ep65 Monthly Web 202003
- published_at
- 2020-04-02
- guest
- @myakura
- toc
-
headings
Theme
第 65 回のテーマは 2020 年 3 月の Monthly Web です。
Show Note
Covid-19
- 4/1 現在
- 世界的に感染拡大
-
日本も徐々に増えている
- https://stopcovid19.metro.tokyo.lg.jp/
- 東京でも日時感染者が 60 人を越え始める
- 緊急事態宣言はでてない
- 都立学校の休校を延長
- 1 住所 2 枚マスクの配布を発表 etc
-
影響
- ブラウザのリリースにも影響
- 多くのイベント、カンファレンス等が中止かリモートに
- インターネットのトラフィックが急増中
Chrome 動向
- Stable: 80.0
-
Updates
-
Chrome Releases: Upcoming Chrome and Chrome OS releases
- https://chromereleases.googleblog.com/2020/03/upcoming-chrome-and-chrome-os-releases.html
- COVID-19 の影響で Chrome 81 のリリースを停止
- Security Fix のみ
-
Chrome Releases: Chrome and Chrome OS release updates
- https://chromereleases.googleblog.com/2020/03/chrome-and-chrome-os-release-updates.html
- https://blog.chromium.org/2020/03/chrome-and-chrome-os-release-updates.html
- M83 が M82 の作業を含んで 3 週間早くリリースされる
- Canary, Dev, Beta のリリースも再開
- M80 のセキュリティアップデートも再開
- 4/7 に M81 リリース
- 5 中旬に M83 をリリース
- M82 は欠番
- What's New In DevTools (Chrome 82 83)
- Deprecations and removals in Chrome 81
- How to set up Signed HTTP Exchanges (SXG)
- How to distribute Signed HTTP Exchanges (SXG)
- Customize media notifications and playback controls with the Media Session API
-
Chromium Blog: Updates to form controls and focus
- https://blog.chromium.org/2020/03/updates-to-form-controls-and-focus.html
- フォーム要素の見た目刷新について
- Chrome 83 から更新(Android 版を除く)
-
Chrome Releases: Upcoming Chrome and Chrome OS releases
-
Intents
- Ship: Add fractionalSecondDigits option to Intl.DateTimeFormat
- Ship: mixed content autoupgrading for images
- Ship: Adding captureTimestamp and senderCaptureTimeOffset to RTCRtpContributingSource.
- Ship: Screen Wake Lock API
- Ship: Support scrolling=off and scrolling=noscroll
- Ship: WebXR DOM Overlay
- Ship Cross-Origin-Opener-Policy
- Ship: Cross-Origin-Embedder-Policy (COEP)
- Ship: JavaScript private methods and accessors
- Ship: WebOTP API
- Ship: 'revert' keyword
- Implement and Ship: RTCRtpSendParameters.degradationPreference
- Implement and Ship: Unprefixed 'appearance' CSS property
- Implement and Ship: 'auto' keyword for '-webkit-appearance' CSS property
- Prototype: Layout Instability Shifted Element Surfacing
- Prototype: Font Access
- Prototype: CIE LAB color functions for CSS
- Prototype: Named pages with page-orientation
- Prototype: CSS aspect-ratio property
- Experiment: performance.measureMemory
- Experiment: WebRTC Insertable Streams
- Experiment: WebAssembly SIMD
- Continue Experimenting: Native File System API
- Extend Origin Trial: Subresource prefetching+loading via Signed HTTP Exchange
- Extend Origin Trial: Contacts API Address/Icon support
- Extend Origin Trial: Content Index API
- Remove: -webkit-box quirks from -webkit-line-clamp
- Remove: Cross origin subframe JS Dialogs
- Chrome University Summer 2019: Videos Published
- [blink-dev] Important Update: See you at BlinkOn 13
- [blink-dev] Important Update on COVID-19 and BlinkOn
