love browser trends of chrome saying "hey! what if we add this really insecure, arbitrary, and downright dangerous API?", firefox responding "...no thanks" and developers who refuse to even touch native software withering in pain as they can't natively use their particle accelerator in the browser without a wrapper

trying to add wiimote support to my WIP new website and I'm so sad to have found out that firefox doesnt support the WebHID API because it's 'too dangerous' for websites to have access to generic devices...

Chrome dichtet 7 hochgefährliche Lücken ab

Das Bug-Bounty-Programm von Chrome lohnt sich: Programmierer und Spezialisten haben 7 hochgefährliche Sicherheitslücken an Google gemeldet und eine Belohnung erhalten. Google stellt auch gleich die Updates für Anwender bereit. Einzelunternehmen und KMUs sollten bereit sein einen Klick mehr zu machen. Das aktuelle Chrome-Update enthält 7 Updates für hochgefährliche Sicherheitslücken. In Unternehmen sorgen die Admins dafür, dass Chrome auf dem aktuellsten Stand bleibt. Einzelunternehmen und KMUs sollten unbedingt einen Klick im Hilfebereich machen – das weitere Update passiert automatisch. Oft laufen Arbeits-PCs durch und solange der Browser nicht geschlossen und neu geöffnet wird, passiert kein Update! Chrome-Update auslösen Sofern das Update nicht durch eine Gruppenrichtlinie ausgelöst wird, sollte man so vorgehen: Nutzer müssen für das Update lediglich den Browser neu starten oder noch einfacher in den Einstellungen >Hilfe >über Google Chrome wählen. Danach öffnet sich die Infoseite zum Browser. Falls das Update noch nicht erledigt war, führt Chrome es nun einfach automatisch aus. Das aktuelle Updates bringt Chrome für Windows auf die Version 111.0.5563.111, Chrome für Mac und Linux auf 111.0.5563.110. Die folgenden 7 Sicherheitsprobleme werden damit behoben. - Hoch CVE-2023-1528: Use-After-Free (UAF) in Passwörtern - Hoch CVE-2023-1529: Außerhalb des Bereichs liegender Speicherzugriff in WebHID - Hoch CVE-2023-1530: Use-After-Free (UAF) Nutzung in PDF - Hoch CVE-2023-1531: Use-After-Free (UAF) Nutzung in ANGLE - Hoch CVE-2023-1532: Out-of-bounds-Lesung in GPU-Video - Hoch CVE-2023-1533: Use-After-Free (UAF) in WebProtect - Hoch CVE-2023-1534: Out-of-Bounds in ANGLE gelesen   Passende Artikel zum Thema Lesen Sie den ganzen Artikel

Ledger Nano works directly with MetaMask again.

Ledger Nano works directly with MetaMask again.

As a temporary measure, users had to connect to their devices via Ledger Live. MetaMask now has the “WebHID” option set to the cold wallet connection type by default, and users can conduct all transactions directly from their device. Applications “remember” the ledger and can now reconnect without aborting or canceling transactions without any issues. Today, MetaMask is considered the most…

View On WordPress

Chrome 89が公開、WebHID APIやWeb NFCやWeb Serial APIが導入 - ハードウェアサポートの拡充、共有コマンドへの対応でウェブアプリやPWAの基盤を強化 (窓の杜)

新刊 書籍：ビジネスマンのための新教養 UXライティング (アマゾン)

あらゆる場���でAMPコンポーネントを活用 - Bentoデベロッパープレビューのお知らせ (Google Developers Japan)

これぞプロのデザイン！UIとUXの印象がよくなるデザインの知識とテクニックのまとめ (コリス)

グーグルアナリティクスやYouTubeなどの他サービスと、サーチコンソールを関連付け可能に (海外SEO情報ブログ)

おすすめツール9選、登録フォームの作り方と注意点を徹底解説！ (フェレット)

個人向けに開発されたプロジェクト管理ツール「Condution」 (かちびと)

Powerlets - ブックマークレットを素早く呼び出すChrome機能拡張 (MOONGIFT)

Create React App 入門 (9) useCallbackフックで無駄な処理を省く (Fumio Nonaka)

Favorite tweets

Chrome 89からWebHIDがデフォルトで有効になるらしい。WebHIDはWebUSBで懲りていなかったGoogle最新のヤバAPI。JSで書かれたドライバでシステムに接続された入力機器を直接操作する。WebUSB同様ユーザがダイアログで許可した事をもってWebページにデバイスの使用を認めるhttps://t.co/Fceyjauaek

— Fadis (@fadis_) January 29, 2021

from http://twitter.com/fadis_ via IFTTT

Google is pushing for "advanced hardware interactions" that Mozilla and Apple consider harmful.

Google is pushing for “advanced hardware interactions” that Mozilla and Apple consider harmful.

