ep42 Monthly Web 201809
- published_at
- 2018-09-29
- guest
- @myakura
- toc
-
headings
Theme
第 42 回のテーマは 2018 年 9 月の Monthly Web です。
Show Note
Chrome 動向
- Stable: 69 (https://www.chromestatus.com/features/schedule)
-
Updates
-
New in Chrome 69
- https://developers.google.com/web/updates/2018/09/nic69
- 10 才おめでとう
- CSS Scroll Snap
- Display cutouts
- Web Locks API
- conic-gradient()
- toggleAttribute()
- flat() and flatMap()
- OffscreenCanvas
-
Deprecations and removals in Chrome 70
- https://developers.google.com/web/updates/2018/09/chrome-70-deps-rems
- Remove AppCache from insecure contexts
- Remove anonymous getter for HTMLFrameSetElement
- Deprecate and remove Gamepads.item()
- Deprecate Custom Elements v0
- Deprecate HTML Imports
- Deprecate Shadow DOM v0
- Deprecate SpeechSynthesis.speak() without user activation
- Chromium Blog: The 'Capable Web': A 10 Year Retrospective
- Chromium Blog: 10 Years of Chrome DevTools
- Chromium Blog: 10 years of Speed in Chrome
- Chromium Blog: How we designed Chrome 10 years ago
-
Chromium Blog: Chrome 70 beta: shape detection, web authentication, and more
- https://blog.chromium.org/2018/09/chrome-70-beta-shape-detection-web.html
- Face Detection API / Barcode Detection API / Text Detection API
- PublickeyCredential
- Add referrerpolicy support to
<script>elements - Intervention Reports in Reporting Observer
- 'name' attribute for dedicated workers
- ontouch* APIs default to disabled on desktop
- Options dictionary for postMessage methods
- Symbol.prototype.description
- TLS 1.3
- Web Bluetooth available on Windows 10
- WebUSB on Dedicated Workers
- Remove AppCache from insecure contexts.
- Deprecate Custom Elements v0
- Deprecate HTML Imports
- Deprecate Shadow DOM v0
- Audio/Video Updates in Chrome 70
-
Redesigning Chrome: An interview with Chrome's lead designer
- https://www.blog.google/products/chrome/redesigning-chrome-interview-chromes-lead-designer/
- Chrome のデザイン変更についてのインタビュー
- 新しいマテリアルテーマに沿って更新した
- タブが増えても favicon が見えるように
- URL を簡潔に表示
- etc
-
New in Chrome 69
-
Intents
- Ship: TextEncoderStream and TextDecoderStream APIs
- Ship: User Activation API
-
Ship: CSP:
report-todirective - Ship: Intl.RelativeTimeFormat
- Implement and Ship: queueMicrotask
- Implement and Ship: byte-for-byte update check for service worker importScripts() resources
-
Implement and Ship: CSP3:
script-src-attr,script-src-elem,style-src-attr,style-src-elemdirectives - Implement and Ship: Module scripts fetched with same-origin credentials mode by default
-
Implement: ElementTiming for img Elements
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/2twP4Xdd1VI/yFE1pbwVBgAJ
- PerformanceObserver に element timing
- 画像が表示された時点を取れる
-
Implement: Do not apply hover when mouse does not move
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/5BJSTl-FMGY/smiF_uIjBgAJ
- マウスを動かさずスクロールした後に hover を更新するために偽のイベントを定期的に発行している
- これが無駄なのでなくす、テストも楽になり、パフォーマンスも改善
- Implement: Ability to Query User Activation State
-
Implement: Display Locking
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/2Yo590-USNo/7Da9scWwBwAJ
- 一旦ディスプレイをロックし、終わったらロックを解除してそこまでの変更をレイアウト/ペイントする
- Implement: PaymentMethodChange event
- Implement: NavigatorContentUtils.IsProtocolHandlerRegistered API
- Implement: Serial API
- Implement: IndexedDB database enumeration API
- Implement: Crash Reports (via Reporting API)
- Implement: PointerEvent.getPredictedEvents
-
Implement: Gamepad Touchpad
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/cMoPvrdcF0E/bt2Uwsn8BgAJ
- ボタンやスティックを前提とした API を拡張してタッチパッドをサポートする
- Sony の人が出している
- Implement: Expose Web Speech API interfaces
- Experiment:
- Continue Experimenting : WebXR Device API
- Change:
- Unship:
- Remove:
- Remove: speechSynthesis.speak without user activation
- Deprecate and Remove: WebKitAnimationEvent interface
- Deprecate and Remove: cache.addAll() duplicate requests
- Team Weekly Snippet
-
v8
- V8 JavaScript Engine: Celebrating 10 years of V8
- V8 JavaScript Engine: Improving DataView performance in V8
- V8 の Web Site が刷新
-
Other
-
883038 - Feedback: Eliding www/m subdomains - chromium - Monorail
- https://bugs.chromium.org/p/chromium/issues/detail?id=883038
- chrome 69 で
www.とm.のサブドメインを非表示にする変更を入れた - 一旦戻したが 70 では
