mechazoidal + web   428

psl-problems/README.md at master · sleevi/psl-problems · GitHub
Don't use the PSL/Public Suffix List/eTLD+1, use Same-Origin Policy instead
security  webdev  web  repo:github  advice 
18 hours ago by mechazoidal
Web development as a hack of hacks - QuirksBlog
There's a lot of (quirks') irony here, but it's got good points.
javascript  webdev  hahaonlyserious  2016  web 
4 days ago by mechazoidal
GitHub - postlight/mercury-parser: 📜 Extract meaningful content from the chaos of a web page
https://mercury.postlight.com/web-parser/
"Written in JavaScript and running on both Node and in the browser, Mercury Parser is the engine that powers the Mercury Parser API, Mercury AMP Converter, Mercury Reader, and even more third-party software and services. Mercury Parser allows for better reading experiences, easier content migration, and endless opportunities for remixing the web, by making semantic sense out of any article. Mercury Parser sees web pages the same way you do: It sees titles, content, authors, and lead images, and makes all of that extracted data easily available to your software, which, unfortunately, sees only a sea of HTML markup, where page navigation, advertising, and the like are indistinguishable from content."

Feedbin makes heavy use of it
repo:github  parser  web  rss  webdev  javascript  library 
4 days ago by mechazoidal
Minify Your SVGs - victorzhou.com
Note the lobsters discussion: there's at least one bug in Firefox this might tickle: https://lobste.rs/s/s89jaz/minify_your_svgs
svg  webdev  graphics  web 
6 weeks ago by mechazoidal
Are we web yet? » AWWY?
Collecting web resources+crates for Rust
rust  webdev  web  reference 
6 weeks ago by mechazoidal
MaintainableCSS - an approach to writing modular, scalable and maintainable CSS | By Adam Silver
"an approach to writing modular, scalable and maintainable CSS for small and large codebases. You can learn it in 20 minutes and implement it immediately in your project."
focuses on CSS' strengths, not "CSS-in-JS"
css  webdev  web 
6 weeks ago by mechazoidal
The Flexbox Holy Albatross Reincarnated | HeydonWorks
basically, a proper way to deal with a flexbox gotcha: "The trouble is, sometimes you want your items to wrap in a very particular way. For instance, when you have three items, you’ll be happy with the three-abreast layout and accepting of the single-column configuration. But you might like to avoid the intermediary part where you get a pair of elements on one line followed by a longer element underneath."
multipart  css  webdev  web  design 
6 weeks ago by mechazoidal
APIs are about Policy — Acko.net
Summarize:
- REST is old since caching no longer applies (https)
- graphql optimizes the easy part (reads), does nothing for back end
- crdt and OT algos are a good mind-expander
- pick your tree format, it doesn't matter!
- separate the logistics of the API from its policies(withOUT falling into the trap of making a one-size-fits-all tool)
rest  graphql  piperesearch  2019  api  web 
7 weeks ago by mechazoidal
Underscoring the “private” in private key – Koen Rouwhorst
Not only did Amazon use an embedded webserver to launch an app without registering a protocol handler, they embedded the private key for the HTTPS cert into the server, which is embarrassing levels of MITM possibilities.
amazon  web  security  https  2019 
7 weeks ago by mechazoidal
What were CGI scripts? | Lobsters
The discussion is more interesting than article. Note some of the corrections, and how CGI is still useful in this age of "serverless" computing
CGI  lobsters  discussion  webdev  history  web 
8 weeks ago by mechazoidal
API Web Service
"The National Weather Service (NWS) API allows developers access to critrical forecasts, alerts, and observations, along with other weather data. The API was designed with a cache-friendly approach that expires content based upon the information life cycle. The API is based upon of JSON-LD to promote machine data discovery."
api  data_source  weather  is  documentation  web 
8 weeks ago by mechazoidal
activity notes
@tedu: "So you have an ActivityPub actor and you want to say something. What are you going to post? Might I suggest a Note?