Google has released a beta version of Chrome 89, adding more hardware interaction APIs and desktop sharing APIs for Windows and Chrome OS, even though Mozilla and Apple consider many of these features to be harmful. Introduced. New features for interacting with Chrome 89 hardware begin with the WebHID (Human Interface Devices) API. This allows developers to write JavaScript that uses…

View On WordPress

Windows 10、4月のアップデートで旧Edgeを削除 - Chromiumベースに完全移行 (マイナビ)

新刊 書籍：これならわかる！人を動かすデザイン22の法則 (アマゾン)

Chromeのデベロッパーツールで、コアウェブバイタルを常に計測するHeads-Up Display (HUD) 機能 (海外SEO情報ブログ)

ウェブアプリがJoy-Conなどに対応する「WebHID」NFCタグを読み書きする「Web NFC」シリアルポートで通信する「Web Serial」など、Chrome 89ベータではデフォルトで有効に (Publickey)

ChromiumでのプライベートAPIの利用制限について (Google Developers Japan)

ブラウザで処理する、プライバシーに配慮したJPEG最適化ツール「JPEG rocks」 (かちびと)

Snipp in - コードエディタが強力なスニペット管理 (MOONGIFT)

Structured Field ValuesによるHeader Fieldの構造化 (blog jxck io)

CSSのボックスモデルの構造をCSSアニメーションで可視化 (コリス)

Apple declined to implement 16 Web APIs in Safari due to privacy concerns

Why? Fingerprinting. Rather than these APIs being used for what they are meant for, they end up being used for gross ad tech. As in, “hey, we don’t know exactly who you are, but wait, through a script we can tell your phone stopped being idle from 8:00 am to 8:13 am and were near the Bluetooth device JBL BATHROOM, so it’s probably dad taking his morning poop! Let’s show him some ads for nicer speakers and flannel shirts ASAP.”

I’ll pull the complete list here from Catalin Cimpanu’s article:

Web Bluetooth – Allows websites to connect to nearby Bluetooth LE devices.

Web MIDI API – Allows websites to enumerate, manipulate and access MIDI devices.

Magnetometer API – Allows websites to access data about the local magnetic field around a user, as detected by the device’s primary magnetometer sensor.

Web NFC API – Allows websites to communicate with NFC tags through a device’s NFC reader.

Device Memory API – Allows websites to receive the approximate amount of device memory in gigabytes.

Network Information API – Provides information about the connection a device is using to communicate with the network and provides a means for scripts to be notified if the connection type changes

Battery Status API – Allows websites to receive information about the battery status of the hosting device.

Web Bluetooth Scanning – Allows websites to scan for nearby Bluetooth LE devices.

Ambient Light Sensor – Lets websites get the current light level or illuminance of the ambient light around the hosting device via the device’s native sensors.

HDCP Policy Check extension for EME – Allows websites to check for HDCP policies, used in media streaming/playback.

Proximity Sensor – Allows websites to retrieve data about the distance between a device and an object, as measured by a proximity sensor.

WebHID – Allows websites to retrieve information about locally connected Human Interface Device (HID) devices.

Serial API – Allows websites to write and read data from serial interfaces, used by devices such as microcontrollers, 3D printers, and othes.

Web USB – Lets websites communicate with devices via USB (Universal Serial Bus).

Geolocation Sensor (background geolocation) – A more modern version of the older Geolocation API that lets websites access geolocation data.

User Idle Detection – Lets website know when a user is idle.

I’m of mixing feelings. I do like the idea of the web being a competitive platform for building any sort of app and sometimes fancy APIs like this open those doors.

Not to mention that some of these APIs are designed to do responsible things, like knowing connections speeds through the Network Information API and sending less data if you can, and the same for the Battery Status API.

This is all a similar situation to :visited in CSS. Have you ever noticed how there are some CSS declarations you can’t use on visited links? JavaScript APIs will even literally lie about the current styling of visited links to make links always appear unvisited. Because fingerprinting.

Direct Link to Article — Permalink

The post Apple declined to implement 16 Web APIs in Safari due to privacy concerns appeared first on CSS-Tricks.

You can support CSS-Tricks by being an MVP Supporter.

Apple declined to implement 16 Web APIs in Safari due to privacy concerns published first on https://deskbysnafu.tumblr.com/

新しいテーマを追加した「Firefox 81」が正式リリース - キーボードやヘッドフォンによるメディアコントロールにも対応、PDFビューワーも強化 (窓の杜)

Chrome 86: フォーカス ハイライトの改善、WebHID など (Google Developers Japan)

電子書籍：JavaScript 初級者が知るべき39のこと (アマゾン Kindle)

SEOに影響のある５つのUXデザイン手法 (UX MILK)

SEOを意識したリライトはどうすべき？まずはタイトルを見直そう (フェレット)

サーチコンソールのカバレッジレポートが内部システムエラーによりデータ遅延、9/1から更新が滞る (海外SEO情報ブログ)

Finicky - 設定に沿ってブラウザを自動切り替え (MOONGIFT)

プログラミングは文系でも大丈夫！数学が苦手でも関係なくエンジニアにはなれる (creive)

2020年、オンラインサービスやウェブアプリの開発を独学で勉強したい人に役立つ練習プロジェクトのまとめ (コリス)

1,000以上のシンプルなアイコンがSVGやPNGで用意され、全てオープンソースとして利用できる「Emblemicons」 (かちびと)