www.は非表示しm.は残す
- Google Font で Noto Sans の Early Access が取れた
- Why developing a PWA using AMP might be right for you
- Chrome's turning 10, here's what's new
-
Asynchronous Access to HTTP Cookies
- https://developers.google.com/web/updates/2018/09/asynchronous-access-to-http-cookies
- Cookie Store API の Origin Trial がスタート
- 非同期の Cookie 操作が可能に。変更検知もイベントでできる
- Service Worker からも扱える
- The Reporting API
- Ensure Ad Density is equal on AMP & non-AMP pages
- Measuring user journeys across the AMP Cache and your website
- Compare images on AMP pages with amp-image-slider
- Non-Persisted HTML5 by Default (Target: Chrome 69 - September 2018)
- An open governance model for the AMP Project
- Measuring user journeys across the AMP Cache and your website
- The Action Network goes "All In" on AMP
- Introducing Bing AMP viewer and Bing AMP cache
- Optimize your AMP pages for high ad viewability rate or high ads served
- Inside look at modern web browser
-
Product updates based on your feedback
- https://www.blog.google/products/chrome/product-updates-based-your-feedback/
- Chrome 69 でひっそりと、 Google 系サービスにログインしたら Chrome にもログインするようになった
- 複数ユーザーで PC を共有する際に混乱を避けるためとの説明だが
- 批判いろいろ
- 70 でいくつか修正を加えるとのこと
-
Google Chrome's biggest challenge at age 10 might just be its own success - CNET
- https://www.cnet.com/news/google-chromes-biggest-challenge-at-age-10-might-just-be-its-own-success/
- Chrome のこれまでと Google web になっていることへの危惧
-
883038 - Feedback: Eliding www/m subdomains - chromium - Monorail
Firefox 動向
- Stable: 62
-
Updates
-
Firefox 62
- https://www.mozilla.org/en-US/firefox/62.0/releasenotes/
- https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/62
- CSS Shapes
- Variable Fonts
Array.prototype.flat()- import.meta
- JSON superset
- 接頭辞なしの
::selection
- FastBlock is enabled by default in Nightly now
- Why we need better tracking protection
- Variable Fonts Arrive in Firefox 62
- Firefox 62 - Tools Cool for School! - Mozilla Hacks - the Web developer blog
- Developer Tools support for Web Components in Firefox 63
- Dweb: Creating Decentralized Organizations with Aragon
- These Weeks in Firefox: Issue 45
-
Firefox 62
-
Intents
- Ship: accept arbitrary webkit-prefixed pseudo-element in selectors
- Ship: Unprefixed Fullscreen API
- Ship: scrollbar-color and scrollbar-width properties
- Implement and Ship: New cookie jar policy to block storage access from tracking resources
- Implement and Ship: getDisplayMedia()
-
Implement: Storage Access API
- https://groups.google.com/forum/#!msg/mozilla.dev.platform/l8bV4RFgAc4/MKl9jbJpBQAJ
- Safari の実装とは少し挙動が違うらしい
- 試しながら段階的に進める模様
- Implement: Feature Policy
-
Site Compat
- Firefox 63 shipping in October invalidates Symantec certificates used by many sites
- Doppler effect support has been removed from Web Audio API
- Non-standard DataTransfer APIs have been deprecated
-
<table>'s size and position now take<caption>into account - progress events will no longer be fired for sync XHR in workers
- Fullscreen API has been unprefixed
- Improved JavaScript error message breaks code relying on the legacy format (Affecting)
- Firefox-specific HTML editing UI has been disabled by default
-
Other
- The End of Firefox Windows XP Support - chuttenblog
-
On Firefox moving DNS to a third party
- https://blog.powerdns.com/2018/09/04/on-firefox-moving-dns-to-a-third-party/
- Cloudflare を使うことへの懸念
- Converting a WebGL application to WebVR - Mozilla Hacks
- New API to Bring Augmented Reality to the Web - Mozilla Hacks
-
DNS over HTTPS (DoH) - Testing on Beta - Future Releases
- https://blog.mozilla.org/futurereleases/2018/09/13/dns-over-https-doh-testing-on-beta/
- Cloudflare 以外の TRR も検討中
- WebRender newsletter #22 - Mozilla Gfx Team Blog
- Performance-Tuning a WebVR Game
- Browser Architecture Newsletter #7 (S02E02)
- User Agent Strings in Firefox and their history
-
Firefox Monitor
- https://monitor.firefox.com/
- 脆弱性を点かれてデータが流出したサービスにおいて自分のデータがどうかを知るサービス
- Introducing Firefox Monitor, Helping People Take Control After a Data Breach - The Mozilla Blog
- Storage access policy: Block cookies from trackers
Safari 動向
-
Stable: 12.0 (9/17)
- https://developer.apple.com/safari/whats-new/
- Icons in Tabs
- Automatic Strong Passwords.
