ep37 Monthly Web 201804
- published_at
- 2018-05-05
- guest
- @myakura
- toc
-
headings
Theme
第 37 回のテーマは 2018 年 4 月の Monthly Web です。
Show Note
Chrome 動向
- Stable: 66
-
Updates
-
New in Chrome 66
- https://developers.google.com/web/updates/2018/04/nic66
- CSS Typed Object Model
- Async Clipboard API
- CSS Paint API
- autocomplete in TextArea and Select
- autocapitalize for form (compat with safari)
- trimStart() and trimEnd()
-
What's New In DevTools (Chrome 67)
- https://developers.google.com/web/updates/2018/04/devtools
- Search across all network headers
- Copy as fetch
- New audits, desktop configuration options, and viewing traces
- Stop infinite loops
- JavaScript VM instances clearly listed in the Memory panel
- The Network tab in the Sources panel has been renamed to the Page tab
- Dark theme updates
- Certificate transparency information in the Security panel blog
- Site isolation features in the Performance panel
- Present web pages to secondary attached displays
- Loading WebAssembly modules efficiently
-
Enabling publishers to implement user controls on AMP pages
- https://amphtml.wordpress.com/2018/04/02/enabling-publishers-to-implement-user-controls-on-amp-pages/
- AMP でユーザ制御 (Cookie 仕様の許可ダイアログなど) を実装できるように
-
New in Chrome 66
-
Blink on 9
- LT List
- Tricium (code analyzer for chromium)
- Mojo (Service Worker IPC)
- Lazyload
- Optimized functions are not crucial for the performance in our cases
- Server Push
-
Layered APIs
- Layered APIs: an overview and update
- blog
-
Intents
- Ship: [Intervention] Stop loading in background, on mobile
- Ship: RTCPeerConnection.id
- Ship: Provide network quality estimates to web servers via Client Hints
-
Ship: fetch() credentials default to "same-origin"
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/WOAtshyL2As/wITX3abkAQAJ
- fetch の cookie 付与などのデフォルトが same-origin になり、送られるようになった
- 送られたくない人は明示的に omit する必要
- Implement and Ship: WebAudio: Selectable automation rate for AudioParam
- Implement and Ship: Cross-Origin Read Blocking (CORB)
- Implement and Ship: ping, rel, referrerPolicy, relList, hreflang, type and text properties on SVG elements
- Implement and Ship: Case-insensitive DOMTokenList.supports
- Implement and Ship: Blocking FTP subresources
- Implement and Ship: Accept two values in the overflow shorthand
- Implement and Ship: CSS: "grab" and "grabbing" values for cursor property
- Implement and Ship: user activation through long-press gesture
- Implement: customElements.upgrade()
- Implement: Event Timing
- Implement: Wake Lock API based on Promise
- Implement: Keyboard Map
- Implement: Add FullscreenOptions
- Implement: User Timing L3
- Implement: WebUSB on Web Workers
-
Implement: Priority Hints API
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/65lfM2f0eeM/-1ttGbZmCQAJ
- critical, high, medium, low, unimportant で優先度付け
- H2 の dependency/weight に反映するなど
- Implement: WebXR Hit-test
- Implement: Worker's RequestAnimationFrame and new OffscreenCanvas.commit()
-
Experiment: Kaby Lake VP8/VP9 acceleration on ChromeOS
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/S1l48d1NVsk/AfmkIuCcAgAJ
- Kaby Lake 以降に入ったハードウェアデコーダーを Chrome OS で利用する
- Unship: DOMCursor
- Unship: SVGSVGElement.{pixel, screenPixel}UnitToMillimeter{X, Y}
- Remove: PointerEvent.fromElement and PointerEvent.toElement
- Deprecate and Remove: CSS filter should reject negative brightness
- Deprecate and Remove: 'stalled' events for HTMLMediaElements using MediaSource
-
Deprecate: Nonsecurely delivered cookies.