- Enabling QUIC in tip-of-tree
-
[PSA] Extensions to origin trials impacted by changes to Chrome release schedule
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/XXqiE1usLH4/qh0QHcNcAwAJ
- Origin Trial の期限などがリリーススケジュール変更で変わるので API Owner は確認が必要
- 使ってる人も確認が必要かも
- [ACTION REQUESTED] Please Remove Chrome 82 from ChromeStatus
- [UPDATES NEEDED] What's in Chrome 83
-
v8
-
Understanding the ECMAScript spec, part 2 · V8
- https://v8.dev/blog/understanding-ecmascript-part-2
- hasOwnProperty の続き
- Pointer Compression in V8 · V8
-
Understanding the ECMAScript spec, part 2 · V8
-
Other
-
How Google improved ads performance with stale-while-revalidate
- https://web.dev/ads-case-study-stale-while-revalidate/
- Ad を Stale-While-Revalidate で最適化しようとしてる
-
Google Developers Blog: Join us for the digital Google for Games Developer Summit
- https://developers.googleblog.com/2020/03/join-us-for-digital-google-for-games.html
- Game Developers カンファレンス
-
Google Developers Blog: Update on Google at GDC 2020
- https://developers.googleblog.com/2020/03/update-on-google-at-gdc-2020.html
- Game Developers カンファレンスの延期
- Chromium Blog: New developer dashboard and registration flow for Chrome Web Store
-
Google Chrome and Web Developer Experts - YouTube
- https://www.youtube.com/playlist?list=PLNYkxOF6rcIAZqdZ8Uz5hWLgTl319CaLH
- GDE の Video を集めた Youtube のプレイリスト
-
How Google improved ads performance with stale-while-revalidate
Firefox 動向
- Stable: 74.0
-
Updates
-
Firefox 74.0, See All New Features, Updates and Fixes
- https://www.mozilla.org/en-US/firefox/74.0/releasenotes/
- Optional Chaining operator のサポート
-
TLS 1.0/1.1 がリリース時は無効にされたが、 COVID-19 による影響で復帰
- 政府系のサイトなどでも移行できてなかった模様
- https://www.mozilla.org/en-US/firefox/74.0/releasenotes/#note-788289
- Firefox 74 for developers
-
Security means more with Firefox 74
- https://hacks.mozilla.org/2020/03/security-means-more-with-firefox-74-2/
- Feature Policy, Cross-Origin-Resource-Policy も有効になった
- Future-proofing Firefox's JavaScript Debugger Implementation
- These Weeks in Firefox: Issue 70
- These Weeks in Firefox: Issue 71
-
Firefox 74.0, See All New Features, Updates and Fixes
-
Intents
- Ship: Restrict window.open features parameter
- Ship: Intermediate CA Preloading
- Ship: JavaScript public static fields
- Ship: JavaScript Intl.Locale
- Ship: Element.getAnimations() and Document.getAnimations()
- Ship: Web Animations Animation timelines (without the setter of Animation.timeline)
- Ship: Web Animations implicit to/from keyframes and auto-removing redundant filling animations
- Ship: Document as explicit root of an intersection observer
- Ship: Atomics and SharedArrayBuffer objects (limited to a single thread)
- Ship: Delegated Credentials for TLS 1.3
- Implement and Ship: RTCRtpReceiver.getParameters()
- Implement and Ship: RTCRtpSender.getParameters() and RTCRtpSender.setParameters()
- Implement and ship: Ignore navigation to unknown protocol
-
Prototype and ship: Make