A Note is the defacto default object for posts for many microblog programs. There are also some other types, like Article, but even simple Notes have plenty of details and variation to unpack.

The actor object is mostly infrastructure to support the network, but notes are much more user visible. As such, UI and presentation concerns bleed into the object representation. "
activitypub  fediverse  web 
8 weeks ago by mechazoidal
GitHub - basecamp/trix: A rich text editor for everyday writing
basecamp's rich-text editor, using the latest Modern Standards!
"sidesteps these inconsistencies by treating 'contenteditable' as an I/O device: when input makes its way to the editor, Trix converts that input into an editing operation on its internal document model, then re-renders that document back into the editor. This gives Trix complete control over what happens after every keystroke, and avoids the need to use 'execCommand' at all."
repo:github  editor  web  webdev  library  javascript  facme 
8 weeks ago by mechazoidal
Managing Flow and Rhythm with CSS Custom Properties ◆ 24 ways
"This tiny little [flow] utility can bring great power for when you want to consistently space elements, vertically. It also—thanks to the power of the modern web—allows us to create contextual overrides without creating modifier classes or shame CSS."
css  webdev  web 
8 weeks ago by mechazoidal
Shirky: A Group Is Its Own Worst Enemy
"The patterns here, I am suggesting, both the things to accept and the things to design for, are givens. Assume these as a kind of social platform, and then you can start going out and building on top of that the interesting stuff that I think is going to be the real result of this period of experimentation with social software. "
internet  culture  presentation  groups  history  web  collaboration  socialmedia 
12 weeks ago by mechazoidal
On Dat://
Duxtape: a version of the old Muxtape service running on Dat. Note his lessons learned, and the current sum-up of Dat indicates it's probably not a good fit for PR
decentralized  dat_project  beaker  web  piperesearch 
june 2019 by mechazoidal
Wax
"Wax is a minimal computing project for producing digital exhibitions focused on longevity, low costs, and flexibility. Our underlying technology is made to learn and to teach, and can produce beautifully rendered, high-quality image collections and scholarly exhibits."

Basically a static site generator focusing more on art and stability. Don't miss the About page for a great newbie overview and a great diagram showing how static site generators work.
web  webdev  art  tools 
june 2019 by mechazoidal
I can see your local web servers | Lobsters
Linked article is good, discussion is even better. Basically with any current browser it's possible to find local services via IPv4 discovery, requests, and timing-channels.
security  lobsters  discussion  web  webdev 
may 2019 by mechazoidal
In-browser localhost discovery- rain-1.github.io
Basically any webpage can perform LAN discovery on your machine. This uses requests, another technique is to use WebRTC.
Some "fun" uses are discussed in the comments, with a 2019 note that some Russian government sites are using this to see if any "hacking tools" are running on a visitor's browser
security  web  webdev  browser  networking 
may 2019 by mechazoidal
Why I'm still using jQuery in 2019
[...] I think there are a few reasons to stick with simple JavaScript; primarily because I want to build webpages that are fast, use the simplest feasible code, and are accessible by as many people as possible. In my experience server-side generated templates lightly sprinkled with 'progressive enhancement'-style JavaScript are often the best way to do that. It’s often easier to develop, tends to be faster, tends to have fewer bugs, and your laptop’s fan won’t wake the neighbours."
jquery  webdev  web  javascript 
may 2019 by mechazoidal
Library Extension – Get this Extension for 🦊 Firefox (en-US)
"See books, music and more at your local library as you browse the internet"
mozilla  plugin  firefox  web  libraries 
may 2019 by mechazoidal
Yahoo! Pipes - Wikipedia
"It's a shame that Yahoo Pipes didn’t survive. I saw a lot of really interesting projects that were effectively huge chunks of APIs glued together with it, and it feels like it was an idea which was ahead of its time."
wikipedia  web  piperesearch 
may 2019 by mechazoidal
GitHub - otherjoel/thenotepad: 📓🍎An experimental blog written in Pollen / Racket
Pollen is meant for books, but it's possible to make it work as a static site generator
web  racket  repo:github  webdev  blog 
april 2019 by mechazoidal
The Ping is the Thing: Popular HTML5 Feature Used to Trick Chinese Mobile Users into Joining Latest DDoS Attack | Imperva
"Ping is a command in HTML5 that specifies a list of URLs to be notified if the user follows a hyperlink. When the user clicks on the hyperlink, a POST request with the body “ping” will be sent to the URLs specified in the attribute. It will also include headers “Ping-From”, “Ping-To” and a “text/ping” content type.

