Google UX Engineer Adam Argyle joins Jerod and KBall to share all the details on VisBug, his just-released Chrome Extension that “makes any webpage feel like an artboard.” Adam is passionate about doing for designers what Firebug (and later DevTools) did for developers. In this episode, he shares that passion and how it’s driven him to create and open source VisBug.
Hold on to your seat! This is a deep dive on improving time-to-interactive for Netflix.com on the desktop. Addy Osmani writes on the Dev Channel for the Chromium dev team regarding performance tuning of Netflix.com. They were trying to determine if React was truly necessary for the logged-out homepage to function.
There’s more to this story, so dig in. Or, share your comments on their approach to reducing time-to-interactivity and if you might have done things differently.
Several major browsers you and I use everyday are capable of leaking our browsing history, and they all know about it. Caroline Haskins at Motherboard writes:
Most modern browsers—such as Chrome, Firefox, and Edge … have vulnerabilities that allow hosts of malicious websites to extract hundreds to thousands of URLs in a user’s web history, per new research from the University of California San Diego.
In a statement provided to Motherboard via email, senior engineering manager of Firefox security Wennie Leung said that Firefox will “prioritize our review of these bugs based on the threat assessment.” Google spokesperson Ivy Choi told Motherboard in an email that they are aware of the issue and are “evaluating possible solutions.”
Ben Adida shared this on Twitter:
When first web history sniffing attacks came out, I suggested we had to change the notion of a visited link: a link would be marked visited by origin (edges, not nodes.) That was considered too dramatic a change. Maybe it’s necessary after all.
Who’s ready to dig into this research and share how vulnerable we really are and what types of malicious websites could/would extract our browsing history? If you do, let us know so we can link it up.
In the documents that define how the Web works, a browser is called a user agent. It’s supposed to be the thing that acts on your behalf in cyberspace. If the massive data collection appetite of Google’s advertising- and tracking-based business model are incentivizing Chrome to act in Google’s best interest instead of yours, that’s a big problem—one that consumers and regulators should not ignore.
It’s no surprise that privacy-focused browser alternatives are gaining ground in the quest to be your user agent. This coming week, we’re sitting down with Brave’s CTO for what should turn out to be a fascinating episode of The Changelog. Stay tuned for that.
Modifications to Google Chromium for removing Google integration and enhancing privacy, control, and transparency
For those of us who love Chrome too much to leave it, but would prefer not have Google all up in our browser. By the way, now is a pretty good time to give Brave and/or Firefox a spin, if you haven’t recently.
Like many of you reading this, you’re probably signed into a Google service when browsing the web — Google apps (G Suite), YouTube, Gmail, etc. The line between browser (Chrome) and your signed in services was clear before, and now it’s not.
Matthew Green, Cryptographer and Professor at Johns Hopkins University, writes on his personal blog:
What changed? A few weeks ago Google shipped an update to Chrome that fundamentally changes the sign-in experience. From now on, every time you log into a Google property (for example, Gmail), Chrome will automatically sign the browser into your Google account for you. It’ll do this without asking, or even explicitly notifying you. However, and this is important: Google developers claim this will not actually start synchronizing your data to Google — yet.
Thankfully I have been using Brave a whole lot more recently and I’ve really been enjoying an internet where display ads aren’t ruining the experience, and where my privacy isn’t being harvested as I use it.
While working on Taut (aka BetterSlack) I noticed that a browser extension could do lots and lots of harm. On this article, I explain how the only way to browse safely is to completely avoid them (or to be really really involved in managing them).
If you’re thinking, “But open source!” click through and see what Gervasio has to say about that. He also includes some examples of extensions that went rogue or were hacked and how one could abuse the system.
On the Chromium Blog, Paul Kinlan shared a look back to the beginning of Chrome in 2008, the early days of the web, on through to today and the future of the “capable web.”
2008-2014 — In just seven years, the web changed drastically. Browsers got significantly faster and more capable, letting developers build richer experiences on the desktop. Users started to consume even more content on mobile, meaning we all had to rethink how our experiences would work across devices and form-factors, even when the user had no connectivity.
If you’re looking for some perspective on how far we’ve come with the web and the impact of iteration — you should check this out. BTW — Chrome turned 10, here’s what’s new.
