Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

November 16 2017

18:00
Introducing container-diff, a tool for quickly comparing container images

November 08 2017

17:02

Expanding user protections on the web

One of the advantages of the web is that it allows developers to create any type of experience they can imagine, which has led to the rich diversity of content available on the web today. While most content producers are interested in providing excellent experiences for their users, we've found that a small number use the flexibility and power of the web to take advantage of users and redirect them to unintended destinations. 1 out of every 5 feedback reports from Chrome users on desktop mention encountering some type of unwanted content, and we take this feedback seriously when considering how to improve Chrome. Following on from features like Chrome's pop-up blocker and autoplay protections, over the next few releases we'll be rolling out three new protections designed to give users all the web has to offer, but without many of these types of unwanted behaviors.

One piece of feedback we regularly hear from users is that a page will unexpectedly navigate to a new page, for seemingly no reason. We've found that this redirect often comes from third-party content embedded in the page, and the page author didn't intend the redirect to happen at all. To address this, in Chrome 64 all redirects originating from third-party iframes will show an infobar instead of redirecting, unless the user had been interacting with that frame. This will keep the user on the page they were reading, and prevent those surprising redirects.
An example of a redirect being blocked on a test site. The iframes embedded in the site are attempting to navigate the page to an unintended destination, but Chrome prevents the redirect and shows an infobar.

When the user interacts with content, things can also go wrong. One example that causes user frustration is when clicking a link opens the desired destination in a new tab, while the main window navigates to a different, unwanted page. This is effectively a circumvention of Chrome's pop-up blocker, one of users' favorite features. Starting in Chrome 65 we'll also detect this behavior, trigger an infobar, and prevent the main tab from being redirected. This allows the user to continue directly to their intended destination, while also preserving the context of the page they came from.

Finally, there are several other types of abusive experiences that send users to unintended destinations but are hard to automatically detect. These include links to third-party websites disguised as play buttons or other site controls, or transparent overlays on websites that capture all clicks and open new tabs or windows. 
Two types of abusive experiences where a deceptive site control appears to do one thing, but has a different behavior when clicked. One looks like a play button on a video but sends the user to an unwanted download when clicked (left), and the other looks like a close button but instead opens unwanted pop-up windows (right).

Similar to how Google Safe Browsing protects users from malicious content, starting in early January Chrome's pop-up blocker will prevent sites with these types of abusive experiences from opening new windows or tabs. To help site owners prepare for this change, today we're also launching the Abusive Experiences Report alongside other similar reports in the Google Search Console. Site owners can use the report to see if any of these abusive experiences have been found on their site and improve their user experience. Otherwise, abusive experiences left unaddressed for 30 days will trigger the prevention of new windows and tabs.

Together, these protections will dramatically improve users' web browsing experiences while still allowing them access to all that the web has to offer. 

Posted by Ryan Schoen, Product Manager

16:53
Tangent: Source-to-Source Debuggable Derivatives

October 27 2017

15:18

Chrome 63 Beta: Dynamic module imports, async iterators and generators, Device Memory API, and permissions UI changes

Unless otherwise noted, changes described below apply to the newest Chrome Beta channel release for Android, Chrome OS, Linux, Mac, and Windows.

Dynamic module imports

Currently, importing JavaScript modules is completely static, and developers cannot import modules based on runtime conditions, like whether a user is logged in. Starting in this release, the import(specifier) syntax now allows developers to dynamically load code into modules and scripts at runtime. This  can be used for lazy loading a script only when it’s needed, which improves performance of the application.

button.addEventListener('click', event => {
   import('./dialogBox.js')
   .then(dialogBox => {
       dialogBox.open();
   })
   .catch(error => {
       /* Error handling */
   });
});
The code example above shows how to use the import(specifier) function to import JavaScript after an event .

Async iterators and generators

Writing code that does any sort of iteration with async functions can be inelegant. The new async generator functions using the async iteration protocol are now available to help developers streamline the consumption or implementation of streaming data sources. Async iterators can be used in for loops and also to create custom async iterators through async iterator factories.
async function* getChunkSizes(url) {
 const response = await fetch(url);

  for await (const chunk of streamAsyncIterator(response.body)) {
   yield chunk.length;
 }
}
The code example above shows how to use async iterators to writer cleaner code for streaming fetches, using the streamAsyncIterator function .

Device Memory API

It’s challenging for developers to create one user experience that can work across all devices, due to varying device capabilities. The new Device Memory JavaScript API helps developers with this challenge by using the total RAM on a user’s machine to provide insights into device constraints. This insight enables developers to tailor content at runtime in accordance with hardware limitations. For example, developers can serve a “lite” app to users on low-end devices, resulting in better experiences and fewer frustrations. The Device Memory API can also be used to add context to metrics, such as the amount of time a task takes to complete in JavaScript, through the lens of device memory.



Permissions UI changes

When websites need special permissions from a user, they trigger a permission request. Currently these permission requests appear in Chrome for Android as ignorable banners at the bottom of the screen, and developers often show them without considering whether the user has the appropriate context to grant the permission. This results in a distracting user experience, and users ignore or temporarily dismiss these permission prompts more than 90% of the time.

In Chrome 59, we started to address this problem by temporarily blocking a permission if the user dismisses the request three times. As a next step, in this release Chrome for Android now presents permission requests as modal dialogs. This change reduces the overall number of permission prompts by 50%. It also makes users 5 times more likely to accept or deny requests, rather than temporarily dismissing or repeatedly ignoring them. To ensure users understand the permission request, developers should present users with permission requests at an appropriate time , as we’ve found that users were 2.5 times more likely to grant permission to a site that ask for permissions with context.