This attribute is useful for website owners to monitor/track clicks on a link"

*stares into camera*
security  html5  webdev  web  this_is_fine  exploit 
april 2019 by mechazoidal
fgallery: a modern, minimalist javascript photo gallery
Perl-based, note its list of prerequisites(and note that it needs a perl with thread-support)
webdev  web  photos  tools  perl 
march 2019 by mechazoidal
GREYSCALE ME! - Michael "notriddle" Howell
View a site in grayscale, to see if it's ok for people with impaired vision
a11y  webdev  web  tools 
march 2019 by mechazoidal
Copy page title and url by Marek Jedliński for Firefox
Note that it may have problems with some pages: like its own! (May also be an OSX hiccup)
firefox  plugin  web  tools 
march 2019 by mechazoidal
Building a modern carousel with CSS scroll snap, smooth scrolling, and pinch-zoom | Read the Tea Leaves
"Come on, it’s 2019. Isn’t there a decent way to build a carousel with native browser APIs?

As it turns out, there is."
javascript  webdev  css  html5  web  webdesign 
february 2019 by mechazoidal
Google's Long March — Dorian Taylor
Not sure of publication date, but on Google's increasing control of the Web.
Interesting points: the complaints that HTML5 spec is more about rendering than data, about EME, and WebAssembly:
"It is also worth mentioning that this state of affairs addresses Alan Kay’s early and vociferous complaint about the Web: that browsers ought to just be virtual machines that download apps off the network and execute them. While it appears he is getting his way, there is still demonstrable value in having the bulk of the content not only be amenable to view source—a state which Kay would agree with, considering it was an essential feature of SmallTalk—but also be deterministic and declaratively defined."
web  google  essay  webdev 
february 2019 by mechazoidal
Eight million pixels and counting - Following up on the 2d graphics in Rust discussion
Noting that "2D graphics means different things to different people", focusing on what that means for web browsers and general UI.
In particular note his API design notes:
- Most common 2D APIs like Canvas were descendants of Java2D/Postscript, where the developer needs to manually change parts of the scene(very stateful). They don't map well to modern GPUs.
- Compositors are more important than ever. Thankfully, most if not all current window managers now let you hand off your compositor calls(albeit being subtly different in how it's done, this is a job for compatibility layers).
- These two facts are how most browsers and UI toolkits operate: "an immediate mode painting abstraction, on top of which an invalidation system and a compositor were implemented to paper over the difficulty of rendering at 60 frames per second (without draining too much power). " Most are now trying to move away from this(Firefox/Mozilla are building WebRender, which he then explains a bit of)
- The description of WebRender, "consumers of the API build a retained representation made of nested "display lists", and several frames will be rendered from this representation when animated properties of these display lists change (for example scrolling, or other types of animations).". Note the simple list of primitives it uses.
- He then notes that while WR is good for UIs and web, path-rendering would be a much different design, which he hopes to cover in a separate post
graphics  piperesearch  api  2018  ui  web 
january 2019 by mechazoidal
Four Cool URLs - Alex Pounds' Blog
- A URL points to a thing, but it can also be the thing itself.
- URLs can be for both human and machine consumption.
- URLs can be robust.
- URLs can be predictable.
- Let power users edit your URLs.
- Good URLs are descriptive. 
"URLs are designed for machines, but they should be designed for humans"
webdev  url  web  design  ui 
january 2019 by mechazoidal
Axe: Open Source Rules Library for Web Accessibility Testing
"an open source rules library for accessibility testing. It was developed to empower developers to take automated accessibility testing into their own hands and to avoid common pitfalls of other automated accessibility tools."
a11y  web  webdev  testing  plugin  chrome  firefox  tools 
december 2018 by mechazoidal
CraSSh
"clock here to crash your browser with pure css". Also note speculation over using it against PhantomJS to slow down defense responses
browser  vulnerability  webdev  web  css  research 
november 2018 by mechazoidal
simple off-line blog utility
"It knits together articles with templates to generate static HTML files, Atom feeds, and JSON files. It's built for use with make(1). No markdown (unless…), no CMS, no CGI, no PHP. Just a simple UNIX tool for pulling data from articles and populating templates. sblg is an open source ISO C utility that depends only on libexpat."
tools  webdev  web 
october 2018 by mechazoidal
Bálint's extended musings | Chrome is a Google Service that happens to include a Browser Engine
"So what changed with Chrome 69? From that version, any time someone using Chrome logs into a Google service or site, they are also logged into Chrome-as-a-browser with that user account. Any time someone logs out of a Google service, they are also logged out of the browser. Before Chrome 69, Chrome users could decline to be logged into Chrome entirely, skipping the use of Sync and other features that are tied to the login and they could use Chrome in a logged-out state while still making use of GMail for example.

