guide on how to convert images to WebP.
Douglas Creager introduces the new Network Error Logging which allows you to instruct user agents to collect the same set of information that would appear in your server logs.
Many of us are addicted to communication tools like Slack. The folks from Wildbit decided to shut down Slack for a week ā with a significant effect on how they work. An interesting case study about how we tend to get too comfortable with a useful tool and donāt use it as we should anymore. From time to time, itās important to reset our minds.
Dennis Reimann published the first stable version of UIEngine, a workbench for UI-driven development.
Security
A new Observer is around: The ReportingObserver API lets you know when your site uses a deprecated API or runs into a browser intervention. So far, itās available in Chrome 69. You could easily use this to send errors that previously were only available in the Console to your backend or error handling service.
Web Performance
Do you remember QUIC (Quick UDP Internet Connections)? The protocol engineered by Google that they use internally and that is shaping up quite well for larger use? While the IETF is currently standardizing the format towards the end of the year, Cloudflare engineers now share their experience from testing it.
A QUIC handshake only takes a single round-trip between client and server to complete, whereas TCP and TLS usually need two. (Image source)
HTML & SVG
When you have user-generated content, you often donāt know if you have just one element or a list of elements to output. At Colloq, we wanted to do semantics right and built a system that allows us to output a p tag when only one element is in the container, otherwise a ol/ul list with various list items.
Accessibility
Dave Rupert shares the A11Y Nutrition Cards, a project that attempts to digest and simplify the accessibility expectations when it comes to component authoring.
Skip links are quite common accessibility features. Hampus Sethfors now wrote an article on why many of the links are still broken and how to fix them properly.
JavaScript
One year after they introduced their Progressive Web App, Zack Argyle from the Pinterest engineering team takes a look back. Itās important to note why they decided to build a PWA: āOur mobile web experience for people in low-bandwidth environments and limited data plans was not goodā. But the results for them are amazing to see.
Philip Walton introduces the new Page Lifecycle API which helps us determine page states in the browser more easily via events, such as the page being in the background (not visible), active, frozen or even terminated.
Whoops, you all know eval() in JavaScript is bad, right? Thatās why we usually forbid its usage in Content Security Policies. But Remy Sharp reminds us that thereās a line of code which is equally bad for security.
Addy Osmani researched the cost of JavaScript in 2018 and now shares evidence that every byte of JavaScript is still the most expensive resource we can send to mobile phones because it can delay interactivity significantly. This is a problem especially for not so capable phones that are widely used outside the tech industry.
Hidde de Vries explains how we can make page titles accessible in JavaScript Single Page Application.
Whatās the real cost of JavaScript? One of the findings from Addy Osmaniās research: It takes a low-end 2018 phone 32 seconds longer than an iPhone 8 to process JavaScript for CNN.com. (Image source)
CSS
Max Bƶck explored a few CSS Grid techniques to build the layouts of tomorrow with relatively simple code.
Sara Soueidan explains how we can build inclusive toggle switches with modern HTML and CSS.
Jen Simmons shares common CSS Grid mistakes and how to solve them.
Ethan Marcotte explains the still relatively new fr-unit that we mostly use for CSS Grids.
Work & Life
Paris Marx wrote about why he thinks digital nomads are not the future. He argues that location independence is only possible because of communication infrastructures built with public funds and that itās not fair to abuse them.
This week I learned how useful it can be to think outside the box and how remote work and pursuing your hobby can help solve technical challenges.
Itās not the first time a company is testing a 4-day workweek. However, itās great to see how the concept can be established successfully and with benefits for both ā the employees and the work done.
Going Beyondā¦
Tobias van Schneider wrote about why the Sagmeister-Walsh studio is so successful by staying small and why dreaming big but staying small is so important for creative thinking.
Ben WerdmĆ¼ller shares his thoughts on how different it has become to start a business when youāre, for example, in San Francisco. This is a story where $117,000 are considered a ālow incomeā in San Francisco and how this limits ideas.
Jeremy Nagel makes us think about the impact of our open-source code: As developers we tend to believe that making our code freely available is an amazing move but we forget that we make it available to bad players as well ā to coal miners, to pollution-contributing companies, to those who use people to get rich while mistreating them, to those who rip you off indirectly. Itās not that you canāt do anything about it; you have to be aware of these issues and apply a better license or add a dedicated statement to your code.