<script defer>wait for stylesheet loads - Unship: FTP protocol implementation
-
Other
- Getting Closer on Dot Org? - The Mozilla Blog
- Engineering Effectiveness Newsletter #1
- Identifying bugs affecting people working and learning from home
- Learn web technology at "sofa school"
-
Innovating on Web Monetization: Coil and Firefox Reality
- https://hacks.mozilla.org/2020/03/web-monetization-coil-and-firefox-reality/
- Coil という新しい Web 収益化の方法をテストするらしい
-
Try our latest Test Pilot, Firefox for a Better Web, offering privacy and faster access to great content
- https://blog.mozilla.org/blog/2020/03/24/try-our-latest-test-pilot-firefox-for-a-better-web-offering-privacy-and-faster-access-to-great-content/
- Scroll というサービスと組んで Better Web という試験サービスを米国でリリース
- 月 2.5 ドルを払えば、 Scroll とパートナーシップを結んだパブリッシャーのサイトでは広告がでない
- 昨年のテストでは、広告を表示するよりも 40% より多い額がパブリッシャーに渡った
-
KaiOS Technologies and Mozilla partner to enable a healthy mobile internet for everyone
- https://www.kaiostech.com/press/kaios-technologies-and-mozilla-partner-to-enable-a-healthy-mobile-internet-for-everyone/
- Firefox OS をフォークしたフィーチャーフォン用の OS な KaiOS が Mozilla と提携
- TLS 1.3 や新しめのフォーマット(WASM, WebP, etc.)への対応、古い Gecko の更新なども検討中らしい
-
Opening data to understand social distancing
- https://blog.mozilla.org/data/2020/03/30/opening-data-to-understand-social-distancing/
- フランスで Firefox の DAU(Daily Active Usage) が 3 月中旬から増加している
- Social distancing の影響かはちゃんと検証しないとわからないとは前置きした上で、一部データを公開
Safari 動向
- Stable: 13.1
-
Updates
-
Release Notes for Safari Technology Preview 102
- https://webkit.org/blog/10067/release-notes-for-safari-technology-preview-102/
- Changed the disk cache policy to allow resources larger than 10MB to be cached (r257041)
- Fixed value sanitization for input[type=text] to not truncate the value at a control character (r257132)
- Fixed new FontFace() to not throw when failing to parse arguments (r256659)
- Implemented EventTarget constructor (r256716)
- Set User-Agent in preconnect requests (r256912)
- Improved the speed of index cursor iteration when there are a lot of index records from different object stores (r256738)
- Added support for Apple Pay buttons with custom corner radii (r256648)
- Ensured CSS Transition and CSS Animation events are queued, sorted and dispatched by their timeline (r256619)
- Improved performance of track sizing algorithm for spanning items (r256826)
-
Release Notes for Safari Technology Preview 103
- https://webkit.org/blog/10243/release-notes-for-safari-technology-preview-103/
- Supported expanding and collapsing details sections with the spacebar or "enter" key (r258058)
- Supported cycling through scope bar items by pressing tab (r258057)
-
Implemented wildcard behavior for Cross-Origin-Expose-Headers (r258330)
- Access-Control-Expose-Header の typo ?
-
Wide Gamut Color in CSS with Display-P3
- https://webkit.org/blog/10042/wide-gamut-color-in-css-with-display-p3/
- これまでの RGB よりもより鮮やかな色が含まれる色空間に拡張される
