The most undervalued, misunderstood job in software is security. If the security team is doing their job right, then the only visible effect is that they'll make features slower to develop, slower to run, more expensive, and sometimes so prohibitively difficult that you have to scrap parts of the feature. If that's the case, then your security team deserves a raise for how much hard work they're doing. When it comes to security, anything noticeable happening is VERY BAD.

Catching Up

What a fucking blessing it is, to pick right back up as a prisoner in this nightmarish situation.

Florus has never felt safe at Heartwood. He knows why, has always known why, and can’t do anything about it except exist in perpetual, mind-numbing fear. What happens the moment he’s not useful? Or when someone semi-responsible isn’t looking? This company is a gang of wild brutes and this house, a cage filled with righteous resentment. Here, violent problems are solved through violent means, and it’s not normal.

Alone in a corridor between rooms, Florus braces his shoulder against the wall and slowly slides to the ground.

So much has changed in the moon that he’s been out, and he’s expected to simply catch up because isn’t that why Heartwood bothered to resurrect him anyway? So he can help another? And separate to that are countless personal dilemmas he can no longer ignore; that while he didn’t plan on dying, he also didn’t plan on surviving. He just sort of...waffled and waited, unable to accept his fate but also unable to do anything to prevent it. It had been hopeless, after all.

But against all odds, a ‘savage’ has apparently accomplished the impossible. Florus isn’t entirely grateful. Sure, he’s alive, but how does he know that Aislinn didn’t tweak his personality? Implant corrections to make him more palatable? Do exactly the same thing he did to others for years? Because fundamentally, the procedure must separate his soul from another. One wrong move and he’s irrevocably changed. 

There’s a reason he resisted being its first test subject. 

Fuck, all he can do is double check her work and pray, but there’s no time for even that right now. Not when everyone is gearing up to fight and expect him, ‘the Garlean,’ to pick up the slack immediately. There’s too much to unpack here, and the weight of it all is unbearable.

Burning in the background of all this bullshit are the A11Ys. It hurts to see that they’ve grown so much during his absence (Is he the problem? ...He knows the answer to that), and it hurts doubly so to think about what happened to Zephyr. The patch should’ve only run after his death signal went through, so what happened? How did the robot end up downloading it anyway? Florus clutches his forehead and applies pressure, fully aware that he set the stage to this mess. He just wanted to ensure that they’d be able to carry on should the worst come to worst, and. Well, great. Good intentions do fuck all.

A pang of guilt shoots through him. The fact he cares about the A11Ys despite what he’s recently decided on...how painfully hypocritical. Florus grabs the sides of his head, hands pressed flat against his ears as he clamps tightly around himself. A storm of internal conflicts thunder through his mind, spurred on by relentless nightmares of the past and present. He has weathered a thousand cycles in a thousand dreams, of waiting and torment and non-choices, and the scope of it all pushes him to the brink.

An eerie presence interrupts Florus from driving himself insane. He lifts his head and cautiously looks over his shoulder, gaze peeking out through bangs that really ought to be pinned back. In the distance is a smiling viera that he’s never seen before, and yet there’s something oddly familiar about them. Instinct tells Florus to run, but dread grounds him to where he stands. 

Because where could he go anyway? Home?

The viera approaches Florus and, with infinite confidence, rests a hand on the Garlean’s shoulder. He immediately tries to shake them off but the stranger holds on regardless.

“Ah, the honorable Ser Celsus! You’re finally awake!” The viera raises their other hand and pats Florus on the cheek. “Did you know that while you snoozed away without a care in the world, poor Aislinn had to work overtime? How very selfish of you to take a nap.”

Every muscle in Florus’s body is tense to the point of snapping. He doesn’t want to be seen, or touched, or honestly spoken to right now...not by a friend, and even more so by a stranger. An alarm silently screams at him to get away despite the viera’s cordial smile and neat appearance because there’s something predatory about them. He wants (needs) to be alone. Now.

Please.

Florus lets out a nervous laugh and tries again to shake the viera off. Something is mumbled, but he can’t remember what. Everything feels distant. Instead of reading the mood and letting go, the stranger doubles down. Nails bite into Florus’s shoulder.

“Stop trying to run! I -- ahem, Heartwood needs you to help out. We’re on the same side after all, little marmot.” The viera grins wider while Florus feels his heart careen into freefall.

Marmot? Where has he heard...? Who has called him that before, and when?

He’s juggling too many topics and emotions at once, and as a result, they all come crashing down to the ground. When the viera turns him around and pushes him towards the lab, he complies. When the viera settles him into a chair, he complies.

When there is work to be done, it has always been like this. He doesn’t want to do it. There is no choice. He complies, again. 

And again. 

And...