Just to spell it out: this means Google logins for Chrome are now de-facto mandatory if you ever login to a Google site."
google  chrome  browser  web  monopoly  2018 
september 2018 by mechazoidal
Home · WardCunningham/Smallest-Federated-Wiki Wiki · GitHub
core site of concepts: See Concepts, On Federating Wiki, Server, Story JSON, etc.
Archived and from 2016, but may provide at least the basics, as the main fedwiki sites don't appear to keep any of this documentation

(unless it's like http://makecommoningwork.fed.wiki/view/halo)
repo:github  fedwiki  reference  web  webdev 
september 2018 by mechazoidal
Partnerstroka: Large tech support scam operation features latest browser locker - Malwarebytes Labs | Malwarebytes Labs
"We have been monitoring a particular tech support scam campaign for some time which, like several others, relies on malvertising to redirect users to the well-known browser lockers (browlocks) pages. While it is common for crooks in this industry to reuse design templates, we were still able to isolate incidents pertaining to this group which we have been tracking under the name Partnerstroka.

However we caught up with the same campaign again recently and noticed that the fake alert pages contained what seemed to be a new browlock technique designed specifically for Google Chrome. In this blog post, we share some of our findings on this group and their latest techniques."
(note use of css3 cursor to expand the click area, and the multiple redirect chain)
web  browser  security  malware  advertising  analysis  2018  this_is_fine 
september 2018 by mechazoidal
Steve Streeting on Twitter: "A friend once had a concept version of a locked down, network-internal CMS which generated a static version for the public on content approval and I think that’s a great compromise which never went anywhere because people do
"A friend once had a concept version of a locked down, network-internal CMS which generated a static version for the public on content approval and I think that’s a great compromise which never went anywhere because people don’t get the benefits"
(thread)
"That's actually what I've been working on on and off forever now. The only problem I haven't quite solved yet is how to make the installation of such a tool as convenient as possible. And it needs to be able to run anywhere, without the need of special server setups."