- 現状の RGB は Display-P3 のサブセット
- 緑, 赤, 青の順で表現領域が拡張される
color: color(display-p3 1 1 1)
-
Full Third-Party Cookie Blocking and More
- https://webkit.org/blog/10218/full-third-party-cookie-blocking-and-more/
- Safari が 3rd Party Cookie を完全にブロックする初めてのブラウザに
- 「他のブラウザがそれをするための道を切り開く」というモチベーション
- Google が報告した ITP が tracking vector になる問題も要因
- 必要なら Storage Access API を利用
- ITP による分類自体は継続する
- JS から使える全てのストレージは 7 日に制限 (Service Worker 含)
- A2HS された「アプリ」は別
- cross site document.referrer は origin のみに
-
Release Notes for Safari Technology Preview 102
- Other
Edge 動向
- Stable: 80.0
-
Updates
-
Update on Stable channel releases for Microsoft Edge
- https://blogs.windows.com/msedgedev/2020/03/20/update-stable-channel-releases/
- Chromium のリリースに追従する
-
Plan for change: TLS 1.0 and TLS 1.1 soon to be disabled by default
- https://blogs.windows.com/msedgedev/2020/03/31/tls-1-0-tls-1-1-schedule-update-edge-ie11/
- 現状を鑑みて、 2020 前半に予定されていた 1.0/1.1 の無効化を延期
- Edge は 2020/7 の 84
- Edge Legacy と IE11 は 2020/9
- をそれぞれ予定
-
The top 10 reasons to switch to the new Microsoft Edge
- https://blogs.windows.com/windowsexperience/2020/03/30/the-top-10-reasons-to-switch-to-the-new-microsoft-edge/
- Edge に追加する予定の機能紹介
- 縦タブ、コレクション、スマートコピーなど
-
新しい Microsoft Edge へのアップグレード - Windows Blog for Japan
- https://blogs.windows.com/japan/2020/01/16/upgrading-new-microsoft-edge-79-chromium/
- 2020/4/16 まで確定申告が延期
- 2020/4/17 以降に延期
-
Update on Stable channel releases for Microsoft Edge
-
Chakra
- Release ChakraCore v1.11.17 · microsoft/ChakraCore
-
Other
- Debugging Proxy Configuration Scripts in the new Edge
WHATWG/W3C 動向
- Recommendation
- Proposed Recommendation
-
Candidate Recommendation
-
DOM Review Draft 18 June 2019 Endorsed as a W3C Candidate Recommendation
- https://www.w3.org/blog/news/archives/8398
- https://lists.w3.org/Archives/Public/public-html/2020Mar/0003.html
- WHATWG DOM の仕様を Review Draft として W3C から公開
-
DOM Review Draft 18 June 2019 Endorsed as a W3C Candidate Recommendation
- Working Draft
- First Public Working Draft
-
Chartering
- CoVid-19 Remote Meet, Work, Class Community Group created
-
Work in progress on a WebTransport Working Group charter
- https://lists.w3.org/Archives/Public/public-new-work/2020Apr/0001.html
- WebTransport WG ができる
-
Web Real-Time Communications Working Group Charter Extended until 30 September 2020
- https://lists.w3.org/Archives/Public/public-new-work/2020Mar/0014.html
- WebRTC WG は 9/30 で閉じる
- 主な作業者が WebTransport に移る
-
Other
- Join us in celebrating the 31st birthday of the World Wide Web
-
'CSS X' | W3C Blog
- https://www.w3.org/blog/2020/03/css-x/
- CSS にレベルがない理由
-
Why Are We Talking About CSS4? - Smashing Magazine
- https://www.smashingmagazine.com/2020/03/css4-pros-cons-discussion/
- CSS4 についてどういう議論をしているか
-
pickhardt/js_reference_monitors: A proposed JavaScript API to allow reference monitors in modern web applications
- https://github.com/pickhardt/js_reference_monitors
- TC39 じゃなく DOM 側での提案?
- Electron での情報漏えいなどをうけ Reference Monitor を入れる提案
- 意図しない呼び出しなどを止める仕組み
TC39 動向
-
Meeting
- 2020-02
-
Proposals Diff
- https://github.com/tc39/proposals/compare/master@{2020-02-01}...master@{2020-03-01}
- https://tc39.github.io/beta/
-
0->1
- Decimal
- Host Virtualizability
- Legacy reflection features
- Async initialization
- Secure Random Number Generator
- ArrayBuffer view stride
- Intl.DurationFormat
-
1->2
- Logical Assignment Operators
- 2->3
-
3->4
- Intl.NumberFormat
- Intl.Locale
-
New Proposals
- younies/proposal-intl-duration-format
-
Other
-
JavaScript: The First 20 Years
- http://www.wirfs-brock.com/allen/posts/866
- https://zenodo.org/record/3707008
- JS の歴史についての論文
- HOPL (History Of Programming Languages Conferences) に提出する
-
JavaScript: The First 20 Years
IETF 動向
-
IETF 107 Virtual
- Full remote で、セッションを少数に絞って実施
- materials
- httpwg
- quicwg
-
webtrans
- https://github.com/DavidSchinazi/webtrans-wg-materials
- agenda
- minutes
- slides
-
wpack
- agenda
-
minutes
- no minutes
-
slides
- slides-107-wpack-chair-slides-03
- slides-107-wpack-use-cases-00
- slides-107-wpack-web-bundles-00
- slides-107-wpack-signer-origins-00
- slides-107-wpack-draft-thomson-wpack-content-origin-01
- slides-107-wpack-comparing-content-origins-and-signer-origins-00
- tlswg
-
privacypass
- agenda
-
minutes
- no minutes
-
slides
- slides-107-privacypass-chair-slides-00
- slides-107-privacypass-privacy-pass-use-cases-02
- slides-107-privacypass-privacy-pass-ecosystem-00
- slides-107-privacypass-privacy-pass-charter-01
-
dispatch
- HTTP Link HInts
-
SRT Protocol Overview
- https://datatracker.ietf.org/meeting/107/materials/slides-107-dispatch-srt-overview-01
- secure reliable transport
-
secdispatch
- slides-107-secdispatch-client-cert-http-header-00
- slides-107-secdispatch-http-sasl-00
- RFC
- IETF Last Call
- WG Last Call
- Call for Adoption
- I-D Action
-
Draft
- Advisory Content-Length for HTTP
- JSON Type Definition
- SVG Fun with kramdown-rfc2629
- RTP Payload Format for Essential Video Coding (EVC)
- Asymmetric Manifest Based Integrity
- Circuit Breaker Assisted Congestion Control
- 5G transport network benchmarking
- CBOR Certificate Algorithm for TLS Certificate Compression
- CBOR Object Signing and Encryption (COSE): Headers for Carrying CBOR Compressed Certificates
- A CBOR Tag for Unprotected CWT Claims Sets
- Concise Binary Object Representation (CBOR) Tag for Date
- Ephemeral Diffie-Hellman Over COSE (EDHOC)
- BCP72 - A Problem Statement
- Retry-Scope header field
- Privacy Pass: Architectural Framework
- Privacy Pass: HTTP API
- Privacy Pass: The Protocol
- Content-Based Origins for the Web
- Use Cases for RATS
- Simple Registration Reporting
-
Conditional HTTP Requests Using Digests
- https://tools.ietf.org/html/draft-thomson-http-if-digest-00
- If-Digest という条件付きリクエストヘッダの提案
- digest algorithm を明示するところが Etag / If-None-Match との違い
- OCSP Nonce Extension
- Semi-Static Diffie-Hellman Key Establishment for TLS 1.3
- The OAuth 2.1 Authorization Framework
- A Vocabulary of Path Properties
- Bootstrapped TLS Authentication
- Textual Analysis Methodology for Security Considerations Sections
- User Plane Message Encoding
- DNS-over-HTTPS and DNS-over-TLS Server Discovery and Deployment Considerations for Home and Mobile Networks
- Changing the Default QUIC ACK Policy