Prompt #18: Devil’s Advocate

The talk with Florus could have gone better. And I didn’t mean the fact that we were interfacing through a drone. A cute, fluffy, bird drone. I don’t know what I was expecting (aside from the obvious). For him to have a measurably wider perspective, maybe, seeing as how he isn’t one of those pure blooded Garleans who tend to have their heads up their asses. I really should get used to disappointment. He’s a typical architectus. Smug, riding high atop a bloated sense of overconfidence and superiority. 

I had taken the drone and locked myself in Heartwood’s deserted library once again. In all honesty, it may as well be my library for as much as anyone else wanders back into this annex. Which turned out to be the right move because it didn’t take Florus long to call me out for what I am. Because that pet drone had a scanner. 

After the cursory exchange of insults he went on to outline the specifications that made A11Y a superior tool to my model like he was a godsdamn marketing flyer and I was an investor. This is what happens when Spoken don’t get validation as children. In the course of the conversation (and I’m being generous calling it that) he used A11Y’s designation a total of two times. Otherwise it was his machine, his creation, his vision. Because that’s all we are to them. High-tech tools, but tools nonetheless. Inferior to our creators who, in turn, like to think of themselves as the pinnacle of creation.

I wasn’t annoyed at all. Not one bit. 

Ms. North attempted to explain it to me once. Most would assume that because something tends to look like them, its ultimate goal would be to be like them. There would be people that wouldn’t understand the fact that I wanted to be nothing like them. 

I told her that was the dumbest thing I’d ever heard. 

I had to run back my audio feed to replay the last question Florus had asked, I had been so busy overcoming that spike of non-annoyance. 

“What are your thoughts on these savages?"

"Are you asking an inferior machine its opinion. Or are you mining for data?" Not that I didn't know the answer.

"You know why I'm asking. Root cause analysis. Trace an exception to the source, understand the problem. And even if you're inferior, it's fun to tease out the weird loops AIs get into when it comes to reasoning. Like, you're clearly not hostile against these savages, but you'd also know they'd toss you out the moment the truth gets out. So why stay?"

See the logical leap he made there? And yet he’s claiming I’m the one with the weird, looping reasoning. 

I told him I didn’t require his analysis. And while he went on, I began making friends with his pet drone. It was a completely reasonable and serviceable bot. Such an angry little man but somehow none of that asinine vitriol shows up in his work. A6Y had been easy to talk to. The personality of a child but it wasn’t an unpleasant way for both of us to pass the time while we sat in our labs in the Capital. 

I had been designed to interface with most of the Empire’s security systems. To be an interactive component. The drone was close enough to that tech to not notice when I slipped in along the security functions. I observed it was sending some hefty packets Florus’ way. Wherever that was. The routing encryption was still undecipherable to me. These packets were way more than simple audio and image. When I pointed out that I could compress those packets more efficiently and with less resource strain, the drone was only too happy to pass them on to me, assuming I would then send them on to Florus. Because that’s what I told it I would do. This was a lie. 

Sifting through a series of the packets was enough to tell me Florus was collecting an array of sensitive data on Heartwood members. Combat data, bio data, audio and image logs. I let the drone know compression was a breeze and keep sending the big packets my way. Audio and image didn’t need to be routed to me. They could go straight on to Florus. It happily agreed. 

Screw Florus and his data mining. He’d notice eventually that large packets were missing but he’s lucky all I did was scoop the data. 

Angry at my refusal to share my thoughts about these Eorzeans (because architectus really hate it when a machine tells them ‘no’) he jumped right to threatening me. 

"Humor me. Humor me, or I'll tell the rabbit about you. She seems the type to carve a heart out to find out why it beats. Or maybe the cat? She'd be content breaking anything Garlean into bits given the chance."

This conversation really was going nowhere. I shouldn’t have expected more. I was 92% sure it was an empty threat and not at all conducive to the man’s long term interests. But that 8% fluctuation caused a momentary drop in performance reliability. It was imperative he didn’t perceive that. 

"All that time spent in Garlemald. You should know better than to make bullshit threats, let alone through a second rate drone."

“You sound scared. I'm serious, you keep up this wise guy act, and I don't have a single reason to keep my mouth shut about your little secret. Smash my drone? Compromise it? Not like that's literally me. You're optional in this truce Heartwood and I've got going on."

"I'm going to let you get back to sleep. It’s surely more productive than this bell has been.”

I had read my contract. And I signed it like everyone else on the roster. Leadership knows what I am. Sure, maybe because of technicality, but the fact remains. Attacks with intent to do serious harm against fellow members are prohibited. Which isn’t to say Spoken aren’t in a habit of going back on their word or ignoring the rules but only that there is somewhat of a barrier in place to discourage such behavior. I’m pretty sure carving out my heart or smashing me to bits falls under such a clause. And if I was a Spoken like them I’d be 100% certain of that.