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/r0UBdUAyrLk/Pqg-fu6WBAAJ
- 平文で Cookie を送る場合、その Cookie が古いものなら消してしまうという提案
-
Request to Deprecate and Remove: Trust in existing Korean GPKI certificates
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/ujIKn9HUCF4/sRruM1LeBAAJ
- 韓国の GPKI も色々やらかしてるから symantec みたいに外してくれというリクエスト
- Site Isolation Status - Making progress towards M67
-
Request for comment:
>>>(a shadow-piercing combinator) in static profile (under experimental flag) - PSA: Deprecating notification badges on Android M for Samsung devices
- Team Weekly Snippet
-
v8
- V8 JavaScript Engine: Improved code caching
-
Other
-
Official Google Webmaster Central Blog: Distrust of the Symantec PKI: Immediate action needed by site operators
- https://webmasters.googleblog.com/2018/04/distrust-of-symantec-pki-immediate.html
- https://developers-jp.googleblog.com/2018/04/distrust-of-symantec-pki-immediate.html
- Chrome 66: 2018/4/17 に 2016/6 以前の証明書が無効
- Chrome 70: 2018/10/16 に全て無効
-
Migrate a GCM Client App for Android to Firebase Cloud Messaging
- https://developers.google.com/cloud-messaging/android/android-migrate-fcm
- GCM での Push は 2018/4/10 で deprecate 2019/4/11 で remove
-
Bookmarklet: Chrome DevTools trace page
- https://paul.kinlan.me/bookmarklet-trace-page/
- https://puppeteeraas.com/ で取得したトレースを
- https://chromedevtools.github.io/timeline-viewer/ で表示する
- という bookmarklet が便利という話
- New tools for building user controls in AMP pages
- Chromium Blog: Protecting users from extension cryptojacking
-
Official Google Webmaster Central Blog: Distrust of the Symantec PKI: Immediate action needed by site operators
Firefox 動向
- Stable: 59
-
Updates
- These Weeks in Firefox: Issue 36
- Improving DevTools' performance, one iteration at a time
-
Intents
- Ship: Allow the overflow shorthand to accept two values.
- Ship: DOMPoint interface from its latest spec
- Ship: PerformanceServerTiming
-
Implement and Ship: same-site cookies
- https://groups.google.com/forum/#!msg/mozilla.dev.platform/7hOKZDuO3qI/w9FVLatSAAAJ
- 収録中 Jxck が "CORS" と言ってるのは "CSRF" の間違いです
- Implement: CSS subgrid
- Implement: Early, experimental support for application/javascript+binast
- Unship nsIDOMEvent:
- Unship: URL.createObjectURL(MediaStream)
- Unship constructors on SVGNumber
- Unship: SVGViewElement.viewTarget
- Require Node 8.9.1/npm 5.5.1 for ESLint
- Deprecate: JS-Implemented WebIDL
-
Site Compat
- Basic auth credentials are now encoded in UTF-8 instead of ISO-8859-1 (Affecting)
- URL.createObjectURL() no longer accepts MediaStream as argument
- SVGViewElement.prototype.viewTarget has been removed
- Touch event listeners are now passive by default, making scrolling faster on mobile
- SVGNumber no longer comes with constructor
-
Other
- JavaScript to Rust and Back Again: A wasm-bindgen Tale
-
Compatibility/Unshippables
- https://wiki.mozilla.org/Compatibility/Unshippables
- ship すると web の互換性が壊れる機能のリスト
-
MDN Changelog for March 2018
- https://hacks.mozilla.org/2018/04/mdn-changelog-for-march-2018/
-
Brotli を使う実験をしてみたら圧縮率は高かったけど時間がかかるという結果に
- エンコードのレベルなどを変えて向上はした
- CloudFront (Brotli 非サポート) を使うようにするので、実験は終了
- そもそも Python のミドルウェアで動的なエンコードをかますような実装だったので、使い方が間違っていた感も否めない
- Brotli については Akamai や Cloudflare も過去に実験している
-
A new video series: Web Demystified
- https://hacks.mozilla.org/2018/04/a-new-video-series-web-demystified/
- Web の基礎技術を解説するビデオシリーズ
-
Hello wasm-pack!