"Yeah. Sadly it’s hard to eliminate that initial setup step entirely especially since if you want to run it in the cloud you need to know how to IP fence it and that can be specific to providers. Sounds like a master of devops job"

"Ofc it all gets way easier if they already have a VPN which encompasses some cloud provider(s) already - this seems increasingly common (we had this at Atlassian) but probably only above a certain size"

"Yup. That's exactly what I'm fighting with. I'm working for small(er) clients who usually don't have such a massive infrastructure available. Everything that goes beyond off-the-rack PHP/MySQL setups is ... problematic."
webdev  web  cms  tweet 
september 2018 by mechazoidal
How to make a self-hosted video livestream | Drew DeVault’s Blog
jussi@lobsters: "I think worth mentioning is that Arut stopped actively developing the nginx-rtmp-module since he was hired to nginx plus project (they sell ªªhttps://www.nginx.com/products/nginx/streaming-media/ asºº a plus module). But this fork is still in active development: ªªhttps://github.com/sergey-dryabzhinsky/nginx-rtmp-module andºº highly recommended!"
streaming  ffmpeg  howto  videos  nginx  web 
august 2018 by mechazoidal
Ship of Theseus
"my Neo-Gothic Trans-Humanist Dressup Game is out!"
game  html5  web 
august 2018 by mechazoidal
Metalink | From Wikipedia, the free encyclopedia
"It specifies files appropriate for the user's language and operating system; facilitates file verification and recovery from data corruption; and lists alternate download sources (mirror URIs)."
(RFC 5854, RFC 6249)
wiki  webdev  web  xml  networking 
august 2018 by mechazoidal
GoAccess - Visual Web Log Analyzer
"an open source real-time web log analyzer and interactive viewer that runs in a terminal in *nix systems or through your browser."
analytics  web  logging  monitoring  webdev  tools 
august 2018 by mechazoidal
BookStack
noted that it might store internal records directly in HTML
wiki  tools  web 
july 2018 by mechazoidal
How to implement a basic ActivityPub server
it's mostly having correct AP and Webfinger JSON responses, along with proper signing(it's not oauth, it's HTTP Signing)
webdev  web  socialmedia  distributed  reference  activitypub 
june 2018 by mechazoidal
benaiah comments on: Static Sites vs CMS | Lobsters
The concept is interesting, and the resource page is worth a look. The description of JAMStack is not appealing, however
comment  lobsters  webdev  web  cms 
june 2018 by mechazoidal
GDPR Hysteria | Lobsters
So basically remotestorage.io is a dead-end? Original vdirsyncer author: "I’ve worked with it and it’s nowhere near usable. There are so many technical challenges (esp. with performance) you face on the way that result of you basically having to process all user data clientside, but storing the majority of data serverside. It gets more annoying when you attempt to introduce any way of interaction between two users."
unhosted  web  comment  lobsters  remotestorage 
may 2018 by mechazoidal
Google YOLO
"Actually don't even click anything. Malicious websites can simply track your cursor's position and change the invisible button/iframe's position accordingly. So even if you make a click by mistake you will be forced to click on something else.

There's no reliable way to prevent Clickjacking, though mitigation can be done on both ends"

(coda: Google "fixed" it by clicking the author's domain from using the API, but aren't going to long-term fix it)
web  google  security  webdev  clickjacking 
may 2018 by mechazoidal
« earlier      
per page:    204080120160