(with @nutley-rp​ )

#1yrago DRM in web standards creates new barriers to accessibility

The World Wide Web Consortium is pressing ahead with its project to standardize a DRM system for the web, without taking any legal steps to protect people whose legitimate activities would be impaired by the DRM system.

DRM systems are protected by a global set of laws that ban tampering with copyright-controls, even when you're engaged in otherwise legal activities. This notoriously interferes with security research (researchers who disclose defects in systems with DRM face legal threats, lawsuits and even jail time, leaving the users at risk of being attacked as these defects fester).

But an equally important activity that DRM interferes with is accessibility adaptation, which, despite being protected in many countries' copyright laws, turns into a legal minefield if DRM has to be removed in order to make a copyrighted work accessible for people with disabilities.

The W3C's DRM standard for video makes many admirable and important accommodations for people with disabilities. If you have metadata -- subtitles, descriptive tracks, translations, warnings about strobe effects, etc -- it's possible to bind that metadata to the video without having to bypass the DRM.

The problem is in generating that accessible metadata. The companies that want to use DRM to restrict their video playback -- Netflix and its competitors, possible for-pay Youtube versions, etc -- have hundreds of millions of hours' worth of video in their collective catalogs. No one is going to manually analyze all that video to generate the metadata needed to make it accessible and safe. But computers can already easily generate some of that data (for example, identifying upcoming strobe effects and pausing the video before they're displayed) and will certainly get better at this in the future.

EFF has proposed a solution that lets rightsholders protect their copyrights without interfering with these activities: a "covenant" through which members promise not to use DRM law except in cases where some illegal activity has taken place. So a rightholder could sue someone who makes a tool that infringes copyright, but not one that generates subtitles.

The W3C's accessibility team hasn't backed this proposal, betting instead on convincing the Netflixes of the world to voluntarily generate all the metadata that people with disabilities might need. They argue that rightsholders would not back a proposal to immunize accessibility analysis, and by making this compromise, they keep the rightsholders at the negotiations, where they can be coaxed into keeping the existing accessibility features intact.

But other accessibility groups have backed it, and the W3C is presently engaged in the first-ever appeal of a decision by its Director. I hope that the accessibility community and its a11ys realize that this is too much to compromise on: things that are legal (like accessibility adaptation) shouldn't become legally fraught through the W3C process.

If rightsholders won't limit their DRM enforcement of W3C standards to people who've actually broken the law, they're asking the W3C to legitimize something that is wrong. Legislatures, not entertainment companies, decide what we can and can't do with copyrighted works. Adding DRM shouldn't give a corporation to invent a legal right that states will enforce on their behalf.

https://boingboing.net/2017/08/03/no-private-laws.html

Web Developer Workflow Tools: A Beginner’s Guide

Here's a primer for the tools all web developers should get to know, from basic Bash commands to web browser add-ons that will debug your web apps and automate navigation tests, plus continuous integrations pipelines.

Keep in mind this article is intended to cover the tools that the largest number of web developers will share a need to learn, not a comprehensive listing. So don't get too mad if your favorite tool isn't here! (For example, I intentionally left out WYSIWYG website builders 😉.)

Command Line

The command line is an interface that allows you to interact with the operating system through a console, and it can go a very long way to facilitate and even automate tedious and routine tasks.

You shouldn't be afraid of getting your hands dirty with the console. The time you'll spend learning some basic scripting will most definitely pay off.

Bash Tools (Linux, macOS)

Bash is the most popular shell for the "Unix-like" operating systems such as Linux and macOS.

Your mastery — or at the very minimum, a basic knowledge — of the Bash shell can save you a lot of time. Things like locating and renaming files, finding and replacing text strings, can literally take just a few seconds with commands like locate and grep with sed, respectively.

Become proficient in Bash by reading the Bash Quick Start Guide.

PowerShell (Windows)

PowerShell is the "bash-like" task automation and configuration management framework from Microsoft. It comes with a command-line similar to that of the [Command Prompt](https://ift.tt/1GmS2n8 (CMD)), but it also includes modules and a proper scripting language. But keep in mind that scripting is PowerShell in nothing like scripting in Bash. Except for a few exceptions, the commands have entirely different names, meaning that you'll need to learn these separately.

PowerShell 7 (under development) is intended as a successor to PowerShell Core 6, which was introduced as a successor to PowerShell 5. Who knows, folks at Microsoft might figure the naming thing out by version 8 or 9. 🤷‍♂️

Cygwin (also Windows)

You missed the Bash on Windows? Miss it no more! For those of you used to the power of the Bash shell but working regularly on a Windows environment, there's an alternative.