India has a big plastic waste problem. Since a couple of months, a couple of fishers donāt ignore the plastic problem anymore but collect all the waste in their nets instead, and bring it back to the shore where itās used to build roads. A great idea of making use of trash efficiently.
(cm)
Monthly Web Development Update 8/2018: The Cost Of JavaScript, Ethics In Open Source, And QUIC syndicated from https://liedetectorsukt.wordpress.com/
0 notes
Text
Monthly Web Development Update 8/2018: The Cost Of JavaScript, Ethics In Open Source, And QUIC
Monthly Web Development Update 8/2018: The Cost Of JavaScript, Ethics In Open Source, And QUIC
Anselm Hannemann
2018-08-17T11:57:10+02:002018-08-17T10:16:34+00:00
Building technology and software has become a very responsible job. People trust the products we create, and they can have a significant impact on their lives, too. Considering this, we not only need to think about inclusive solutions, but also stand up and advocate for ethics, reliability, and security. Itās a position that gives us power.
Eric Meyer published an article elaborating the problems which an HTTPS-only web is bringing along. In it, he reveals that developing countries suffer a lot from this development as they often have bad internet connections and, due to the encryption, they now experience more website errors than before. Ben WerdmĆ¼ller jumped in and published the article āStop building for San Franciscoā in which he points out one of the biggest problems we have as developers: We use privileged hardware and infrastructure. We build experiences using the latest iPhones, Macbooks with Gigabit or fast 4G connections but never consider that most people weāre building for use devices and infrastructures that are far from being that well-equipped. Making the web more secure is a great idea, beyond question, but we should also keep in mind the consequences that the latest tech and our design decisions might have for others.
News
TypeScript 3.0 was released with a couple of convenient language features and fixes.
Implemented in Chrome since quite a while already, Client Hints are an amazing feature. To improve privacy, the functionality of Client Hints for responsive images changed with Chrome 67. Colin Bendell explains the differences and why Client Hints are so useful for performance.
Developers have been asking a lot about Safariās Intelligent Tracking Prevention (ITP) and how to debug websites with it enabled. Now the WebKit team shares the ITP Debug Mode which gives you a lot more flexibility and tools to track down issues.
Starting in October, most browsers will distrust Symantec TLS certificates entirely and, thus, block access to websites which still use them. Please update your certificate if you havenāt already.
The latest version of Chrome (68) brings a new ānot secureā notification when visiting HTTP pages. Be aware of this and upgrade your sites accordingly. Also new in Chrome 68 are the new Page Lifecycle API, a great new API for page events, as well as the Payment Handler API. HTTP cache is now ignored when requesting updates to a service worker, bringing Chrome in line with the spec and other browsers. Apart from that, the cursor values grab and grabbing are now unprefixed in the new version ā finally.
With so much happening on the web, what should we really pay attention to? At SmashingConf New York 2018 šŗšø weāll explore everything from PWAs, font loading best practices, web performance and eCommerce UX optimization, to refactoring CSS, design workflows and convincing your clients. With Sarah Drasner, Dan Mall, Sara Soueidan, Jason Grigsby, and many other speakers. Oct 23ā24.
Check the speakersĀ ā
General
If youāre building for Open Source, you need to decide which license your project should use. Now thereās a new option, the Just World License. Itās for developers who āagree in general with the principles of open source software but are uncomfortable with their software being used as part of efforts to destroy lives, our environment and our futureā.
Deep-learning machines are a big topic these days, but some people are exploring even better algorithms that outperform deep-learning machines easily at video games.
Drew DeVaultās āSimple, correct, fast: in that orderā is a great reminder to set priorities straight in web and software development.
Jonathan Fulton wrote a handy resource called āThe basic architecture concepts I wish I knew when I was getting started as a web developerā, which is a great web architecture 101 and foundation for newcomers in our industry.
UI/UX
Ethics for Design is a project where twelve designers and researchers from eight European cities discuss the, sometimes harmful, impact of design on our societies and what designers can do to work for the good of all and not just a few.
Tooling
Prashant Palikhe wrote a long story about the art of debugging with Chromeās Developer Tools, which I can highly recommend as itās a very complete reference to get to know the developer tools of a browser. If you use another browser, thatās not a big problem as most tools are quite similar.
