ep40 Monthly Web 201807
- published_at
- 2018-08-04
- guest
- @myakura
- toc
-
headings
Theme
第 40 回のテーマは 2018 年 7 月の Monthly Web です。
Show Note
Chrome 動向
- Stable: 68
-
Updates
-
New in Chrome 68
- https://developers.google.com/web/updates/2018/07/nic68
- Add to Home Screen changes: beforeinstallprompt
- Page Lifecycle API
- Payment Handler API
- etc
-
A milestone for Chrome security: marking HTTP as "not secure"
- https://www.blog.google/products/chrome/milestone-chrome-security-marking-http-not-secure/
- Not Secure for
http://
-
New in Chrome 68
-
Intents
-
Ship: Intervention Reports
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/sQrAZpTA8WI/EWC7W6GOCwAJ
- Reporting Observer で取得できる
- Ship: WebUSB on Dedicated Workers
- Ship: WebSockets over HTTP/2
- Implement and Ship: 'left' and 'right' values for 'text-underline-position'
- Implement and Ship: RTCRtpSender / RTCRtpReceiver.getCapabilities()
- Implement and Ship: ImageCapture support for exposureTime constrainable property
- Implement and Ship: ImageCapture support for focusDistance constrainable property
- Implement and Ship: queueMicrotask
- Implement and Ship: Update behavior of CSS Grid Layout percentage row tracks and gutters
- Implement and Ship: rename Intl.DateTimeFormat.prototype.formatToParts type "dayperiod" to "dayPeriod"
- Implement and Ship: fractional PointerEvents.offsetX/Y
- Implement: Window postMessage with options
- Implement: PaymentResponse.prototype.retry()
- Implement: Feature policy to disable parser-blocking script execution
-
Implement: Portals
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/SgsbpO08AeI/ZyDL6r5FBgAJ
<portal>Tag により、 embed content とシームレスに遷移
-
Implement: Feature Policy control over sandbox features
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/WLuXgLp2WWY/WvzMRIjdAgAJ
- "forms"
- "modals"
- "orientation-lock"
- "plugins"
- "pointer-lock"
- "popups"
- "presentation"
- "scripts"
- "top-navigation"
- Implement: WebSocket: permit connection reuse for auth
- Implement: Shadow DOM imperative distributed API
- Experiment:
- Change:
- Remove:
-
Deprecate & Remove: Android build number in user-agent identification
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/nJ7Izi0QNAQ/5F8ELQuOAQAJ
- Android の build number を UA から削除する
- Firefox: doesn't include OS build numbers.
- Safari: Mobile does include the iOS build number as part of the "Mobile" token.
- Edge: doesn't include the Windows build number.
- Deprecate and Remove: PPAPI (Pepper) WebSocket
-
Deprecate and Remove: Shadow DOM V0, Custom Elements V0, HTML Imports
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/h-JwMiPUnuU/sl79aLoLBQAJ
- 2019Q1 で deprecate 、ただし Origin Trials での延命 を許可
- 2020Q1 で Origin Trials の受付を終了
- 2020Q2 で Origin Trials も終了
- Extend Origin Trial: Web Locks API
- Experiment: Stale-While-Revalidate
- Experiment: Feature Policy JavaScript API
-
Ship: Intervention Reports
-
Team Weekly Snippet
- Platform Architecture Snippet
- v8
-
Other
- Current status: display locking
-
Using page speed in mobile search ranking
- https://webmasters.googleblog.com/2018/01/using-page-speed-in-mobile-search.html
- https://webmaster-ja.googleblog.com/2018/01/using-page-speed-in-mobile-search.html
- 1 月にアナウンスされたこれが 7/9 にロールアウトされた
- ページの読み込み速度をモバイル検索のランキング要素として使用する
-
Life of a Pixel 2018
- https://docs.google.com/presentation/d/1boPxbgNrTU0ddsc144rcXayGA_WF53k96imRH8Mp34Y/edit#slide=id.p
- blink 内での描画 (layout - paint - composition) の流れを解説
-
We are planning on deprecate and remove Shadow DOM v0 and Custom Elements v0 from Blink.
- https://twitter.com/shadow_hayato/status/1016911248863080448
- They are only available on Google Chrome. NOT Web
- Cross-Origin Read Blocking for Web Developers
- Track development with the new AMP Roadmap
- Chrome の左上に謎のスイッチ
- Introduction to Feature Policy
- More native echo cancellation!
- AudioWorklet Design Pattern
-
Experimenting with First Input Delay in the Chrome UX Report
- https://developers.google.com/web/updates/2018/07/first-input-delay-in-crux
- Chrome UX Report に FID が載って検索できるように
- PWACompat: the Web App Manifest for all browsers
- Introducing NoState Prefetch
- Page Lifecycle API
- Speed is now a landing page factor for Google Search and Ads
- Site Isolation for web developers
-
Site Isolation
- 6 年越しの大プロジェクトが Chrome 67 でローンチ
- バウンティーの賞金も高い
- https://twitter.com/justinschuh/status/1017090324592652288
- https://twitter.com/kinu/status/1017683220735750144
-
ReportingObserver: know your code health
- https://developers.google.com/web/updates/2018/07/reportingobserver
- 導入してるけど Report が JSON serializable ではないので報告中
Firefox 動向
- Stable: 61
-
Updates
- These Weeks in Firefox: Issue 40
- These Weeks in Firefox: Issue 41
-
Intents
- Ship: Microsoft JhengHei as default Traditional Chinese locale font of sans serif on Windows
- Ship: Logical properties in computed style objects
- Ship: block audible autoplay media intervention
- Ship: Changes to how offset*, client*, scroll* behave on tables
- Ship: Web Animations core interfaces
- Ship: Clear-Site-Data header
- Ship: Change the effect of noopener window feature on other window features in window.open
- Implement and Ship: Image decoding attribute
- Implement and Ship: CSS prefers-reduced-motion media feature for Windows and MacOSX
- Implement and Ship: HTMLMediaElement.allowedToPlay
- Implement and Ship: WebXR Device API in Firefox Nightly
- Implement: Visual Viewport API
-
Implement: Scrollbar color properties
- https://groups.google.com/forum/#!msg/mozilla.dev.platform/X_tv4aH4NxQ/w497k6J7CQAJ
- scrollbar-face-color/scrollbar-track-color
::-webkit-scrollbar-*をもっと良くして標準化したもの
-
Unship: explicit
<angle>values in image-orientation - Unship: Web animations composite modes on keyframes
- Unship: display: -moz-box and display: -moz-inline-box from content pages.
-
Remove: the 'Memory usage of Subprocesses' table from about:performance
- https://groups.google.com/forum/#!msg/mozilla.dev.platform/DEJsPnsUtYk/XJ6cc8xPCgAJ
- パフォーマンスに影響がある一方、わかったところでできることが少ないので消す。
- Disable Metadata
- Site Compat
-
Other
- Dark Theme Darkening: Better Theming for Firefox Quantum
- Introducing Firefox's First Mobile Test Pilot Experiments: Lockbox and Notes
-
Progressive Web Apps in the HTTP Archive
- https://medium.com/dev-channel/progressive-web-apps-in-the-http-archive-614d4bcf81fe
- HTTP Archive が PWA 対応したのかと思ったら違った
- HTTP Archive から PWA 対応サイトのデータを取り出す Big Query の解説
- Modern codecs like AV1 can bring better quality video to the open web
- PSA: Automated code analysis now also in Phabricator
- 360 ° Images on the Web, the Easy Way
- Firefox Performance Update #10
- Developer Outreach - Web Platform Research and Recommendations
- Web Replay landed in Firefox nightly
- mozilla-central: changeset 429458:647fdd384a5e - Bug 1461465 - Implement async Clipboard APIs, r=nika,r=enndeakin
-
mozilla-inbound: changeset 427436:7d8ce14346a3 - Bug 1476853 - Enable block autoplay on Nightly only on desktop. r=jya
- https://hg.mozilla.org/integration/mozilla-inbound/rev/7d8ce14346a3
- ビデオの autoplay 無効化が入った
- mozilla-inbound: changeset 427757:62fd708ed9d9 - Bug 1470111 - Enable Clear-Site-Data header by default, r=ckerschb
-
mozilla-inbound: changeset 427926:bc2538dade14 - Bug 1365045 - Introduce keywords for prefers-reduced-motion. r=heycam
- https://hg.mozilla.org/integration/mozilla-inbound/rev/bc2538dade14
- Media Queries Lv5 の prefers-reduced-motion
- Evolving the Firefox Brand - Mozilla Open Design
-
Update on the Distrust of Symantec TLS Certificates
- https://blog.mozilla.org/security/2018/07/30/update-on-the-distrust-of-symantec-tls-certificates/
- https://support.apple.com/en-us/HT208860
- Beta - September 5
- Release - October 23
Safari 動向
- Stable: 11.1
- Safari Technology Preview 60
-
Safari Technology Preview 61
- https://webkit.org/blog/8365/release-notes-for-safari-technology-preview-61/
- Enabled Link Preload by default in the Experimental Features menu (r233263)
- Implemented support for Element.toggleAttribute (r233475) blog
- Made fetch() use "same-origin" credentials by default (r233720)
- Other
Edge 動向
- Stable: 17
- Status Updates
- EdgeHTML
-
Build Changelog
-
Announcing Windows 10 Insider Preview Build 17723 and Build 18204
- https://blogs.windows.com/windowsexperience/2018/07/25/announcing-windows-10-insider-preview-build-17723-and-build-18204/
- XSS Filter が終了する
- Filter のせいで XSS が発生したりと潜在的な危険性もあった
- 作った人が Google に行っちゃったり、メンテできる人も少なそう
- 更新されてないし、 CSP もあるから消されたっぽい
- でも段階的な緩和や事前アナウンスなしでいきなりはどうなの?
- MS の独自機能史上もっともクソな機能だったと思う
-
Announcing Windows 10 Insider Preview Build 17723 and Build 18204
- Chakra
-
Other
- Upcoming changes to Exchange Web Services (EWS) API for Office 365
- Windows 10 Tip: Yikes, stop that sound! Mute-a-tab in Microsoft Edge
- Getting started with IndexedDB inspection in the Microsoft Edge DevTools
- 2018 年 7 月の Internet Explorer / Microsoft Edge の累積的なセキュリティ更新プログラムを公開しました
- Internet Explorer の今後について
- Introducing Web Authentication in Microsoft Edge
WHATWG/W3C 動向
- TAG Meeting
- Recommendation
- Proposed Recommendation
-
Candidate Recommendation
- W3C Invites Implementations of Identifiers for WebRTC's Statistics API
- W3C Invites Implementations of CSS Text Decoration Module Level 3
- Payment Request API
- User Timing Level 2
- TTML Profiles for Internet Media Subtitles and Captions 1.1
-
Working Draft
- ACT Rules Format 1.0 Final Working Draft
- Draft update to Inaccessibility of CAPTCHA
- Updated WD of the CSS Overflow Module Level 3
-
First Public Working Draft
- First Public Working Drafts: WebRTC DSCP Control API; MediaStreamTrack Content Hints
- First Public Working Drafts: WAI-ARIA 1.2, Core-AAM 1.2, and ARIA Practices 1.2
-
Chartering
- Proposed W3C Charter: Web Performance Working Group
-
Other
-
Changes to WebPlat editors from L é onie Watson
- https://lists.w3.org/Archives/Public/public-html/2018Jul/0004.html
- HTML Accessibility API Mappings と W3C HTML5 仕様の Editor が幾人か入れ替わる
-
W3C launches Internationalization Initiative
- https://www.w3.org/blog/news/archives/7156
- https://www.w3.org/2018/07/pressrelease-i18n-initiative.html.en
- https://www.w3.org/2018/07/pressrelease-i18n-initiative.html.ja
- https://www.w3.org/blog/International/2018/07/10/w3c-launches-internationalization-initiative/
- i18n の作業を行う Internationalization Activity が Initiative に格上げ
- Web Authentication WG Meeting Agenda
- W3C Workshop Report: Web5G: Aligning evolutions of network and Web technologies
- [Houdini] Minutes Sydney F2F 2018-07-02 Part I: Properties and Values, Layout API
- [Houdini] Minutes Sydney F2F 2018-07-02 Part II: Layout API, Typed OM, Custom Paint
-
PSA: RTCRtpTransceiver shipping in M69 behind sdpSemantics:'unified-plan'
- https://groups.google.com/forum/#!msg/discuss-webrtc/zMB1aL6eZ1Q/gVVQ_4rSBAAJ
- Chrome の Unified Plan 対応の続報
- W3C Workshop on Permissions and User Consent
-
[css-nesting] request to pick up the css-nesting proposal
- https://github.com/w3c/csswg-drafts/issues/2701#issuecomment-402392212
- Sass みたいなブロックのネストをする nesting プロポーザルがなぜか突如 ED になることに
-
Changes to WebPlat editors from L é onie Watson
TC39 動向
- Meeting
-
Proposals Diff
- https://github.com/tc39/proposals/compare/master@{2018-07-01}...master@{2018-08-01}
-
0->1
-
Explicit Resource Management
- https://github.com/rbuckton/proposal-using-statement
- 明示的なリソース(memory, I/O) の解放
- Dynamic Modules
- JavaScript Standard Library
-
Explicit Resource Management
-
1->2
- ArrayBuffer.prototype.transfer
- Intl.DateFormat.prototype.formatRange (ecma402)
- RegExp Match array offsets
-
2->3
- Object.fromEntries
- 3->4
-
New Proposals
-
Promise.allSettled
- https://github.com/jasonwilliams/proposal-promise-allSettled
- resolve/reject どっちでもいいから全部終わったら結果を配列で返す
-
msaboff/JavaScript-Standard-Library
- https://github.com/msaboff/JavaScript-Standard-Library
- std:xxxx で標準ライブラリを定義する
-
Promise.allSettled
-
Other
- npm Joins ECMA International and TC39
-
The Future of JS
- https://docs.google.com/presentation/d/179v41LMaEXDxaD-piSgYVi6btFJoNoeYVncXe0172GM/edit#slide=id.p
- 現状の ES Proposals 全部を実装したらどうなるかというまとめ
- 提案は簡単だが実装は大変だ、という話
- 記号の取り合い問題
IETF 動向
-
IETF 102
- IETF 102 preliminary & interim materials
-
HTTP WG
- https://datatracker.ietf.org/meeting/102/materials/agenda-102-httpbis-05
- https://datatracker.ietf.org/meeting/102/materials/minutes-102-httpbis-00
-
https://github.com/httpwg/wg-materials/tree/gh-pages/ietf102
- https://twitter.com/mnot/status/1020081206023663616
- A really big week in @http_wg!
- @estark37's Expect-CT shipped to the IESG
- @igrigorik's Client Hints is in WGLC
- @johnwilander joined @mikewest to edit the Cookie spec
- @grittygrease presented CDN-Loop
- @jreschke and @fielding continued work on HTTP's core.
- Great progress.
- QUIC WG
- TLS WG
- Web Packaging Agenda
-
RFC
- RFC 5289 - TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode (GCM)
- RFC 8417 - Security Event Token (SET)
- RFC 8445 - Interactive Connectivity Establishment (ICE)
-
IETF Last Call
- Expect-CT Extension for HTTP to Experimental RFC
-
WG Last Call
- draft-ietf-httpbis-client-hints-06
- Call for Adoption
-
I-D Action
- I-D Action: draft-ietf-httpbis-cache-02.txt
- I-D Action: draft-ietf-httpbis-semantics-02.txt
- I-D Action: draft-ietf-httpbis-messaging-02.txt
-
Draft
- ACME Challenges Using an Authority Token
- The Open Trust Protocol (OTrP)
- Bundle Protocol Agent Application Data Model
- Bundle Protocol Security Application Data Model
- Concise Identities
- Babel Cryptographic Authentification
- DNS Privacy Considerations
- DOH Digests
- Ed25519 and Ed 448 public key algorithms for the Secure Shell (SSH) protocol
- Network Time Protocol: Secure Network Time
- Network Time Protocol: TCP Services
- Network Time Protocol: TCP Services: Key Exchange
- Roadmap to a Networkless World
- Network Monitoring Protocol (NMP)
- Implementation notes for RFC 7991, "The 'xml2rfc' Version 3 Vocabulary"
- Transport Network aware Mobility for 5G
- AR/VR and ICN
- Captive-Portal Identification in DHCP / RA
- Flexible Session Protocol
- OAuth 2.0 Token Revocation List
- Alternatives to the RFC++ "Switch Labels" Proposal
- DoHPE: DoH with Privacy Enhancements
- Subject Identifiers for Security Event Tokens
- Human Rights as a Service (HRaaS)
- Encrypted Server Name Indication for TLS 1.3
- TLS 1.3 Extension for Certificate-based Authentication with an External Pre-Shared Key
- Security for 5G
-
Other
-
everyRFC
- https://everyrfc.org/
- RFC の検索サービス
-
mnot's blog: How to Read an RFC
- https://www.mnot.net/blog/2018/07/31/read_rfc
- RFC の読み方
- RFC というフォーマットをどう読み解くかなどが書かれている
-
everyRFC
セキュリティ動向
-
HTTP Security Headers Analysis of Top One Million Websites
- https://ccdcoe.org/sites/default/files/multimedia/pdf/Art%2018%20HTTP%20Security%20Headers%20Analysis%20of%20Top%20One%20Million%20Websites.pdf
- alexa top 1 million でセキュリティ系ヘッダを調査
- HSTS は https 対応サイトのうち 38%、全体では 17.5%
- CSP は全体で 1.6%
- httponly cookie は http: 55.4% https: 42.7%
- secure cookie は 19.3%
- etc
-
内閣サイバー(注意・警戒情報)さんの注意喚起
- https://twitter.com/nisc_forecast/status/1016246248649605121
- 00000JAPAN は暗号化されてないので注意して使ってほしい
-
Incident report: npm, Inc. operations incident of July 12, 2018
- https://blog.npmjs.org/post/175824896885/incident-report-npm-inc-operations-incident-of
- npm のパッケージに npmrc を盗み出すコードが含まれていた
- 特定のバージョンの webpack などを入れている人が影響
- 2 要素認証などを有効にしておくべき
- Into the Borg - SSRF inside Google production network
周辺動向
- A2O, a converter from iOS app to web app, is now open source
- インド首相の Narendra Modi が自分サイトが PWA 対応したことをツイート
-
Feature Policy Kitchen Sink
- https://feature-policy-demos.appspot.com/
- Feature Policy のデモページ
-
How to drop 10 million packets per second
- https://blog.cloudflare.com/how-to-drop-10-million-packets/
- Cloudflare による、 DDoS 対策にパケットを落とす方法
- Web Architecture 101 - VideoBlocks Product & Engineering
-
The CSS Paint API
- https://css-tricks.com/the-css-paint-api/
- Paint API の解説
-
EFF to Japan: Reject Website Blocking
- https://www.eff.org/deeplinks/2018/07/eff-japan-reject-website-blocking
- 電子フロンティア財団からブロッキングの取り下げるべきという声明
-
YouTube が Chrome 以外で遅い問題 (tweet by Chris Peterson)
- https://twitter.com/cpeterso/status/1021626510296285185
- Chrome 以外は Shadow DOM v0 がないから Polyfill が使われるのが原因
- Progressive Enhancement ではあるが、影響が大きすぎた
- とはいえ v1 が出た今から他のブラウザが v0 実装する必要はない
- YouTube の Polymer も 1 系だったし YouTube の方針転換もちょっと微妙だったかも
- Web には 9K 近くの API がある。 (そのうち 76% が MDN に載ってる)
-
Removing Babel's Stage Presets
- https://babeljs.io/blog/2018/07/27/removing-babels-stage-presets
- ES のプロポーザルのステージごとに用意された Babel プラグインのプリセットを廃止
- Stage 0 などの早すぎるプロポーザルのプラグインへの危惧("BabelScript"化)や、 Stage 3 から 4 になる際にプラグインを抜く関係で breaking change が起こるなど、メンテナンスの問題も
- The Road to QUIC
- What are the pain points for web designers?
-
The death of a TLD
- https://blog.benjojo.co.uk/post/the-death-of-a-tld
- Sony が .xperia を持ってたんだけど消したとのこと
- 他にも結構な TLD が過去に消えているらしい
イベント
-
7 月
- 14-20: IETF 102
- 8 月
-
9 月
- 18-19: W3C Digital Publication Layout and Presentation (from Manga to Magazines)
- 25-26: AMP Contributor Summit
-
10 月
- 22-26: TPAC 2018 Lyon
- webkit contributors summit
- 11 月
- 12-14: Chrome Dev Summit