Cygwin is a POSIX-compatible environment that runs natively on Microsoft Windows, where the installation directory behaves like the root and follows a similar directory layout to that found in Unix-like systems.

Code Editors

You almost certainly know what a source-code editor is, but you might not know about some of their power features, such git integration.

There are integrated development environments (IDEs) such as NetBeans and Eclipse — but they're bloated with features we mostly won't care about anyway.

As web developers, we're more inclined towards cross-platform tools. Let's take a look at a few of them.

Atom

Not surprisingly, as it's developed by GitHub, Atom has the finest embedded Git control of any text editor, specifically aimed for GitHub repositories.

But that's not all. The "hackable text editor for the 21st Century" is incredibly easy to customize (see the docs), and a rich packages and themes ecosystem has flourished around it. Be sure to check out the blog and discussion forums to see what's been cooking, as there are plenty of regular updates.

Sublime Text

Sublime Text is the oldest product in this list (it's been around since 2008), and the only one that's not free. It's still very popular, and was the first editor to introduce many of the features we considered a given today in any decent code editor, such as "goto anything", "goto definition", and "multiple selections", among others.

It also has a companion Git client with a very sleek interface, Sublime Merge, introduced in 2018.

Visual Studio Code

Visual Studio Code (not to be confused with Visual Studio is another very popular code editor right now, which includes power features such as:

IntelliSense, which provides smart completions based on variable types, function definitions, and imported modules.

Inline debugging to analyze coding issues right from within the editor.

Version control with Git commands built-in (learn how to use version control).

Extensions and customization which run in separate processes, ensuring they won't slow down the editor (learn more about extensions).

Cloud integration with Microsoft Azure to deploy and host sites, store and query relational and document based data, and scale with serverless computing.

Read our Visual Studio Code power user's guide to become a VS Code pro, and dive even deeper with the book Visual Studio Code: End-to-End Editing and Debugging Tools for Web Developers.

The Runners Up

Although not so popular, Brackets is worth mentioning, as it’s primarily focused on web development, with a very interesting feature called Live Preview, which gives real-time connection to your browser to instantly visualize changes to CSS and HTML on screen.

Notepad++ is a drop-in replacement for Windows Notepad, very minimalist and lacking some power features we mentioned such as Git integration, but it's still a powerful, lightweight application to edit code.

Command Line–Based

As for commaind line–based editors, you've got Emacs and Vim … and endless flame wars about which one is better!

Browser Tools — Debugging, Debugging, Debugging

The web development tools shipped by some browsers aren’t quite website builders or IDEs, as they neither assist in the direct creation of a web page nor are a replacement for a code editor. Rather, they help to test the user interface (UI) of the project you're working on.

Back in the day, you’d need a number of extensions to make for a decent debugging environment, but nowadays most browsers have great built-in tools to help web developers.

Some tools you can expect to find:

A DOM inspector to edit HTML and CSS code directly on the document object model (DOM), view event listeners, and set DOM mutation breakpoints.

A console to view and filter log messages, inspect JavaScript objects and DOM nodes, and run JavaScript code in the context of the active window or frame.

A debugger to control the execution flow stepping through code, and set watches and breakpoints.

A network monitor to inspect requests and responses from the network and browser cache, including asynchronous XMLHttpRequest (XHR) — all of which can be very useful to identify bottlenecks.

An accessibility inspector to access the page's accessibility (a11y) tree, allowing you to check what's missing or otherwise what needs attention to make your site available to as many people as possible.

Performance measurement to profile execution time and system resources required by the site and walk JavaScript call stacks.

Memory measurement to track memory consumption and compare heap snapshots at different stages of the code execution.

A storage manager to handle cached data, cookies, web storage, and even IndexedDB structured data.

A service worker manager to handle and debug service workers with updates, unregisters, and start/stop of individual workers.

An emulator to test for different screen resolutions, and even different location coordinates.

Chrome DevTools

Google Chrome comes with a comprehensive and incredibly well-documented set called DevTools.

In fact, it's a good idea to visit Google's Tools for Web Developers, as you’ll find plenty of useful resources.

Firefox Developer Tools

Firefox first introduced the DOM inspector in version 3, and ever since then its Developer Tools are a state-of-the-art set that comes with extra goodies such as Eyedropper, taking screenshots, and rulers, to name a few.

Likewise, the Mozilla Developer Network (MDN) is a mandatory resource for web developers.

Safari Developer Tools

Because of its lack of features and poor support to web developers, Apple Safari is a pain to work with, and, like Internet Explorer back in the day, it would be nice not to have to deal with it. But you just have to.