WebP is an image format with a couple of nice features and likely one of the best-known new formats besides the common JPEG/PNG ones. However, creating WebP images can still be a challenge, so Jeremy Wagner wrote a guide on how to convert images to WebP.
Douglas Creager introduces the new Network Error Logging which allows you to instruct user agents to collect the same set of information that would appear in your server logs.
Many of us are addicted to communication tools like Slack. The folks from Wildbit decided to shut down Slack for a week ā with a significant effect on how they work. An interesting case study about how we tend to get too comfortable with a useful tool and donāt use it as we should anymore. From time to time, itās important to reset our minds.
Dennis Reimann published the first stable version of UIEngine, a workbench for UI-driven development.
Security
A new Observer is around: The ReportingObserver API lets you know when your site uses a deprecated API or runs into a browser intervention. So far, itās available in Chrome 69. You could easily use this to send errors that previously were only available in the Console to your backend or error handling service.
Web Performance
Do you remember QUIC (Quick UDP Internet Connections)? The protocol engineered by Google that they use internally and that is shaping up quite well for larger use? While the IETF is currently standardizing the format towards the end of the year, Cloudflare engineers now share their experience from testing it.
A QUIC handshake only takes a single round-trip between client and server to complete, whereas TCP and TLS usually need two. (Image source)
HTML & SVG
When you have user-generated content, you often donāt know if you have just one element or a list of elements to output. At Colloq, we wanted to do semantics right and built a system that allows us to output a p tag when only one element is in the container, otherwise a ol/ul list with various list items.
Accessibility
Dave Rupert shares the A11Y Nutrition Cards, a project that attempts to digest and simplify the accessibility expectations when it comes to component authoring.
Skip links are quite common accessibility features. Hampus Sethfors now wrote an article on why many of the links are still broken and how to fix them properly.
JavaScript
One year after they introduced their Progressive Web App, Zack Argyle from the Pinterest engineering team takes a look back. Itās important to note why they decided to build a PWA: āOur mobile web experience for people in low-bandwidth environments and limited data plans was not goodā. But the results for them are amazing to see.
Philip Walton introduces the new Page Lifecycle API which helps us determine page states in the browser more easily via events, such as the page being in the background (not visible), active, frozen or even terminated.
Whoops, you all know eval() in JavaScript is bad, right? Thatās why we usually forbid its usage in Content Security Policies. But Remy Sharp reminds us that thereās a line of code which is equally bad for security.
Addy Osmani researched the cost of JavaScript in 2018 and now shares evidence that every byte of JavaScript is still the most expensive resource we can send to mobile phones because it can delay interactivity significantly. This is a problem especially for not so capable phones that are widely used outside the tech industry.
Hidde de Vries explains how we can make page titles accessible in JavaScript Single Page Application.
Whatās the real cost of JavaScript? One of the findings from Addy Osmaniās research: It takes a low-end 2018 phone 32 seconds longer than an iPhone 8 to process JavaScript for CNN.com. (Image source)
CSS
Max Bƶck explored a few CSS Grid techniques to build the layouts of tomorrow with relatively simple code.
Sara Soueidan explains how we can build inclusive toggle switches with modern HTML and CSS.
Jen Simmons shares common CSS Grid mistakes and how to solve them.
Ethan Marcotte explains the still relatively new fr-unit that we mostly use for CSS Grids.
Work & Life
Paris Marx wrote about why he thinks digital nomads are not the future. He argues that location independence is only possible because of communication infrastructures built with public funds and that itās not fair to abuse them.
This week I learned how useful it can be to think outside the box and how remote work and pursuing your hobby can help solve technical challenges.
Itās not the first time a company is testing a 4-day workweek. However, itās great to see how the concept can be established successfully and with benefits for both ā the employees and the work done.
Going Beyondā¦
Tobias van Schneider wrote about why the Sagmeister-Walsh studio is so successful by staying small and why dreaming big but staying small is so important for creative thinking.
Ben WerdmĆ¼ller shares his thoughts on how different it has become to start a business when youāre, for example, in San Francisco. This is a story where $117,000 are considered a ālow incomeā in San Francisco and how this limits ideas.