- https://hacks.mozilla.org/2018/04/hello-wasm-pack/
- WASM と JS をいい感じ混ぜて使うツール
- Rust (Cargo) と Node (NPM) を透過的に使えるように
- Testing Strategies for React and Redux
- Sneak Peek at WebAssembly Studio
Safari 動向
- Stable: 11.1
- New WebKit Features in Safari 11.1
-
Release Notes for Safari Technology Preview 53
- https://webkit.org/blog/8179/release-notes-for-safari-technology-preview-53/
- Added Fullscreen API as an Experimental Feature (r229680)
- Added support for VCP encoder on macOS and iOS (r229920)
-
Release Notes for Safari Technology Preview 54
- https://webkit.org/blog/8232/release-notes-for-safari-technology-preview-54/
- Fixing Clipboard API
- Fixing Beacon API
- Implement createImageBitmap(Blob)
- Fixing WebRTC
- Fixing Web Inspector
-
Other
- Introducing the Payment Request API for Apple Pay
- Web Inspector Styles Sidebar Improvements
- Safari の UA 文字列が固定されて固定されなくなったおはなし - fragmentary
- itp_study
Edge 動向
- Stable: EdgeHTML 16
- Status Updates
-
EdgeHTML
- 17 が出そうで出なかった
- https://aka.ms/devguide_edgehtml_16
- Build Changelog
-
ChakraCore
- Release ChakraCore v1.8.3 · Microsoft/ChakraCore
- https://github.com/Microsoft/ChakraCore/releases/tag/v1.8.3
- https://github.com/Microsoft/ChakraCore/wiki/Roadmap#v183
-
Other
- First wave of Progressive Web Apps hits the Microsoft Store
- 2018 年 4 月の Internet Explorer / Microsoft Edge の累積的なセキュリティ更新プログラムを公開しました - Japan IE Support Team Blog
-
Introducing sonarwhal v1: The linting tool for the web
- https://blogs.windows.com/msedgedev/2018/04/19/sonarwhal-v1-linting-tool-for-web/
- Web を lint するツールの v1 がリリース
- Introducing the Microsoft Edge DevTools Preview app
WHATWG/W3C 動向
-
Recommendation
- TTML Profiles for Internet Media Subtitles and Captions 1.0.1 (IMSC1) is now a W3C Recommendation
-
Proposed Recommendation
- Call for Review: Web Content Accessibility Guidelines (WCAG) 2.1
-
Candidate Recommendation
- Login with no password - Major Standards Milestone in Global Effort Towards Simpler, Stronger Authentication on the Web
- W3C Invites Implementations of Timed Text Markup Language 1 (TTML1) (Third Edition)
-
Working Draft
- Call for Consensus: ICE Transport Extensions for WebRTC
- Call for Consensus: MediaStreamTrack Content Hints
- Call for Consensus: DSCP Control API
-
First Public Working Draft
- Web of Things Protocol Binding Templates; updated WoT drafts
- CSS Layout API Level 1
-
Chartering
- Work in Progress on Web Fonts Working Group Charter
- AppsDesignLab Community Group created
- Audio Description Community Group created
- Proposed W3C Charter: Distributed Tracing Working Group
- Proposed W3C Charter: Timed Text Working Group
- Proposed W3C Charter: Web Real-Time Communications Working Group
-
TAG Review
- CSS Layout API
- Signed Exchanges
- Web Components Guidelines Doc?
- Find-in-page API(s)
-
Other
- TAG の election で Intel の @kennethrohde が Join
- Proposal: https://example.com/.well-known/modify-credentials
-
Audio Description Community Group Proposed
- https://lists.w3.org/Archives/Public/public-new-work/2018Apr/0001.html
- To create an open standard file format to support audio description all the way from scripting to mixing
- Requirements for Secondary Certificates
-
Accept-CHheader is weird · Issue #206 · w3ctag/design-reviews- https://github.com/w3ctag/design-reviews/issues/206#issuecomment-379422513
- 先月話した Client Hints 、 TAG 的にはやってくことになった
-
CSS2 maintenance proposal · Issue #2553 · w3c/csswg-drafts
- https://github.com/w3c/csswg-drafts/issues/2553
- CSSWG の F2F で、 CSS Level 2 仕様の現状まとめと今後のメンテ計画について議論
-
A short update on the web-platform-test project invitation
- https://www.w3.org/blog/2018/04/a-short-update-on-the-web-platform-test-project-invitation/