It does ship Web Development Tools that aren't nearly as comprehensive as the aforementioned ones, and all the documentation you'll get is what someone may have written over a lunch break. (Yes, that's all there is.)

Others

Even Microsoft Edge, the successor of infamous Internet Explorer, has a decent set of Developer Tools!

And if you fancy good old Opera, check this Stack Exchange answer to see how you open its developer tools.

Learn the Chrome and Firefox DevTools with Browser Devtool Secrets.

JavaScript Tools

Since the arrival of Node.js (the runtime environment that executes JavaScript code outside the web browser), JavaScript has been used not only to enhance user interfaces but to write command-line tools and for server-side scripting programs, effectively establishing the "JavaScript everywhere" paradigm.

Consequently a whole ecosystem has emerged around it, and here are some tools you need to know.

npm

The Node package manager (npm) claims to be "the world’s largest software registry", and it’s an essential tool as it is the main way to distribute JavaScript code these days.

As listed on its website, you can use npm to:

The post Web Developer Workflow Tools: A Beginner’s Guide appeared first on SitePoint.

by Lucero del Alba via SitePoint https://ift.tt/2xDn8PA

Web Design And Development Advent Roundup For 2019

Web Design And Development Advent Roundup For 2019

Rachel Andrew

2019-12-11T10:30:30+02:002019-12-13T08:07:09+00:00

In the run-up to Christmas, there is a tradition across the web design and development community to produce advent calendars, typically with a new article or resource for each day of December. Last year, I did a roundup of these calendars, and now that the 2019 season is in full swing, here is this year’s line-up.

I’m sure you’ll notice that the majority of the calendars published here are true community efforts, often with the bulk of the work falling to an individual or tiny team, with no budget to pay authors and editors. So, please join us in supporting these efforts; share the articles that you enjoyed reading and join the discussions respectfully.

Whether you celebrate Christmas or not, you can certainly learn a lot of new things. (Large preview)

What follows is an amazing variety of calendars, taking different approaches to the idea of publishing something every day in advent. There are plenty of traditional articles, but also code challenges to get involved with. I’ve tried to locate RSS Feeds and Twitter accounts to make it easy for you to keep track of your favorites. Enjoy!

It’s A Shape Christmas

It’s A Shape Christmas is a digital calendar that counts down to Christmas and reveals a bespoke illustration each day themed around four different shapes (Square, Triangle, Circle and Hexagon) and Christmas. The project was started in 2011 by a UK design agency called Made by Shape. This year, it is showcasing some of the best of the previous seasons.

@shapechristmas on Twitter

24 Ways

For twenty-four days, 24 ways is publishing a daily dose of web design and development goodness to bring folks a little Christmas cheer. It’s celebrating 15 years of advent publishing and will be taking a well-earned break after this year’s “final countdown”.

RSS Feed

@24ways on Twitter

24 Days In Umbraco

24 Days In Umbraco is a calendar of articles relating to the Umbraco CMS. However, the themes of the articles so far this year will be of interest to more people than just those who use Umbraco. I enjoyed the article from December 2nd — Setting The Stage by Laura Weatherhead about public speaking.

@24daysinumbraco on Twitter

PerfPlanet Calendar

PerfPlanet is back for another season with all things speed and web performance. The Web Performance Calendar has been publishing since 2009 and is maintained by Sergey Chernyshev.

RSS Feed

@perfplanet on Twitter

Lean UXMas

Lean UXMas has been publishing each advent since 2014 and is a collection of the most popular articles from this year’s Agile & Lean UX News delivered daily this coming December.

RSS Feed

@leanuxmas on Twitter

24 Days In December

Back with 24 thoughts from the PHP family is 24 Days in December. They began publishing in 2015, when Andreas Heigl realized that he missed Web Advent who had stopped publishing in 2012.

RSS Feed

@24DaysInDec on Twitter

Perl Advent

Perl Advent is back. Mark Fowler has been publishing since 2000 and is the longest running web advent calendar that I know of. You’ll find insightful articles written by diverse author submissions from all types of Perl programming levels, so sit back and enjoy 2019’s for 24 merry days of Perl!

RSS Feed

@perladvent on Twitter

24 Accessibility

24 Accessibility are back for a third year of accessibility posts in the run-up to Christmas. The site also has an excellent set of a11y related books, events, and Twitter accounts to follow in the sidebar.

RSS Feed

@24accessibility on Twitter

“A Language A Day” Advent Calendar

In this calendar, Andrew Shitov is introducing a different programming language each day. I like the fact that for each language he is examining the same set of tasks, which makes for interesting comparisons. It’s an impressive amount of work to undertake.

RSS Feed

SysAdvent

Now in its 11th year, SysAdvent is a collection of articles written by sysadmins and published with the goals of sharing, openness, and mentoring.