Jeremy Nagel makes us think about the impact of our open-source code: As developers we tend to believe that making our code freely available is an amazing move but we forget that we make it available to bad players as well ā to coal miners, to pollution-contributing companies, to those who use people to get rich while mistreating them, to those who rip you off indirectly. Itās not that you canāt do anything about it; you have to be aware of these issues and apply a better license or add a dedicated statement to your code.
India has a big plastic waste problem. Since a couple of months, a couple of fishers donāt ignore the plastic problem anymore but collect all the waste in their nets instead, and bring it back to the shore where itās used to build roads. A great idea of making use of trash efficiently.
(cm)
0 notes
Text
Monthly Web Development Update 8/2018: The Cost Of JavaScript, Ethics In Open Source, And QUIC
Monthly Web Development Update 8/2018: The Cost Of JavaScript, Ethics In Open Source, And QUIC
Anselm Hannemann
2018-08-17T11:57:10+02:00 2018-08-17T10:16:34+00:00
Building technology and software has become a very responsible job. People trust the products we create, and they can have a significant impact on their lives, too. Considering this, we not only need to think about inclusive solutions, but also stand up and advocate for ethics, reliability, and security. Itās a position that gives us power.
Eric Meyer published an article elaborating the problems which an HTTPS-only web is bringing along. In it, he reveals that developing countries suffer a lot from this development as they often have bad internet connections and, due to the encryption, they now experience more website errors than before. Ben WerdmĆ¼ller jumped in and published the article āStop building for San Franciscoā in which he points out one of the biggest problems we have as developers: We use privileged hardware and infrastructure. We build experiences using the latest iPhones, Macbooks with Gigabit or fast 4G connections but never consider that most people weāre building for use devices and infrastructures that are far from being that well-equipped. Making the web more secure is a great idea, beyond question, but we should also keep in mind the consequences that the latest tech and our design decisions might have for others.
News
TypeScript 3.0 was released with a couple of convenient language features and fixes.
Implemented in Chrome since quite a while already, Client Hints are an amazing feature. To improve privacy, the functionality of Client Hints for responsive images changed with Chrome 67. Colin Bendell explains the differences and why Client Hints are so useful for performance.
Developers have been asking a lot about Safariās Intelligent Tracking Prevention (ITP) and how to debug websites with it enabled. Now the WebKit team shares the ITP Debug Mode which gives you a lot more flexibility and tools to track down issues.
Starting in October, most browsers will distrust Symantec TLS certificates entirely and, thus, block access to websites which still use them. Please update your certificate if you havenāt already.
The latest version of Chrome (68) brings a new ānot secureā notification when visiting HTTP pages. Be aware of this and upgrade your sites accordingly. Also new in Chrome 68 are the new Page Lifecycle API, a great new API for page events, as well as the Payment Handler API. HTTP cache is now ignored when requesting updates to a service worker, bringing Chrome in line with the spec and other browsers. Apart from that, the cursor values grab and grabbing are now unprefixed in the new version ā finally.
With so much happening on the web, what should we really pay attention to? At SmashingConf New York 2018 šŗšø weāll explore everything from PWAs, font loading best practices, web performance and eCommerce UX optimization, to refactoring CSS, design workflows and convincing your clients. With Sarah Drasner, Dan Mall, Sara Soueidan, Jason Grigsby, and many other speakers. Oct 23ā24.
Check the speakersĀ ā
General
If youāre building for Open Source, you need to decide which license your project should use. Now thereās a new option, the Just World License. Itās for developers who āagree in general with the principles of open source software but are uncomfortable with their software being used as part of efforts to destroy lives, our environment and our futureā.
Deep-learning machines are a big topic these days, but some people are exploring even better algorithms that outperform deep-learning machines easily at video games.
Drew DeVaultās āSimple, correct, fast: in that orderā is a great reminder to set priorities straight in web and software development.
Jonathan Fulton wrote a handy resource called āThe basic architecture concepts I wish I knew when I was getting started as a web developerā, which is a great web architecture 101 and foundation for newcomers in our industry.
UI/UX
Ethics for Design is a project where twelve designers and researchers from eight European cities discuss the, sometimes harmful, impact of design on our societies and what designers can do to work for the good of all and not just a few.
Tooling
Prashant Palikhe wrote a long story about the art of debugging with Chromeās Developer Tools, which I can highly recommend as itās a very complete reference to get to know the developer tools of a browser. If you use another browser, thatās not a big problem as most tools are quite similar.
WebP is an image format with a couple of nice features and likely one of the best-known new formats besides the common JPEG/PNG ones. However, creating WebP images can still be a challenge, so Jeremy Wagner wrote a guide on how to convert images to WebP.
Douglas Creager introduces the new Network Error Logging which allows you to instruct user agents to collect the same set of information that would appear in your server logs.
Many of us are addicted to communication tools like Slack. The folks from Wildbit decided to shut down Slack for a week ā with a significant effect on how they work. An interesting case study about how we tend to get too comfortable with a useful tool and donāt use it as we should anymore. From time to time, itās important to reset our minds.
Dennis Reimann published the first stable version of UIEngine, a workbench for UI-driven development.
Security
A new Observer is around: The ReportingObserver API lets you know when your site uses a deprecated API or runs into a browser intervention. So far, itās available in Chrome 69. You could easily use this to send errors that previously were only available in the Console to your backend or error handling service.
Web Performance
Do you remember QUIC (Quick UDP Internet Connections)? The protocol engineered by Google that they use internally and that is shaping up quite well for larger use? While the IETF is currently standardizing the format towards the end of the year, Cloudflare engineers now share their experience from testing it.
A QUIC handshake only takes a single round-trip between client and server to complete, whereas TCP and TLS usually need two. (Image source)
HTML & SVG
When you have user-generated content, you often donāt know if you have just one element or a list of elements to output. At Colloq, we wanted to do semantics right and built a system that allows us to output a p tag when only one element is in the container, otherwise a ol/ul list with various list items.
Accessibility
Dave Rupert shares the A11Y Nutrition Cards, a project that attempts to digest and simplify the accessibility expectations when it comes to component authoring.
Skip links are quite common accessibility features. Hampus Sethfors now wrote an article on why many of the links are still broken and how to fix them properly.
JavaScript
One year after they introduced their Progressive Web App, Zack Argyle from the Pinterest engineering team takes a look back. Itās important to note why they decided to build a PWA: āOur mobile web experience for people in low-bandwidth environments and limited data plans was not goodā. But the results for them are amazing to see.
Philip Walton introduces the new Page Lifecycle API which helps us determine page states in the browser more easily via events, such as the page being in the background (not visible), active, frozen or even terminated.
Whoops, you all know eval() in JavaScript is bad, right? Thatās why we usually forbid its usage in Content Security Policies. But Remy Sharp reminds us that thereās a line of code which is equally bad for security.
Addy Osmani researched the cost of JavaScript in 2018 and now shares evidence that every byte of JavaScript is still the most expensive resource we can send to mobile phones because it can delay interactivity significantly. This is a problem especially for not so capable phones that are widely used outside the tech industry.
Hidde de Vries explains how we can make page titles accessible in JavaScript Single Page Application.
Whatās the real cost of JavaScript? One of the findings from Addy Osmaniās research: It takes a low-end 2018 phone 32 seconds longer than an iPhone 8 to process JavaScript for CNN.com. (Image source)
CSS
Max Bƶck explored a few CSS Grid techniques to build the layouts of tomorrow with relatively simple code.
Sara Soueidan explains how we can build inclusive toggle switches with modern HTML and CSS.
Jen Simmons shares common CSS Grid mistakes and how to solve them.
Ethan Marcotte explains the still relatively new fr-unit that we mostly use for CSS Grids.
Work & Life
Paris Marx wrote about why he thinks digital nomads are not the future. He argues that location independence is only possible because of communication infrastructures built with public funds and that itās not fair to abuse them.
This week I learned how useful it can be to think outside the box and how remote work and pursuing your hobby can help solve technical challenges.
Itās not the first time a company is testing a 4-day workweek. However, itās great to see how the concept can be established successfully and with benefits for both ā the employees and the work done.
Going Beyondā¦
Tobias van Schneider wrote about why the Sagmeister-Walsh studio is so successful by staying small and why dreaming big but staying small is so important for creative thinking.
Ben WerdmĆ¼ller shares his thoughts on how different it has become to start a business when youāre, for example, in San Francisco. This is a story where $117,000 are considered a ālow incomeā in San Francisco and how this limits ideas.