- WTP の organization を移した話
TC39 動向
- minutes
-
Proposals Diff
- https://github.com/tc39/proposals/compare/master@{2018-01-01}...master@{2018-02-01}
- 0->1: N/A
- 1->2: N/A
- 2->3: N/A
- 3->4: N/A
- New Proposals
-
Other
-
「TC39 のリリースは 5-10 年サイクルに戻した方がいいのかもなぁ」 by @awbjs
- https://twitter.com/awbjs/status/984546160277794816
- TC39 の大きなゴールが無い問題
-
「TC39 のリリースは 5-10 年サイクルに戻した方がいいのかもなぁ」 by @awbjs
IETF 動向
- IETF
- RFC
- IETF Last Call
-
WG Last Call
-
2nd Working Group Last Call: draft-ietf-httpbis-rand-access-live-03
- https://lists.w3.org/Archives/Public/ietf-http-wg/2018AprJun/0023.html
- 大きめの変更が入ったので 2 回目
-
2nd Working Group Last Call: draft-ietf-httpbis-rand-access-live-03
- Call for Adoption
- I-D Action
-
Draft
-
HTTP Server *ush
- https://tools.ietf.org/html/draft-pardue-server-ush-00
- April Fools' Draft
- HTTP Representation Variants
-
HTTPtre: HTTP の改定が各仕様でドラフトに
- https://lists.w3.org/Archives/Public/ietf-http-wg/2018AprJun/0024.html
- Authentication
- Caching
- Conditional Requests
- Range Requests
- Semantics and Content
- Message Syntax and Routing
-
The 'payto' URI scheme for payments
- https://tools.ietf.org/html/draft-dold-payto-01
- 支払いのための URI scheme の提案
payto://sepa/CH9300762011623852957?amount=EUR:200.0&message=hello
-
Referring to Internet Drafts as 'Internet Drafts' Rather Than 'Works in Progress'
- https://tools.ietf.org/html/draft-roach-id-cite-00
- 'Works in Progress' という用語を 'Internet Drafts' で統一する
- Geneve Extensions
- Too Many Requests Response Code for the Constrained Application Protocol
- Signed HTTP Exchanges Implementation Checkpoints
- Usage of SPAKE with TLS 1.3
- Elliptic curve 2y^2=x^3+x over field size 8^91+5
- HTTP Overload Control Mechanism
-
Poll-Based SET Token Delivery Using HTTP
- https://tools.ietf.org/html/draft-ietf-secevent-http-poll-00
- Security Event Token (jwt etc) を Polling で取得する
-
Push-Based SET Token Delivery Using HTTP
- https://tools.ietf.org/html/draft-ietf-secevent-http-push-00
- Security Event Token (jwt etc) を Push(HTTP POST) で配布す
-
HTTP Server *ush
-
Other
-
Tests for HTTP Structured Headers
- https://github.com/httpwg/structured-header-tests
- 実装者向け test case のリポジトリ
-
Tests for HTTP Structured Headers
周辺動向
- Announcing 1.1.1.1: the fastest, privacy-first consumer DNS service
-
ImperialViolet - Post-quantum confidentiality for TLS
- https://www.imperialviolet.org/2018/04/11/pqconftls.html
- 耐量子コンピュータ TLS
-
Submit final certs to CT logs (#3640)
- https://github.com/letsencrypt/boulder/commit/1271a15be79b9717ee5b98e707b76e7ac86a9a0e
- SCT を埋め込んだ証明書も Submit するように
-
ブロッキング騒動に対する声明
-
ISOC-JP
- 著作権侵害サイトに対するブロッキングについて
- https://www.isoc.jp/wiki.cgi?page=20180412_Blocking_Statement
-
JPNIC
- 政府によるサイトブロッキング要請報道への当センターの見解 - JPNIC
- https://www.nic.ad.jp/ja/topics/2018/20180412-01.html
-
WIDE
- 漫画・アニメの海賊版サイトに関する WIDE プロジェクトの意見
- http://www.wide.ad.jp/News/2018/20180411.html
-
NTT
- インターネット上の海賊版サイトに対するブロッキングの実施について
- http://www.ntt.co.jp/news2018/1804/180423a.html
- その他多数
- mangamura.org で言えば、 Cloudflare を使ってるので DNS A レコード削除で対応
- ISP なら、外の DNS を設定してる人にもブロックを適用できる
- 外 DNS を DoH で使うとブロックできないので、 DoH 普及するとこの方法はできなさそう
-
ISOC-JP
-
Wizard Bible
- http://wizardbible.org/
- セキュリティ系の情報まとめサイトが閉鎖された。
- 警察/検察からの圧力があったらしい
-
Announcing NGINX Unit 1.0 | NGINX
- https://www.nginx.com/blog/nginx-unit-1-0-released/
- 軽量アプリケーションコンテナ実装
-
April 22, 1993: Mosaic Browser Lights Up Web With Color, Creativity | WIRED
- https://www.wired.com/2010/04/0422mosaic-web-browser/
- Mosaic 1.0 リリースから 25 年
- Yahoo! Japan が TLS1.0, TLS1.1 を 2018 年 6 月 1 日で切る
イベント
-
4 月
- 18-19: BlinkOn 9
-
5 月
- 7-9: Microsoft Build
- 8-10: Google I/O 2018
- 10-11: Web5G Workshop
- build
-
6 月
- 4-8: WWDC
-
10 月
- 22-26: TPAC 2018 Lyon