RSS Feed

@SysAdvent on Twitter

Ladies of Code

New this year is the Ladies of Code Advent Calendar, from Ladies of Code, an organization that runs workshops, meetups, and hack nights across Europe.

@ladiesofcode on Twitter

The JVM Programming Advent Calendar

Originally the Java Advent Calendar, this annual offering renamed to JVM Advent as the ecosystem is more than just the Java language.

RSS Feed

@JavaAdvent on Twitter

RIPSTECH Java Security Calendar

In 2017 RIPSTECH published a PHP Security calendar and in 2018 a WordPress Security calendar. They are back for 2019 with a focus on Java security. Can you spot the vulnerability in each of the 24 challenges?

WordPress Snippets Til Christmas

Elliott Richmond has come together with other folks in the WordPress community to publish useful WordPress snippets every day of advent to help developers improve their workflow.

RSS Feed

#wpsnippetstilxmas on Twitter

The Third Annual C# Advent

A community effort with 50 slots, two per day, for people to claim and write an article about C# development. The articles are hosted on the authors' sites or on Medium, and so the calendar is a list of links to them all.

@mgroves on Twitter

Marco’s Extended Advent Calendar

Marco Zehe is posting daily until Christmas, and says these posts could be about “everything and anything”. However, expect a strong accessibility focus given his areas of expertise!

@MarcoInEnglish on Twitter

@MarcoZehe on Twitter

IT Security Advent Calendar

“Stay safe online all Advent time” is the credo of the IT Security Advent Calendar. Counting down to Christmas, it features a new tip for protecting your devices, networks, and data each day.

HaXmas

HaXmas is a security advent calendar by Rapid7 that is full of stories, advice, inspiration, and a bit of fun. Keep an eye on a new tidbit every day throughout December!

PHP Advent Calendar

Every year, for the first 24 days in December, the PHP Advent Calendar invites members of the PHPamily to share some gifts with you. And this year is no exception, of course.

Azure Advent Calendar

Run by Richard Hooper and Gregor Suttie, the initial idea of this advent calendar was to give people who aren’t that well-known an opportunity to share their content with the community. What started with 25 slots expanded to 75. A small community-driven idea brought to you by the community!

YouTube channel

#azureadventcalendar on Twitter

Webアクセシビリティ Advent Calendar 2019

This Japanese advent calendar has been running since 2013. Its focus lies on web accessibility, with a new author exploring a topic each day. The calendar is moderated by @hokaccha.

24 Jours De Web

24 Jours De Web is a lovely French calendar which first appeared back in 2012. The creators support the Pierre Deniker Foundation and kindly ask readers to donate to help this charity support mental health research and education.

RSS Feed

@24joursdeweb on Twitter

Kodekalender by Knowit

This Norwegian calendar is a series of programming challenges (each open for 24 hours only) with a prize draw at the end. Solving more puzzles gets you more entries. Good luck!

@knowitnorge on Twitter

Fronteers Advent Calendar

For the Dutch speakers among you, Fronteers are running an advent calendar on their blog. As last year, each writer chooses a charity, and the Fronteers organization will donate 75 euros on their behalf.

RSS Feed

@Fronteers on Twitter

SELFHTML Adventskalender

An advent calendar with web development tips in German comes from the SELFHTML community, who are committed to documenting web technologies for German-speaking developers in their SELFHTML wiki.

Advent Of Code

If you prefer a puzzle over an article, take a look at Advent of Code. Created by Eric Wastl, this is an advent calendar of small programming puzzles for a variety of skill sets and skill levels that can be solved in any programming language you like.

@ericwastl on Twitter

HACKvent 2019

The folks at Hacking Lab bring you a new (white-hack) hacking challenge every day during advent. You earn points based on the difficulty of your solution, but be quick, you need to solve the challenge on the same day to receive full points.

25 Days Of Serverless

25 Days Of Serverless has a new coding challenge waiting for you every day, for 25 days. Solve it in the programming language of your choice and submit your solution via GitHub. The best solutions will be showcased every week and possibly in a final series recap.

Advent Of Cyber

Advent of Cyber is TryHackMe's Christmas Security Challenge. And since security can be a daunting field, they break down common security topics into “byte-sized” challenges leading up to Christmas.

#DevToolsAdvent

Alex Lakatos started #DevToolsAdvent to count down the days to Christmas. Every day, he’ll be tweeting a useful Firefox DevTools tip or trick.

#DevToolsAdvent

@lakatos88 on Twitter

#devAdvent

Last year Sarah Drasner announced that she would be highlighting a person and project every day of Advent using the hashtag #devAdvent. She is continuing the tradition this year. Follow along to get to know some new folks and the work they do.

@sarah_edo on Twitter

#devAdvent

Last year I did a dev advent calendar, and I'm going to keep it going this year. Every day from the 1st to the 25th, I’ll highlight a new person/project that I’m into and think people would benefit from knowing about. ❤️ The hashtag is #devAdvent if you want to follow along

— Sarah Drasner (@sarah_edo) November 29, 2019

#CodeTidbits30

Another tweet calendar comes from Samantha Ming: follow her as she tweets 30 days of handy JS, HTML, and CSS snippets.

@samantha_ming on Twitter

#CodeTidbits30

#CodeTidbits30 Day 1 🎄 For the entire Dec, DAILY posts! 30 days straight of the very best JS, HTML, CSS snippets! Let's start off with a classic. 3 ways to filter out duplicates from an array and return only the unique values.#Codenewbie #100DaysOfCode #301DaysOfCode pic.twitter.com/7j1dSh3CgW

— Samantha Ming (@samantha_ming) December 1, 2019

Bekk Christmas

Last year, Norwegian company Bekk produced four calendars. This year, they are back with twelve! In a blog post, they explain why they are producing such a huge number of articles this year. I learned that there are over 100 authors from within the company — many of who have not written articles before. Therefore, in the lead up they have been taking part in writing workshops. Perhaps we will find some future Smashing authors among them!

The homepage for the project is at bekk.christmas where you can check out the topics that interest you most.

CSS Christmas

Functional Christmas

Java Christmas

JavaScript Christmas

Kotlin Christmas

Machine Learning Christmas

Open Source Christmas

React Christmas

Security Christmas

The Cloud Christmas

UX Christmas

Share The Ones I Missed!

There seem to be even more calendars publishing this year than last, despite the fact that some are taking a break this year. It’s been nice to find some calendars in languages other than English, too! If you know of a calendar related to web design and development that I haven’t mentioned here, please post it in comments section below.

Enjoy your seasonal reading!

(il, cm)

Accessibility Testing Services

With the intervention of technology into every domain accessibility is the need of the hour. At QA InfoTech, our special engineers work tirelessly to fulfill your compliance goals and deliver an exceptional set of accessibility testing services and a seamless experience for every customer across your digital business. We work in a standardized engineering accessibility environment for product development and strictly follow WCAG 2.0, Section 508 and ADA. To know more, visit https://bit.ly/2Y9FDHP #AccessibilityTestingServices #a11y #WebAccessibility

Download Mozilla Firefox 69.0 x64 MSI

Download Mozilla Firefox 69.0 x64 MSI for Configuration Manager deployments. No desktop shortcut;English localization;No Updater (no mozilla maintance service);Upgradable in future (past release). New Enhanced Tracking Protection (ETP) rolls out stronger privacy protections:The default standard setting for this feature now blocks third-party tracking cookies and cryptominers.The optional strict setting blocks fingerprinters as well as the items blocked in the standard setting.The Block Autoplay feature is enhanced to give users the option to block any video that automatically starts playing, not just those that automatically play with sound.For our users in the US or using the en-US browser, we are shipping a new “New Tab” page experience that connects you to the best of Pocket’s content.Support for the Web Authentication HmacSecret extension via Windows Hello now comes with this release, for versions of Windows 10 May 2019 or newer, enabling more passwordless experiences on the web.Support for receiving multiple video codecs with this release makes it easier for WebRTC conferencing services to mix video from different clients.For our users on Windows 10, you’ll see performance and UI improvements:Firefox will give Windows hints to appropriately set content process priority levels, meaning more processor time spent on the tasks you're actively working on, and less processor time spent on things in the background (with the exception of video and audio playback).For our existing Windows 10 users, you can easily find and launch Firefox from a shortcut on the Win10 taskbar. For our users on macOS, battery life and download UI are both improved:macOS users on dual-graphics-card machines (like MacBook Pro) will switch back to the low-power GPU more aggressively, saving battery life.Finder on macOS now displays download progress for files being downloaded.JIT support comes to ARM64 for improved performance of our JavaScript Optimizing JIT compiler. Fixed Various security fixes Changed As previously announced in the Plugin Roadmap for Firefox, the "Always Activate" option for Flash plugin content has been removed. Firefox will now always ask for user permission before activating Flash content on a website.With the deprecation of Adobe Flash Player, there is no longer a need to identify users on 32-bit version of the Firefox browser on 64-bit version operating systems reducing user agent fingerprinting factors providing greater level of privacy to our users as well as improving the experience of downloading other apps.Firefox no longer loads userChrome.css or userContent.css by default improving start-up performance. Users who wish to customize Firefox by using these files can set the toolkit.legacyUserProfileCustomizations.stylesheets preference to true to restore this ability. Enterprise For Enterprise system administrators that manage macOS computers, we begin shipping a Mozilla signed PKG installer to simplify your deployments. Developer For our mobile web developers, we have migrated remote debugging from the old WebIDE into a re-designed about:debugging, making debugging GeckoView on remote devices via USB rock solid.The network panel will now show blocked resources to allow developers to best understand the impact of content blocking and ad blocking extensions given our ongoing expansion of Enhanced Tracking Protection to all users with this release.The new event listener breakpoint feature allows developers to pause on a host of different event types, whether it be related to animations, DOM, media, mouse, touch, worker, and many other event types.Firefox Developer Tools now offers an audit for the presence of text alternatives for non-text content, the a11y panel checks toolbar has been augmented to better help developers adhere to WCAG Guideline 1.1. Don’t forget support Authors.

DOWNLOAD

Read the full article

Elm HTML A11y Helpers

This week I spoke at the GOTO Chicago conference and the speaker before me, Richard Feldman, talked about JavaScript interrop with the Elm programming language. If you're not familiar with Elm (I wasn't), it's a statically typed programming language that compiles to JavaScript, with a focus on performance and no runtime exceptions. When I spoke with Richard about accessibility on the speaker drink track later, he mentioned a colleague had been working on an accessibility library. Enter Elm-HTML-A11y, a set of helpers to encourage accessible HTML in Elm.

From developer Tessa Kelly:

“I've been working on a library in Elm that adds helpers for aria attributes and presents a nice API so that it's easier for developers to make the accessible-friendly decision. I've been working from the WAI-ARIA spec, and just trusting that assistive technologies support the attributes I'm adding.”

Elm-HTML-A11y currently covers form inputs, tabs, and images, enforcing accessible defaults with labels, roles and text alternatives. Tessa maintains the repository on Github, so if you have a feature request or issue be sure to let her know!

It's so awesome to see accessibility-focused tools for new programming languages, because they make writing accessible HTML easier for developers who often overlook it. Thanks, Tessa!

DRM in web standards creates new barriers to accessibility

The World Wide Web Consortium is pressing ahead with its project to standardize a DRM system for the web, without taking any legal steps to protect people whose legitimate activities would be impaired by the DRM system.

DRM systems are protected by a global set of laws that ban tampering with copyright-controls, even when you're engaged in otherwise legal activities. This notoriously interferes with security research (researchers who disclose defects in systems with DRM face legal threats, lawsuits and even jail time, leaving the users at risk of being attacked as these defects fester).

But an equally important activity that DRM interferes with is accessibility adaptation, which, despite being protected in many countries' copyright laws, turns into a legal minefield if DRM has to be removed in order to make a copyrighted work accessible for people with disabilities.

The W3C's DRM standard for video makes many admirable and important accommodations for people with disabilities. If you have metadata -- subtitles, descriptive tracks, translations, warnings about strobe effects, etc -- it's possible to bind that metadata to the video without having to bypass the DRM.

The problem is in generating that accessible metadata. The companies that want to use DRM to restrict their video playback -- Netflix and its competitors, possible for-pay Youtube versions, etc -- have hundreds of millions of hours' worth of video in their collective catalogs. No one is going to manually analyze all that video to generate the metadata needed to make it accessible and safe. But computers can already easily generate some of that data (for example, identifying upcoming strobe effects and pausing the video before they're displayed) and will certainly get better at this in the future.

EFF has proposed a solution that lets rightsholders protect their copyrights without interfering with these activities: a "covenant" through which members promise not to use DRM law except in cases where some illegal activity has taken place. So a rightholder could sue someone who makes a tool that infringes copyright, but not one that generates subtitles.

The W3C's accessibility team hasn't backed this proposal, betting instead on convincing the Netflixes of the world to voluntarily generate all the metadata that people with disabilities might need. They argue that rightsholders would not back a proposal to immunize accessibility analysis, and by making this compromise, they keep the rightsholders at the negotiations, where they can be coaxed into keeping the existing accessibility features intact.

But other accessibility groups have backed it, and the W3C is presently engaged in the first-ever appeal of a decision by its Director. I hope that the accessibility community and its a11ys realize that this is too much to compromise on: things that are legal (like accessibility adaptation) shouldn't become legally fraught through the W3C process.

If rightsholders won't limit their DRM enforcement of W3C standards to people who've actually broken the law, they're asking the W3C to legitimize something that is wrong. Legislatures, not entertainment companies, decide what we can and can't do with copyrighted works. Adding DRM shouldn't give a corporation to invent a legal right that states will enforce on their behalf.

https://boingboing.net/2017/08/03/no-private-laws.html