Jeremy Nagel makes us think about the impact of our open-source code: As developers we tend to believe that making our code freely available is an amazing move but we forget that we make it available to bad players as well ā to coal miners, to pollution-contributing companies, to those who use people to get rich while mistreating them, to those who rip you off indirectly. Itās not that you canāt do anything about it; you have to be aware of these issues and apply a better license or add a dedicated statement to your code.
India has a big plastic waste problem. Since a couple of months, a couple of fishers donāt ignore the plastic problem anymore but collect all the waste in their nets instead, and bring it back to the shore where itās used to build roads. A great idea of making use of trash efficiently.
(cm)
0 notes
Text
ä»å¹“åę Firefox å°å®å
Øäøäæ”ä»» Symantec ē°½åŗē SSL Certificate
ä»å¹“åę Firefox å°å®å
Øäøäæ”ä»» Symantec ē°½åŗē SSLĀ Certificate
Mozilla ęäøēē¢å (å
ę¬ Firefox) å°åØä»å¹“åęå° Symantec ē°½åŗē SSL Certificate ēµę¢äæ”ä»»ļ¼ćDistrust of Symantec TLS Certificatesćć Mozilla ęęē¼ēēäŗę
é½ę“ēåŗä¾ļ¼ćCA:Symantec Issuesćļ¼å¦å¤ Firefox ēåä½åęäøåéꮵļ¼ē®å stable ęÆ 58ļ¼ä½ nightly ęÆ 60 äŗļ¼ January 2018 (Firefox 58): Notices in the Browser Console warn about Symantec certificates issued before 2016-06-01, to encourage site owners to replace their TLS certificates. May 2018ā¦
View On WordPress
0 notes
Text
23,000 HTTPS certificates axed after CEO emails private keys
Enlarge (credit: unrequited life)
A major dust-up on an Internet discussion forum is touching off troubling questions about the security of some browser-trusted HTTPS certificates when it revealed the CEO of a certificate reseller emailed a partner the sensitive private keys for 23,000 TLS certificates.
The email was sent on Tuesday by the CEO of Trustico, a UK-based reseller of TLS certificates issued by the browser-trusted certificate authorities Comodo and, until recently, Symantec. It was sent to Jeremy Rowley, an executive vice president at DigiCert, a certificate authority that acquired Symantec's certificate issuance business after Symantec was caught flouting binding industry rules, prompting Google to distrust Symantec certificates in its Chrome browser. In communications earlier this month, Trustico notified DigiCert that 50,000 Symantec-issued certificates Trustico had resold should be mass revoked because of security concerns.
Shockingly cavalier
When Rowley asked for proof the certificates were compromised, the Trustico CEO emailed the private keys of 23,000 certificates, according to an account posted to a Mozilla security policy forum. The report produced a collective gasp among many security practitioners who said it demonstrated a shockingly cavalier treatment of the digital certificates that form one of the most basic foundations of website security.
Read 7 remaining paragraphs | Comments
23,000 HTTPS certificates axed after CEO emails private keys published first on https://medium.com/@CPUCHamp
0 notes
Photo
Mozilla delays distrust of Symantec TLS certificates, Google doesn't: While the plans set out by Google and Mozilla to distrust Symantec TLS certificates have been in place since July 2017, Symantec's CA was first sanctioned by Google for issuing improper certificates in 2015. via Pocket https://ift.tt/2NDO7MY
0 notes
Photo
New top story on Hacker News: Delaying Further Symantec TLS Certificate Distrust https://ift.tt/2CC6ilb
0 notes
Text
New top story on Hacker News: Delaying Further Symantec TLS Certificate Distrust
Delaying Further Symantec TLS Certificate Distrust 101 by lainon | 47 comments from Blogger https://ift.tt/2pKX8dG
0 notes
Text
Distrust of Symantec TLS Certificates
https://blog.mozilla.org/security/2018/03/12/distrust-symantec-tls-certificates/ Comments
0 notes
Photo
New top story on Hacker News: Delaying Further Symantec TLS Certificate Distrust https://ift.tt/2CcBCWu
0 notes
Link
Due to a long list of documented issues, Mozilla previously announced our intent to distrust TLS certificates issued by the Symantec Certification Authority, which is ... https://ift.tt/2OO39V1
0 notes
Link
A Certification Authority (CA) is an organization that browser vendors (like Mozilla) trust to issue certificates to websites. Last year, Mozilla published and discussed a ... Powered by AutoBlogger.co
0 notes