- 3D & AR Model Viewer.
- Release Notes for Safari Technology Preview 65
-
Other
-
Bailey Basile on Twitter: "Safari on iOS 12 changes the look of the URL/Search bar for sites using Extended Validation certificates. Before and after screenshots below...
- https://twitter.com/BasileBailey/status/1041787756697899008
- iOS 12 の Safari と Safari 12 で EV 証明書の表示がされなくなった
- Changeset 236144 - WebKit - Enable Unified Plan by default
-
Changeset 236378 - WebKit - Add PointerEvent, plus feature flag, plus Web Platform Tests
- https://trac.webkit.org/changeset/236378/webkit
- Pointer Events の実装開始
-
Changeset 236273 - WebKit - Implement CSS Custom Properties and Values Skeleton
- https://trac.webkit.org/changeset/236273/webkit
- Houdini の Custom Properties and Values 仕様の実装開始
- カスタムプロパティに初期値やその型、継承の有無を指定可能に
-
Bailey Basile on Twitter: "Safari on iOS 12 changes the look of the URL/Search bar for sites using Extended Validation certificates. Before and after screenshots below...
Edge 動向
- Stable: Edge 42, EdgeHTML 17
-
Status Updates
- https://github.com/MicrosoftEdge/Status/compare/production@{2018-09-01}...production@{2018-10-01}
- Fix: Change status for
WebGL (Canvas 3D)toShipped
- EdgeHTML
- Build Changelog
-
Chakra
- Release ChakraCore v1.11.1
-
Other
- 2018 年 9 月の Internet Explorer / Microsoft Edge の累積的なセキュリティ更新プログラムを公開しました
-
Microsoft tests 'warning' Windows 10 users not to install Chrome or Firefox - The Verge
- https://www.theverge.com/2018/9/12/17850146/microsoft-windows-10-chrome-firefox-warning
- https://twitter.com/firefox/status/1039930814627307520
- Windows に Chrome や Firefox を入れようとすると、「Edge がもう入ってるよ!」ってプロンプトを出す機能を β テスト中らしい
- 他のベンダーから苦言
- 10 月のアップデートには含まれないとマイクロソフトがコメントしたらしい
WHATWG/W3C 動向
-
Recommendation
- CSS Fonts Module Level 3
-
Proposed Recommendation
- Call for Review: Selectors Level 3 is a W3C Proposed Recommendation
- Transition Request: Web Authentication to Proposed Recommendation
-
Candidate Recommendation
- Web Audio API
- Working Draft
-
First Public Working Draft
- First Public Working Drafts: JSON-LD 1.1 Syntax, JSON-LD 1.1 Processing Algorithms and API, and JSON-LD 1.1 Framing
- First Public Working Draft: Device Memory
-
First Public Working Draft: CSS Scrollbars Module Level 1
- https://www.w3.org/blog/news/archives/7314
- https://www.w3.org/TR/2018/WD-css-scrollbars-1-20180925/
- スクロールバーの色や太さを指定するプロパティを定義
-
Chartering
- W3C Group launched: Immersive Web Working Group
-
Other
- TAG Review Request: RTCIceTransport & RTCQuicTransport
- W3C Workshop on Permissions and User Consent
TC39 動向
- Meeting
- Proposals Diff
- New Proposals
IETF 動向
- IETF
-
RFC
- Using Early Data in HTTP
- IETF Last Call
- WG Last Call
- Call for Adoption
- I-D Action
-
Draft
- QUIC Negotiation for Packet Number Protection
- Some Thoughts on IETF Community Leadership
- A reply to a specific tweet
- Discussion of the IASA 2.0 Changes as They Relate to the IETF Trust
- Update to the Selection of Trustees for the IETF Trust
- XChaCha: eXtended-nonce ChaCha and AEAD_XChaCha20_Poly1305
- Clarifications and Implementation Guidelines for using TCP Encapsulation in IKEv2
- Clarifications and Implementation Guidelines for using TCP Encapsulation in IKEv2