Whether you’re using Puppeteer for scraping, testing, monitoring, or something else entirely.. writing the scripts is a whole lot easier with Puppeteer Recorder.
Does BetterSlack make Slack better?
Hide certain users, generate hangout links, move reactions to the right, threads on channel by default, hide status emojis … Gervasio has a 3 minute demo to explain things in more detail…
Have you considered using a PWA to create a Chrome extension?
Sam Thorogood writes on Dev.to:
So you’ve built a PWA, created your service worker, and followed all the guides. In my case, that is Emojityper: a simple PWA where you can enter words, and receive emoji. This is perfect for desktop and entering emoji in editors that don’t support them.
But once you’ve built this great experience, you’re not limited to distributing it only on “the web”. In this post, I’m going to detail how I shipped Emojityper as a Chrome extension, accessible via a browser action.
We were just talking about this on this week’s JS Party!
A new Chrome feature dubbed “Blink LazyLoad” is designed to dramatically improve performance by deferring the load of below-the-fold images and third party iFrames.
Ben Schwarz has a nice overview of the feature and how you can use it today in Chrome Canary (behind two feature flags).
Chrome security has reached a milestone — Chrome will now mark http as “not secure”.
Nearly two years ago, we announced that Chrome would eventually mark all sites that are not encrypted with HTTPS as “not secure”. This makes it easier to know whether your personal information is safe as it travels across the web, whether you’re checking your bank account or buying concert tickets. Starting today, we’re rolling out these changes to all Chrome users.
Also, check out this episode of HTTP203 with Emily Schechter (Product Manager on the Chrome Security team)
The big question with tools like these is, what can I do with it?
- Child processes are detected and attached to.
- You can place breakpoints before the modules are required.
- You can edit your files within the UI. On Ctrl-S/Cmd-S, DevTools will save the changes to disk.
- By default, ndb blackboxes all scripts outside current working directory to improve focus.
Waytab connects to your browser bookmark, Github, Twitter, Pocket, Pinterest and Unsplash account to remind you of your stars, likes and bookmarks every time you open a new browser tab.
This looks like a good idea, well executed. I’ve long given up on bookmarking, liking, and starring stuff because I never go back and revisit. Waytab changes all that.
You can screenshot a single element?!! 😱
Select an element and press
cmd-shift-p(ctrl-shift-p on Windows) to open the Command Menu then select Capture node screenshot.
There are 11 more tips just like this. Some I’m sure you know. Others you likely don’t.
Paul Kinlan, developer advocate for Chrome and the open web at Google writes:
window.onappinstalledevent. It’s triggered when a user installs a progressive web app via the Add to Homescreen API or now more importantly via the manual method of Add to Homescreen.
This is a very useful addition because it allows you to see engagement on the prompt vs people who use the system banners or menu buttons to install a progressive web app.
Now you can track your PWA’s install engagement based on the method of install — via the prompt or manually via a custom prompt. Read the docs for more details.
Also, make sure you subscribe to JS Party to hear discussions about PWAs and the web platform.
The Chrome DevTools provide an amazing set of tools to help you develop on the Web platform. Here are a few tips you might now know yet.
I had no idea you can screenshot a specific element. That is super cool.
Umar Hansa walks through some killer DevTools features for performance tuning.
This web crawler uses Headless Chrome (via Puppeteer) to crawl dynamically generated websites in addition to typical static HTML crawling. It can also be run distributed across multiple machines for speed’s sake, but that requires Redis for shared cache storage.
This Chrome extension undoes that for you.
Last week we linked up Tom Warren’s “Chrome is turning into the new Internet Explorer 6” from The Verge. This week Chris Coyier is defending this venerable web browser saying…
Chrome often leads the pack for good web tech.
And that means they are delivering features developers want, but are features not all browser makers want to implement. Web standards.
The #1 feature for AMP? Fix the URLs.
Search can take advantage of privacy-preserving preloading and the performance of Google’s servers, while URLs remain as the publisher intended and the primary security context of the web, the origin, remains intact. We’re super excited about getting this work under way and we expect the changes to first reach users in the second half of 2018.
Basically, this will ship by the end of 2018.