related tags

3d  18f  a11y  academic  accessibility  activism  activitypub  addressing  administration  advertising  advice  agency  aggregation  ajax  amazon  amp  analysis  analytics  android  animation  antipatterns  apache  api  apl  app  architecture  archived  archiving  art  article  articles  artist  atom  audio  authentication  authorization  automation  aws  backup  barcodes  bash  bbc  beaker  benchmark  benchmarking  bestpractices  blockchain  blog  blogging  blogs  book  bookmarklet  bookmarks  books  bots  boxmodel  browser  browsers  bsd  business  c  cables  caching  canvas  captcha  captioning  case-studies  certificate  certificates  cgi  charts  chat  chiptune  chrome  chromium  clickjacking  client  clojure  clojurescript  cloud  cms  coap  code  codepen  collaboration  colo  color  colors  commandline  comment  comments  communication  community  comparison  compatibility  compression  computerscience  concurrency  config  conspiracy  CORS  crdt  critique  crossbrowser  crowdsourcing  crypto  cryptography  csrf  css  culture  curl  d3  dashboard  data  database  databases  datamining  data_source  dat_project  dead_link  debugging  decentralized  demo  design  development  devops  dht  discoverability  discussion  distributed  django  dns  documentation  DOM  dotmac  dropcap  dsec  dsl  e-commerce  e-government  economics  editor  eff  emacs  embedded  employment  emulation  engine  engineering  erb  eruby  essay  example  examples  exploit  exploits  facebook  facme  fediverse  fedwiki  feed  ffmpeg  finance  firefox  flash  fonts  format  foundation  framework  free  freebsd  freeware  from:medium  frontend  functional  future  futurism  game  gamedev  games  generator  generators  gist  git  github  Golang  google  gopher  government  gps  grafana  graphics  graphing  graphite  graphql  greasemonkey  grids  grim_meathook_future  groups  gui  guide  hack  hacking  hacks  hahaonlyserious  haha_only_serious  haskell  HATEOAS  history  hls  hn  hosting  howto  html  html5  http  http2  https  humor  hypermedia  i18n  icon  icons  identification  identity  idl  ie  image  images  infoq  innovation  inspiration  integration  interaction  interactive  interface  internet  ios  IoT  ipfs  iphone  iran  is  isp  it  java  javascript  journalism  jquery  jsfiddle  json  jwz  keygen  language  layout  legal  libraries  library  linux  lisp  list  livecoding  livestreaming  lobsters  logging  logo  lua  luajit  lunchread  malware  mapping  maps  markdown  markup  mdns  media  medium  memes  merb  metaverse  mfa  microformats  micropayments  middleware  mmo  mobile  money  mongrel  monitoring  monopoly  mozilla  mruby  ms_research  multimedia  multipart  multiplayer  music  mvc  mysql  neato  netscape  network  networking  news  newyorker  nginx  node  nodejs  ocaml  octopress  om  online  open  openbsd  openmirage  opensource  opera  optimization  optimizer  oreilly  osdev  osx  owasp  p2p  paper  parser  parsing  passwords  patterns  payment  paypal  pdf  pentest  performance  perl  philosophy  photography  photojournalism  photos  piperesearch  pixelart  pki  plan9  plugin  pmz  politics  portfolio  post  postgresql  postmortem  practice  presentation  preservation  preview  privacy  procedural  productivity  profiling  programming  protocol  proxy  psychology  publishing  pubsub  pwa  pws  python  racket  rails  rant  reactjs  read  readability  reading  reference  remotestorage  rendering  repl  repo:github  report  repository  research  resource  resources  rest  retrocomputing  retrogaming  reviews  rpg  rss  ruby  rust  scalability  scaling  scanner  schema  scripting  search  security  selenium  semantic  server  service  services  servo  shareware  shell  shopping  signs  single-sign-on  slack  slides  smallest_federated  social  socialmedia  software  software_development  spam  speech  spellcheck  ssl  stackexchange  stackoverflow  standards  statistics  stephenson  storage  streaming  style  subtitling  sunlight  surveillance  svg  synthesizers  sysadmin  technique  technology  templates  terminal  test  testing  text  theme  this_is_fine  tips  tls  to-read  tools  tor  torrent  totp  tracking  transcript  travel  trolling  tuning  tutorial  tutorials  tweet  twitresearch  twitter  types  typography  u2f  ui  unhosted  unikernel  unix  url  us  usability  utilities  utility  ux  validator  varnish  verification  versioning  video  videos  virtualization  virtualworld  vision  visualization  vps  vulnerability  w3c  warning  weather  web  web2.0  webapp  webassembly  webdav  webdesign  webdev  webgl  webhosting  webkit  webserver  websub  wget  wii  wiki  wikipedia  windows  wordpress  work  workflow  writing  wysiwyg  wysiwym  x509  xhtml  xml  xmpp  xsrf  xss  YUI 

Copy this bookmark:



description:


tags: