ep41 Monthly Web 201808
- published_at
- 2018-09-09
- guest
- @myakura
- toc
-
headings
Theme
第 41 回のテーマは 2018 年 8 月の Monthly Web です。
Show Note
Chrome 動向
- Stable: 68
-
Updates
-
What's New In DevTools (Chrome 70)
- https://developers.google.com/web/updates/2018/08/devtools
- 主に I/O で発表された機能
- Live Expressions in the Console.
- Highlight DOM nodes during Eager Evaluation.
- Performance panel optimizations.
- More reliable debugging.
- Enable network throttling from the Command Menu.
- Autocomplete Conditional Breakpoints.
- Break on AudioContext events.
- Debug Node.js apps with ndb. (node-inspector の後継)
-
Deprecations and removals in Chrome 69
- https://developers.google.com/web/updates/2018/08/chrome-69-deps-rems
- Removal of document.createTouchList()
- The window.confirm() method no longer activates its parent tab
-
Audio/Video Updates in Chrome 69
- https://developers.google.com/web/updates/2018/08/chrome-69-media-updates
- Chrome supports AV1 video decoding.
- Querying which encryption schemes are supported through EME is now available.
- Web developers can experiment with querying whether a certain HDCP policy can be enforced.
- Media Source Extensions now use PTS for buffered ranges and duration values.
- Android Go users can open downloaded audio, video and images in Chrome.
- Stalled events for media elements using MSE are removed.
-
Chromium Blog: Chrome 69 Beta: CSS tricks, and more
- https://blog.chromium.org/2018/08/chrome-69-beta-av1-video-decoder-css.html
- Conic gradients: linear(線形)/radial(放射)に次ぐ円錐グラデーション
- margin/padding/border に logical properties
- CSS scroll snap
- Display cutouts
- offscreen canvas
- Element.toggleAttribute()
- Fetch API: Request.isHistoryNavigation
- ReportingObserver API
- Array.prototype.flat()
- Keyboard Map API
- "rtt", "downlink", and "ect" client hint values
- Media: Querying encryption scheme support through EME
- Mid-ligature text selection
- Web Locks API
- Web Authentication now supports CTAP2 FIDO devices
- Removal of 'stalled' event from HTMLMediaElements that use Media Source Extensions
- Removal of document.createTouchList
- The window.confirm() method no longer activates its parent tab
- etc
-
What's New In DevTools (Chrome 70)
-
Intents
- Ship: MediaStreamTrack Content Hint
- Ship: Support codec and container switching with MSE using SourceBuffer.changeType()
-
Ship: Unprefixed Fullscreen API with FullscreenOptions
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/ODzbWn-xRrQ/dhkJzD8-CgAJ
- どのエンジンでも接頭辞がついていた Fullscreen API がついに接頭辞無しで ship の予定
- Ship: Permission Delegation in M71
- Ship: [Intervention] Freezing task queues in background on mobile
- Ship: TextMetrics API in Canvas
-
Ship: globalThis
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/6fxzDrO-9Oc/Pm4cGt8qBAAJ
- 環境により window, self, this, frames, global だったりするので、共通して globalThis にするのを検討中
- global だと互換性の問題があったらしい
- Implement and Ship: TLS 1.3
- Implement and Ship: PostMessageOptions and WindowPostMessageOptions dictionary for postMessage methods
-
Implement and Ship: 'name' attribute for dedicated workers
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/aZ804HggENE/WwWgDrz4DgAJ
- chrome tokyo チームのインターン d0iasm さんの成果
const worker = new Worker('worker.js', { name: 'worker-name' });console.log(self.name); // worker_name
- Implement and Ship: Support Opus in mp4 (ISO-BMFF) with Media Source Extensions (MSE)
- Implement and Ship: Displaying a dialog will cause pages to lose fullscreen
- Implement and Ship: "persistent-storage" support for Permission API's query() method
- Implement and Ship: Additional safelisted schemes for "registerProtocolHandler"
- Implement: Screen Capture
- Implement: Increase the gamepad polling interval to 250 Hz
- Implement: Treat Document Level Wheel/Mousewheel Event Listeners as Passive
- Implement: hreftranslate attribute
-
Implement: Feature Policy Violation Reporting
- Feature Policy によるブロックを Reporting で送る
- 以前 GitHub で提案したものが通った模様
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/5-3woY4Y1Qg/xHDTmUFAEAAJ
- https://github.com/WICG/feature-policy/blob/master/reporting.md
- https://github.com/WICG/feature-policy/issues/142
-
Implement: Searchable Invisible DOM
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/Icw_sU6PqVA/8hwXw0jTDwAJ
- https://docs.google.com/document/d/1GYTt6G8G0gNO0U90uHywTi2Fn1YqI9JERyn44f9lmU0/edit
- データを DOM として layout/paint しないでメモリに持ちたい
- しかし、検索できなくなるので、これを検索できるようにする
- まだアイデア段階で仕様も途中
-
Implement: Writable Files
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/U4rXcm5CE4Y/3XmVtoAPDwAJ
- 画像処理やテキストエディタ作る上で、ファイル保存したい
- まだ仕様がはっきりしてない API
- Chrome の既存の Filesystem API をラップして実現する模様
- まだ、どのようなセキュリティモデルで実装するかも決まってない
-
Implement: Feature Policy 'lazyload'
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/yCGhf7EA1Zs/70_NL0AEDwAJ
<img>,<iframe>への lazyload 属性を有効にする Feature Policy- default が auto でクライアントの決定に依存するものとなる
- つまり将来的にクライアントのデフォルトを lazyload にできる可能性があるということか
-
Implement: Feature Policy: animations
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/nRNPNwlRS6E/iLB-b5H6DAAJ
- うざいアニメーションがパフォーマンスを阻害しないように off にする目的
<iframe>のデフォルトは allow
-
Implement: pointerrawmove
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/84RGJvm_PMM/bYh0Ehv1DgAJ
- 通常 pointermove イベントは rAF に沿って発火する
- そのため最悪 1 フレームくらいずれる
- うれしくないケースもあるので、すぐ発火するイベントが提案された
- https://github.com/w3c/pointerevents/issues/214
-
Implement: intrinsicsize attribute
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/mAwFEMP6JDQ/sTobLh4HDQAJ
- 画像やビデオに intrinsicsize 属性を導入し、アスペクト比を固定させ、リフローを抑制する
- https://github.com/ojanvafai/intrinsicsize-attribute/blob/master/README.md
- Implement: getMemoryEstimateUASpecific
- Implement: Unified V8 & Blink Garbage Collection (aka Unified Heap)
- Experiment: Support codec and container switching with MSE using SourceBuffer.changeType()
- Change:
- Unship:
-
Deprecate and Remove: importScripts() of new scripts after service worker installation
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/a6P-niHWgF4/CtJEHCnKDwAJ
- nhiroki さんによる解説 "Service Worker 上での未インストールスクリプトに対する importScripts()"
- https://nhiroki.jp/2018/08/15/service-worker-import-scripts-after-installation
-
Deprecate: AppCache
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/FvM-qo7BfkI/0daqyD8kCQAJ
- intent が出た段階では期間未定
- AppCache を Service Worker にする polyfill などを整備して、その成功例が出るといいよねという話も
-
Remove: Token Binding
- https://groups.google.com/a/chromium.org/forum/#!msg/net-dev/8QD01FloF1o/en8BzJwRBgAJ
- Ship できてない機能をメンテし続けるコストやセキュリティ上のうまみの少なさもあって削除の intent
- 業界の人がベットしてるから消すなというコメントを書いている
-
Remove: Budget API
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/18r3whCBv0I/b8qrtFTsDAAJ
- blog
- mozilla standard position で無くなっていたことに気づいた
- 対案も出ているが保留 https://discourse.wicg.io/t/proposal-budget-api/1717/7
-
Experiment: WebAssembly Threads
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/41XDSl0-QIU/SuiUjCs4CwAJ
- pthreads-style shared memory: shared memory between threads, atomics and mutexes.
- Start: M70 Beta / End: ~M73 Stable
- Experiment: Expose legacy performance.memory JavaScript counters
-
Team Weekly Snippet
- Loading (blink-dev)
- Storage (blink-dev)
- Platform Architecture (blink-dev)
- Layout (layout-dev)
-
v8
- V8 JavaScript Engine: V8 release v6.9
- V8 JavaScript Engine: Embedded builtins
- V8 JavaScript Engine: Liftoff: a new baseline compiler for WebAssembly in V8
-
Other
-
Well-Controlled Scrolling with CSS Scroll Snap
- https://developers.google.com/web/updates/2018/07/css-scroll-snap
- スクロールしたときに box の start/center/end で揃えて止める
- Input-Dev Update for Aug 1, 2018
- Custom site performance reports with the CrUX Dashboard
- How Blink works
- Web Payments, Payment Request API and Google Pay
-
Service Worker Caching Strategies Based on Request Types
- https://medium.com/dev-channel/service-worker-caching-strategies-based-on-request-types-57411dd7652c
- URL ベースのキャッシュではなく Request.destination ベースにすると良いという話
- "image", "font", "script" etc
- 値が空文字になる場合などに注意
-
Developer Advocate, Chrome Extensions - Google - 1600 Amphitheatre Pkwy, Mountain View, CA 94043 - Google Careers
- https://careers.google.com/jobs#!t=jo&jid=/google/developer-advocate-chrome-extensions-1600-amphitheatre-pkwy-mountain-view-ca-4190870132
- Chrome 拡張の Developer Advocate 募集中らしい
- Custom site performance reports with the CrUX Dashboard
-
OffscreenCanvas - Speed up Your Canvas Operations with a Web Worker
- https://developers.google.com/web/updates/2018/08/offscreen-canvas
- canvas の off the main thread
- Web Performance Made Easy: Google I/O 2018 edition
- Extending the browser with WebAssembly
- Emscripten's embind
- New top-level HTTP Archive Report on Progressive Web Apps
-
Chromium Blog: Charting Browser Interoperability
- https://blog.chromium.org/2018/08/charting-browser-interoperability.html
- API の実装状況を機械的に調べチャートにするプロジェクト
-
Google Online Security Blog: Google Public DNS turns 8.8.8.8 years old
- https://security.googleblog.com/2018/08/google-public-dns-turns-8888-years-old.html
- https://blog.apnic.net/2018/08/14/passive-observations-of-a-large-dns-service/
- 2009 年以来運用している最大の Public DNS 8.8.8.8 に関する知見
-
Well-Controlled Scrolling with CSS Scroll Snap
Firefox 動向
- Stable: 61
-
Updates
- These Weeks in Firefox: Issue 42
-
These Weeks in Firefox: Issue 43
- https://blog.nightly.mozilla.org/2018/08/23/these-weeks-in-firefox-issue-43/
- Tracking Protection が Content Blocking に改称
- These Weeks in Firefox: Issue 44
-
Extensions in Firefox 63 | Mozilla Add-ons Blog
- https://blog.mozilla.org/addons/2018/08/31/extensions-in-firefox-63/
- 拡張視点の記事だが、 Async Clipboard API やタブの複数選択など、 Firefox 63 で導入される機能に触れている
-
Intents
- Ship MediaSource SourceBuffer.changeType
-
Ship '-webkit-appearance' and changes to '-moz-appearance' values
- https://groups.google.com/forum/#!msg/mozilla.dev.platform/Fq6OH5SWeRo/lxHDXFnwCQAJ
-webkit-appearanceしか指定しないサイトが多いので、 -moz-appearance のエイリアスにする
-
Ship: Enable
navigator.clipboard.*APIs by default- https://groups.google.com/forum/#!msg/mozilla.dev.platform/ef7O7PrmNh0/qy8k9HDjCQAJ
- Async Clipboard API が有効に
- readText() は残念ながら拡張でしか使えない
- Permission API との連携がされてないのが一因か
- Ship: Shadow DOM and Custom Elements
- Implement and Ship: flow-relative values for resize property
- Implement: Motion Path Module Level 1
- Implement: CSS property scrollbar-width
- Implement: accept arbitrary webkit-prefixed pseudo-element in selectors
- Implement: Suppress exception/error reporting when loading an unknown external protocol
-
Unship:
::-moz-treepseudo-elements. -
Unship:
overflow: -moz-scrollbars-*values - Remove: isRemote member in WebRTC getStats() results
- Remove DHE ciphers from WebRTC DTLS handshake
-
Site Compat
- sidebar link type is no longer supported
- image-orientation property no longer accepts angle values
-
::-moz-treepseudo-elements have been deprecated -
display:-moz-boxanddisplay:-moz-inline-boxhave been deprecated - RTCRTPStreamStats.isRemote has been deprecated
- window.event has been added for compatibility, but some browser detections are broken (Affecting)
- Several non-standard overflow property values have been dropped
-
URL.createObjectURL()is no longer available in service workers - navigator.platform now returns "Win32" even on 64-bit Firefox
-
offset-*logical properties have been renamed toinset-* -
getComputedStyle()no longer returns null when style can't be retrieved - Firefox-specific HTML editing UI has been deprecated
- overflow shorthand syntax has been updated to swap 2 values
- IndexedDB serialization support has been removed from WebAssembly.Module
- noopener option for window.open() no longer affects other window features
- Firefox 62 is shipping in 3 weeks with 2 known compatibility issues
- Support for window.event and Event.returnValue has been added (Affecting)
- RTCRtpTransceiver.mid now returns media ID without prefix (Affecting)
-
Other
- Prioritizing media documentation
- JS builds now depend on Rust
- Things Gateway 0.5 packed full of new features, including experimental smart assistant - Mozilla Hacks
- Firefox Offers Recommendations with Latest Test Pilot Experiment: Advance - The Mozilla Blog
- The Video Wars of 2027
- AV1 and the Video Wars of 2027 - The Mozilla Blog
- Dweb: Social Feeds with Secure Scuttlebutt
- Symantec Distrust in Firefox Nightly 63 - Firefox Nightly News
-
MDN Changelog for July 2018: CDN tests, Goodbye Zones, and BCD - Mozilla Hacks - the Web developer blog
- https://hacks.mozilla.org/2018/08/mdn-changelog-for-july-2018-cdn-tests-goodbye-zones-and-bcd/
- Experimented with the CDN
- Decommissioned zones
- Converted compatibility data
- Shipped tweaks and fixes by merging 307 pull requests, including 58 pull requests from 43 new contributors.
-
The short history of the "about:" URL
- http://www.montulli.org/lou/about_urls
about:という URL ができた経緯- NN 時代にジョークで入れたものが継承され使われている
about:blankあたりから重要な機能が入っていく
-
ungleich Blog - Mozilla's new DNS resolution is dangerous
- https://blog.ungleich.ch/en-us/cms/blog/2018/08/04/mozillas-new-dns-resolution-is-dangerous/
- Firefox が実験中の DoH で、 TRR (Trusted Recursive Resolver) に(広く使われている) Cloudflare を使うのは SPOF になるよねという批判
- システムの DNS 設定も上書きするのでデフォルトにするのはよくないとも
-
Firefox Nightly Secure DNS Experimental Results
- https://blog.nightly.mozilla.org/2018/08/28/firefox-nightly-secure-dns-experimental-results/
- query は 6ms くらい遅くなる
- もともと速い DNS はそのまま
- 遅い 20% の DNS は速くなる
-
1484006 - Sites getting MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED errors in Firefox 63 due to Symantec distrust enforcement
- https://bugzilla.mozilla.org/show_bug.cgi?id=1484006
- Symantec distrust で見られなくなっているサイトを報告する場所
-
Changing Our Approach to Anti-tracking - Future Releases
- https://blog.mozilla.org/futurereleases/2018/08/30/changing-our-approach-to-anti-tracking/
- 遅いトラッキングスクリプト、サードパーティのトラッキングスクリプト、クリプトマイナーなどをデフォルトでブロックする方針に
- 試験中。早ければ遅いトラッキングスクリプトのブロックが Firefox 63 、サードパーティのトラッキングスクリプトのブロックが Firefox 65 から
-
Let's be Transparent - The Mozilla Blog
- https://blog.mozilla.org/blog/2018/08/28/lets-be-transparent/
- Telemetry で得られたデータをグラフ化、 Firefox Hardware Report の後継となる Firefox Public Data Report を公開
- https://data.firefox.com/
-
Bug 1471947, bug 1471948 - Enable Shadow DOM and Custom Elements in release builds, r=ehsan, emilio
- https://hg.mozilla.org/integration/mozilla-inbound/rev/16daef3a89a2
- Shadow DOM と Custom Elements が Firefox 63 で ship
- Bug 1469019 - Object.fromEntries. r=evilpie, r=peterv
- Password managers: Please make sure AutoFill is secure!
- Dweb:IPFS による Web への協力と信頼の構築
Safari 動向
- Stable: 11.1.2
-
Release Notes for Safari Technology Preview 64
- https://webkit.org/blog/8406/release-notes-for-safari-technology-preview-64/
- Added support for a "name" option for dedicated workers (r235159)
- Changed to use eTLD+1s, not full host names, when granting storage access (r235145)
-
A user gesture, such as a mouse click, is now required to request the user's permission to send Safari Push Notifications
- ページを表示しただけじゃ Safari Push Notification の Permission が出ない
- Safari Push Notifications は Web Push ではない macOS だけのプッシュ通知システム
-
Allowed videos served from youtube-nocookie.com to display and play in Safari Reader
- 本家のやってる cookie なし埋め込み用のドメイン
-
Release Notes for Safari Technology Preview 63
- https://webkit.org/blog/8403/release-notes-for-safari-technology-preview-63/
- customElements.upgrade()
- xlink-less href on SVG elements
-
Release Notes for Safari Technology Preview 62
- https://webkit.org/blog/8384/release-notes-for-safari-technology-preview-62/
- Added an experimental ITP Debug Mode
- Added support for calc() in CSS Grid gutter properties
- etc
-
Other
- ITP Debug Mode in Safari Technology Preview 62
-
Changeset 235480 - WebKit - Add a runtime flag for WebRTC unified plan
- https://trac.webkit.org/changeset/235480/webkit
- WebKit でも Unified Plan 対応の流れ
-
Changeset 235589 - WebKit - Implement Object.fromEntries
- https://trac.webkit.org/changeset/235589/webkit
- Stage 3 になった Object.fromEntries() を実装
- Chrome の人が Intersection Observer を実装中
Edge 動向
- Stable: Microsoft Edge 42 / Edge EdgeHTML17
-
Status Updates
- https://github.com/MicrosoftEdge/Status/compare/production@{2018-08-01}...production@{2018-09-01}
- generic sensor api 系が under consideration で追加された
- EdgeHTML
- Build Changelog
-
Chakra
- Release ChakraCore v1.10.2 · Microsoft/ChakraCore
- Release ChakraCore v1.11.0 · Microsoft/ChakraCore
-
Other
- Announcing Windows 10 Insider Preview Build 17730 - Windows Experience Blog
- Announcing Windows 10 Insider Preview Build 17738 - Windows Experience Blog
-
Announcing Windows 10 Insider Preview Build 18214 - Windows Experience Blog
- https://blogs.windows.com/windowsexperience/2018/08/10/announcing-windows-10-insider-preview-build-18214/#Lsl45LRlYsQyE0Ug.97
- Windows 10 Microsoft Edge clients will take advantage of connection coalescing for HTTP/2 as supported in Windows Server 2019
- Improved security on Microsoft Edge browsers by guaranteeing HTTP/2 preferred cipher suites
- Improved performance on Windows 10 thanks to Cubic, the new default TCP congestion provider
-
Announcing Windows Server 2019 Insider Preview Build 17733 - Windows Experience Blog
- https://blogs.windows.com/windowsexperience/2018/08/14/announcing-windows-server-2019-insider-preview-build-17733/
- Microsoft Edge on Windows 10 clients taking advantage of connection coalescing for HTTP/2, as supported by Windows Server 2019.
- Improved security in Microsoft Edge browsers due to guaranteeing HTTP/2 preferred cipher suites.
- Improved performance on Windows 10 due to Cubic, the new default TCP congestion provider.
- 2018 年 8 月の Internet Explorer / Microsoft Edge の累積的なセキュリティ更新プログラムを公開しました - Japan IE Support Team Blog
WHATWG/W3C 動向
- Recommendation
-
Proposed Recommendation
- Call for Review: CSS Fonts Module Level 3
-
Candidate Recommendation
- Scalable Vector Graphics (SVG) 2
- Web Authentication: An API for accessing Public Key Credentials Level 1
- CSS Painting API Level 1
- Timed Text Markup Language 1 (TTML1) (Third Edition)
- CSS Scroll Snap Module Level 1
- CSS Values and Units Module Level 3
- Timed Text Markup Language 2 (TTML2)
- CSS Display Module Level 3
- CSS Cascading and Inheritance Level 3; Level 4
-
Working Draft
- CSS Logical Properties and Values Level 1
-
CSS Box Model Level 3
- https://www.w3.org/blog/CSS/2018/08/09/css-box-3-rescoped/
- https://www.w3.org/TR/2018/WD-css-box-3-20180809/
- CSS2 の margin, padding の定義をもってきて、用語だけ Level 3 にあわせたドラフト
-
First Public Working Draft
- CSS Values and Units Level 4 FPWD
- Geolocation Sensor
-
Chartering (Working Group, Bussiness Group, etc)
- Immersive Web Working Group
-
Chartering (Community Group)
- Interlinear Text Layout Community Group created
- Positive Workforce Environment Community Group created
-
Other
- New version of the Roadmap of Web Applications on Mobile
- How to define APIs only for custom element authors · Issue #758 · w3c/webcomponents
- CSS Modules · Issue #759 · w3c/webcomponents
- API for hinting translation to native UA component - dtapuska/html-translate
-
Setting up constants via proxies
- http://2ality.com/2018/08/enums-via-proxies.html
- Proxy API で const (enum) を実現する方法
- Cookie controls? from Yoav Weiss
-
Anne van Kesteren on Twitter: "Apparently there's quite a bit of demand for a more ergonomic way to set a URL's query with fetch(). Appreciate feedback on naming, replacing or appending to the existing query, etc."
- https://twitter.com/annevk/status/1031824798312218624
fetch()でクエリーを渡すのにもっと書きやすい方法が求められているらしい
TC39 動向
- Meeting
- Proposals Diff
-
New Proposals
-
Cancellation - July 2018
- https://docs.google.com/presentation/d/19M7OkW8fr-HBYzgQRDSX77Pn4WmGh_5gPnBV38N3x08/edit
- AbortSignal ベースのキャンセルを ECMAScript に持ってくるための現状
- EventTarget に依存しているため簡単にはいかなそう
-
Optional Chaining for JavaScript
- https://github.com/tc39/proposal-optional-chaining
var street = user.address?.streetvar fooValue = myForm.querySelector('input[name=foo]')?.value
-
Cancellation - July 2018
-
Other
-
Eich and Crockford on the Future of JavaScript: Insight from the Creators of JavaScript and JSON
- Eich 氏と Crockford 氏による将来の JavaScript: JavaScript と JSON の作成者による洞察
- https://www.infoq.com/jp/news/2018/08/eich-crockford-js-future
-
Harmony Day: Ten yours ago today @BrendanEich announced that TC39 was terminating work on ES4 and starting work on ECMAScript Harmony
- https://twitter.com/awbjs/status/1029057495808000001
- ES4 をやめ、 ES 3.1(のちの ES5)をまずやり、大きな機能追加はその後やるという Harmony の方針が決まって 10 年たった
-
Eich and Crockford on the Future of JavaScript: Insight from the Creators of JavaScript and JSON
IETF 動向
-
TLS1.3
- RFC 8446 - The Transport Layer Security (TLS) Protocol Version 1.3
- RFC 8447 - IANA Registry Updates for Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)
- RFC 8449 - Record Size Limit Extension for TLS
- TLS 1.3 Published: in Firefox Today
- A Detailed Look at RFC 8446 (a.k.a. TLS 1.3)
-
Deploying TLS 1.3 at scale with Fizz, a performant open source TLS library - Facebook Code
- https://code.fb.com/networking-traffic/deploying-tls-1-3-at-scale-with-fizz-a-performant-open-source-tls-library/
- Facebook 製 TLS ライブラリ Fizz がオープンソースに
- モバイルアプリですでに使用中、 50% 以上のトラフィックが TLS 1.3
- 1 秒に百万単位で TLS 1.3 ハンドシェイクが行われている
-
RFC
- RFC 8410 - Algorithm Identifiers for Ed25519, Ed448, X25519, and X448 for Use in the Internet X.509 Public Key Infrastructure
- RFC 8418 - Use of the Elliptic Curve Diffie-Hellman Key Agreement Algorithm with X25519 and X448 in the Cryptographic Message Syntax (CMS)
- RFC 8419 - Use of Edwards-Curve Digital Signature Algorithm (EdDSA) Signatures in the Cryptographic Message Syntax (CMS)
- RFC 8420 - Using the Edwards-Curve Digital Signature Algorithm (EdDSA) in the Internet Key Exchange Protocol Version 2 (IKEv2)
- RFC 8422 - Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) Versions 1.2 and Earlier
- IETF Last Call
- WG Last Call
- Call for Adoption
- I-D Action
-
Draft
- Resource Indicators for OAuth 2.0
- Security for 5G
- The Multihash Data Format
-
CDN Loop Prevention
- https://tools.ietf.org/html/draft-ietf-httpbis-cdn-loop-00
- httpbis の WG ドラフトに
- The secret-token URI Scheme
- Client Application Layer Encryption
- Associating a DoH Server with a Resolver
- CBOR Object Signing and Encryption (COSE) - Structures and Process
-
Other
-
Incrementally better HTTP state management.
- Cookie の代替の草案
- Origin と別のスコープであることの改善など
- https://github.com/mikewest/http-state-tokens
- https://lists.w3.org/Archives/Public/ietf-http-wg/2018JulSep/0184.html
-
In defense of PUSH
- https://lists.w3.org/Archives/Public/ietf-http-wg/2018JulSep/0294.html
- https://lists.w3.org/Archives/Public/ietf-http-wg/2018JulSep/0291.html
- HTTP2 Push みんな使ってないしいらないんじゃね?って話が出てる
- そこに対して、ユースケースなどを持ち出し擁護するスレッドがちらほら
- Dictionary Compression for HTTP (at Facebook)
-
Incrementally better HTTP state management.
セキュリティ動向
- Introducing Web Security Analytics
-
Vulnerability Note VU#962459 - TCP implementations vulnerable to Denial of Service
- Linux カーネル実装の脆弱性により、重い処理を意図して呼び出す DOS の可能性
- https://www.kb.cert.org/vuls/id/962459
- https://www.fastly.com/blog/segmentsmack-response
- Fastly の対応済みレポート、元 Google で QUIC やってる Jana Iyengar
-
Enable Private DNS with 1.1.1.1 on Android 9 Pie
- https://blog.cloudflare.com/enable-private-dns-with-1-1-1-1-on-android-9-pie/
- Android Pie (9.0) でついに DNS の設定が可能になる
- DNS over TLS をサポートしているので、 1.1.1.1 を設定する手順を紹介
-
Practical Web Cache Poisoning
- https://portswigger.net/blog/practical-web-cache-poisoning
- cache poisoning の攻撃パターン
- Cache Poisoning Leveraging Various X-Headers
-
Let's Encrypt Root Trusted By All Major Root Programs
- https://letsencrypt.org/2018/08/06/trusted-by-all-major-root-programs.html
- Google, Apple, Mozilla, Oracle, Blackberry に加え Microsoft でも信頼された
- 直接信頼がよりメジャーになるには少なくとも 5 年の更新サイクルは必要という見積もり
- 引き続き IdenTrust のクロスルートを続ける
周辺動向
- Top web browsers 2018: IE, Edge and Firefox return to the road of ruin | Computerworld
-
PWA: Progressive Web All-the-things - Tales of a Developer Advocate by Paul Kinlan
- https://paul.kinlan.me/pwa-progressive-web-all-the-things/
- PWA とは何かを今一度問い直す話
- dev.to is now open source - DEV Community
- The Future of JavaScript- 2018 and Beyond - Progress
- Google AMP - A 70% drop in our conversion rate. - The Set List - Medium
- WebAssembly: How and why - LogRocket
- WorkerDOM: Concurrency for JavaScript programming with the DOM - Accelerated Mobile Pages Project
-
24-core CPU and I can't type an email (part one) | Random ASCII
- https://randomascii.wordpress.com/2018/08/16/24-core-cpu-and-i-cant-type-an-email-part-one/
- https://gigazine.net/news/20180825-google-engineer-fix-chrome-hang/
- Gmail で Chrome がフリーズした現象のデバッグ記録
- SW が起動停止を繰り返す際に解放されないメモリが溜まった模様
-
Useless CSP
- https://uselesscsp.com/
- メジャーなサイトのダメな CSP を紹介
- Are you leaving revenue on the table with AMP? - Accelerated Mobile Pages Project
イベント
-
9 月
- 18-19: W3C Digital Publication Layout and Presentation (from Manga to Magazines)
- 24-28: Microsoft Ignite 2018
- 25-26: AMP Contributor Summit
- 26-27: W3C Workshop on Permissions and User Consent
-
10 月
- 12: WebKit Contributors Meeting
- 22-26: TPAC 2018 Lyon
-
11 月
- 12-14: Chrome Dev Summit