- Forward Error Correction (FEC) Framework Extension to Sliding Window Codes
- RPKI Autonomous Systems Cones: A Profile To Define Sets of Autonomous Systems Numbers To Facilitate BGP Filtering
- The Cache HTTP Response Header
-
Encrypted Server Name Indication for TLS 1.3
- https://tools.ietf.org/html/draft-ietf-tls-esni-00
- ekr, kazuho, nick(cloudflare), chris(apple)
- A Binary Manifest Serialization Format
- Login Security Policy Extensions Mapping for the Extensible Provisioning Protocol (EPP)
- Using Multicast DNS to protect privacy when exposing ICE candidates
- An Interface to the QUIC Transport Protocol
- An Unreliable Datagram Extension to QUIC
- Using HTTP/2 as a Transport for Arbitrary Bytestreams
- Extended Tokens and Stateless Clients in the Constrained Application Protocol (CoAP)
- Guide for building an EDDSA pki
- Updates to Requirements for IPv6 Options
- GitHub Configuration for IETF Working Groups
- DNS Query Name Minimisation to Improve Privacy
- Simple TCP Convergence-Layer Protocol
- Deprecating TLSv1.0 and TLSv1.1
- Preparation, Enforcement, and Comparison of Internationalized Strings (PRECIS) Test Vectors
- Additional OAuth Parameters for Authorization in Constrained Environments (ACE)
- IP geolocation load balancing Resource Record
- HTTP SEARCH Method
- Codec-Layer Feedback for the Real-time Transport Control Protocol (RTCP)
- Advice to the Trustees of the IETF Trust on Rights to Be Granted in IETF Documents
- Method to pre-fetch Domain Names at HTTP Proxy Servers
- Sub-path Transport Layer Problem Statement
- Update to the IETF Anti-Harassment Procedures for the Replacement of the IAOC With the IETF Administration LLC
- Other
セキュリティ動向
- September 2018 CA Communication
- Google Wants to Kill the URL
- A Crisis of Permissions
-
Public Wifi が平文通信のページに広告を差し込む話
- https://twitter.com/jaffathecake/status/1044121129848377344
- 静的サイトでも暗号化する必要の 1 つという話
-
Protecting user identity against Silhouette
- https://blog.twitter.com/engineering/en_us/topics/insights/2018/twitter_silhouette.html
- 「シルエット」という攻撃が早稲田大学と NTT から報告されたらしい
- block しているユーザへのリクエストが他よりも早いことを利用した情報の抜き取り
- 理想は same-site cookie を使って対処したいが
- 今はリファラチェックなど複数を組み合わせて対処
- さらば DES 暗号、 2023 年終了へカウントダウン
周辺動向
- Testing HTTP freshness in CDNs
-
Safari, Caching and Third-Party Resources - Andy Davies
- https://andydavies.me/blog/2018/09/06/safari-caching-and-3rd-party-resources/
- ITP で Public CDN の効果が減るという指摘
- libcurl gets a URL API
- DoH in curl
- jest が Object からネイティブの Map クラスを使ったら 20% テストランナーが速くなった
-
AV1 のテストを YouTube や Netflix などが開始
-
https://www.youtube.com/playlist?list=PLyqf6gJt7KuHBmeVzZteZUlNUQAVLwrZS
- YouTube が AV1 をベータ提供しテストを開始
- http://youtube.com/testtube から opt-in し Chrome 70 か Firefox Nightly build
- AV1 Video Samples Now Available on YouTube & Netflix
- Netflix public AV1 test streams
-
Star Trek はどうやって異星人間でビデオコーデックのネゴシエーションをしているのか
- https://twitter.com/jdrosen2/status/1042952371494629376
- CISCO CTO のジョークレス
-
https://www.youtube.com/playlist?list=PLyqf6gJt7KuHBmeVzZteZUlNUQAVLwrZS
イベント
-
10 月
- 12: WebKit Contributors Meeting
- 22-26: TPAC 2018 Lyon
-
11 月
- 12-14: Chrome Dev Summit
- 26-28: MozFest