- TLS Proxy Best Practice
- JMAP for Quotas
- Impact of TLS 1.3 to Operational Network Security Practices
-
The Transport-Info HTTP Header
- https://tools.ietf.org/html/draft-ohanlon-transport-info-header-01
- 経由されたネットワーク上の RTT や経路情報を載せるヘッダ
- Domain Name System Uniform Resource Identifiers for DNS over HTTPS and DNS over TLS
-
Extensible Prioritization Scheme for HTTP
- https://tools.ietf.org/html/draft-ietf-httpbis-priority-00
- kazuho さんの draft が httpbis の wg draft に
-
User Defined Resource Error HTTP Status Code
- https://tools.ietf.org/html/draft-divilly-status-555-00
- Status Code 555 でサーバ独自のエラーを作りたい
- Oracle の提案
- Accept-Auth HTTP Header for 3xx/401 Negotiation, and Redirect Authentication Scheme
- RTP Payload Format for Versatile Video Coding (VVC)
- Communicating Warning Information in HTTP APIs
- Real-time text solutions for multi-party sessions
- User Defined Resource Error HTTP Status Code
- TLS-based EAP types and TLS 1.3
- Other
セキュリティ動向
-
Cookie Status :: Current Status Of Browser Tracking Prevention
- https://www.cookiestatus.com/
- ブラウザごとの Cookie の扱いのまとめ
-
Cliqz - Secure browser with built-in quick search
- https://cliqz.com/en/
- Cookie Status にあったプライバシー重視なブラウザ
- 2015 年からあるらしい
-
Firefox のフォーク
- Why we forked Firefox and not Chromium
- https://0x65.dev/blog/2019-12-17/why-we-forked-firefox-and-not-chromium.html
-
Let's Encrypt Has Issued a Billion Certificates
- https://letsencrypt.org/2020/02/27/one-billion-certs.html
- 2017/6 に開始し 2020/02/27 で 10 億の証明書を発行
- HTTPS は世界 58% 米 64% だったのが、世界 81% 米 91%
- LE は 4600 万サイト 11 人で 261 万ドル予算から始まり、 1.92 億を 13 人で 335 万ドルで
- LE 自体もそうだが ACME(2019)や Certbot が大きい
-
2020.02.29 CAA Rechecking Bug - Incidents - Let's Encrypt Community Support
- https://community.letsencrypt.org/t/2020-02-29-caa-rechecking-bug/114591/4
- LE は domain control と CAA のチェックを行う
- domain control は 30 日有効とみなす
- その 30 日の間でも発行 8h 前に CAA は再チェックをする
- 1 回で N 個の証明書を発行する場合(SNI)、本来 N 個の CAA 全部チェック
- しかしバグで最初の 1 個を N 回チェックしていた
- 30 日以内に domain control してたら、 2 個目以降の CAA を変えていても素通り
- CAA(任意)を設定し、同時に複数取得し、期限より前に再発行している場合該当うる可能性
- 大半の証明書はセキュリティリスクがあるとは言えないが、ルール上取り消す必要がある
- 2.6%(300 万件)が失効対象、そのうち CAA で禁止されてた 445 件と 170 万件はすでに置き換わった
- 3/5 までに残り 130 万も失効したかったが、影響が大きすぎ、放っておいても 90 日で消えるので取りやめに
- An Opinion Piece on Internet Security | APNIC Blog
周辺動向
-
Enigma Conference 2020 - Browser Privacy Panel
- https://textslashplain.com/2020/03/11/enigma-conference-2020-browser-privacy-panel/
- 1 月の Enigma Conference で、ブラウザベンダ各位の Privacy に関する発表が有った
- Brave/Firefox/Chrome/Edge
- 録画が公開されている
- npm is joining GitHub - The GitHub Blog
- The History of the URL
-
新型コロナウイルス感染症 2019(COVID-19)に関する更新 - YouTube ヘルプ
- 画質を下げてインフラを保護
- Netflix, Prime Video なども実施
- COVID-19 impacts on Internet traffic: Seattle, Northern Italy and South Korea
イベント
-
3 月
- 23: Google Game Developer Conference (延期)
-
27: IETF 107 Virtual Vancouver
- full remote
- 31-2: TC39 75th Apple
-
4 月
-
??: Cloud Next
- 延期
-
??: Cloud Next
-
5 月
- ??: Chrome Security Summit
-
12-14: Google I/O
- 当初はバーチャルな開催も検討していたらしいが完全にキャンセル
-
6 月
- 19: SecWeb
-
??: WWDC
- virtual
WrapUp
- JS/CSS/URL などの歴史振り返りが多かった
- コロナで 6 月くらいまで全部のイベントが中止に
- 動画サービスが帯域の削減
- Chrome 82 の欠番が決定
- Safari が 3rd Party Cookie block をアナウンス
- IETF が full remote 実施
- WebRTC の作業を終え WebTrans への移行の兆し
- Privacy Pass が動きはじめる
- WebPackage も SXG の署名方法に動き