Other features in this release

Blink > Bindings

Blink > CSS


  • Developers can now make pixel-level adjustments using the new Q length unit , which is especially useful on small viewports.
  • Developers can now prevent apps from using Chrome’s pull-to-refresh feature or create custom effects using   overscroll-behavior , which allows changing the browser’s behavior once the scroller has reached its full extent.

Blink > Fonts

Blink > HTML

  • To improve interoperability, Chrome will fire   beforeprint and afterprint events as part of the printing standard , allowing developers to to annotate the printed copy and edit the annotation after the printing command is done executing.

Blink > JavaScript

Blink > MediaStream

Blink > Network

Blink > Sensor

  • Thanks to contributors from engineers at Intel, an Origin Trial is now available that exposes the following sensors via the new Generic Sensors API syntax: A ccelerometer, LinearAccelerationSensor, Gyroscope, AbsoluteOrientationSensor , and RelativeOrientationSensor .

Blink > Storage

  • The localStorage and sessionStorage API's now use getItem() rather than an anonymous getter, so attempting to access a key using getItem() will now return null rather than undefined . Thanks to Intel for the contribution!
  • To improve developer experience, the methods on sessionStorage and localStorage such as getItem() , removeItem() , and clear() are now enumerable. Thanks to Intel for making this happen!

UI > Browser > Mobile (Android)


Deprecations and interoperability improvements

Blink > Bindings

  • To improve interoperability, instance properties with a Promise type now return a rejected promise instead of throwing an exception.

Blink > CSS


Blink > DOM


  • To improve interoperability, HTMLAllCollection , HTMLCollection , HTMLFormControlsCollection and HTMLOptionsCollection are no longer enumerable, so they are now left out of calls to Object.keys() or for - in loops.
    • Sathya Gunasekaran, Lazily-Loaded Engineer

      October 26 2017

      16:05
      Welcoming 25 mentor organizations for Google Code-in 2017

      October 25 2017

      21:10
      Announcing OpenFermion: The Open Source Chemistry Package for Quantum Computers

      October 23 2017

      17:45

      Introducing the Chrome User Experience Report

      Chrome was founded to push the web forward, and a key part of that is enabling developers to improve their user experience. Although current tools allow developers to understand how real-world users experience their own sites, they have never provided insight into comparisons with other sites or macro user experience trends across the web. Following similar efforts like the HTTPS Transparency Report, today we’re making the Chrome User Experience Report available to encourage performance and user experience improvements across the web.

      The report is a public dataset of key user experience metrics for top origins on the web. All performance data included in the report is from real-world conditions, aggregated from Chrome users who have opted-in to syncing their browsing history and have usage statistic reporting enabled. The initial release includes data from a sample of ten thousand origins and focuses on loading metrics, though we hope to expand coverage in future iterations. For full details on the dataset format, how to access it, and best practices for analysis, please see our developer documentation.

      By querying the dataset, developers can understand how real Chrome users experience the web from the diverse set of hardware, software, and networks they use in the wild. Analyzing many origins on the web will help site developers and the web community understand where they are doing well, identify areas for improvement, and observe advancements in user experience over time.

      We welcome feedback on the dataset’s format, metrics, dimensions, or any other ways to improve the report. We hope that this dataset will help the web community identify opportunities, record trends, and improve user experience on the web.

      Posted by Bryan McQuade and Ilya Grigorik, User Experience Reporters

      October 18 2017

      16:42

      Building unified documentation for the web

      Browsers are always exploring new directions. This independent experimentation has enabled the web to evolve to meet new use cases, but it also means that keeping up with how the web is changing can be difficult. Browsers maintain documentation for their features and APIs, but cross-browser documentation is often fragmented across several sources. One of Chrome’s top priorities is making it easier to build sites that work in all browsers, and simplifying web documentation is a key part of that effort.

      Today, web documentation is taking a big step towards a unified source. Mozilla Developer Network (MDN) Web Docs is announcing a new product advisory board, which includes founding members from Mozilla, Google, Microsoft, Samsung, and several others from the web standards and development communities. The product advisory board will review and provide feedback on the direction of MDN’s web documentation going forward.

      For the last several years, Chrome has been transitioning its web documentation efforts to MDN, allowing us to combine our documentation efforts with many open source contributors like Mozilla. The product advisory board is another step towards making MDN the best source of up-to-date, comprehensive documentation on the web and aligns closely with our goal to make it easier to build for the web as a whole. As part of this effort, we’re also investing in interoperability tests for the web, which allows browsers to share tests and compare the compatibility of their features. We’re also building new infrastructure to help browser developers find bugs and missing APIs between implementations.

      Check out MDN Web Docs as the centralized source of web API documentation. And look out for more information on how we’re working to make the web an even easier platform to build on.

      Posted by Dru Knox, Product Manager

      October 11 2017

      17:00
      TensorFlow Lattice: Flexibility Empowered by Prior Knowledge

      October 09 2017

      16:15
      Google Code-in 2017 is seeking organization applications

      October 08 2017

      03:25

      What I’m Reading: Doomsday prepper sends all of his food to Puerto Rico

      Shared Article from SFGate

      Doomsday prepper sends all of his food to Puerto Rico

      MEDFORD, N.J. (AP) - A New Jersey man who spent decades preparing his home for doomsday is donating all of his stored food to families affected by Hur…

      sfgate.com


      October 03 2017

      17:00
      Announcing more Open Source Peer Bonus winners
      00:00
      Talk to Google at Node.js Interactive

      September 26 2017

      17:00
      Introducing Abseil, a new common libraries project
      15:21

      Fue el estado

      Shared Article from NACLA

      In Mexico, Solidarity Versus the State

      Many in Mexico think the government and political parties are hampering aid efforts.

      Christy Thornton @ nacla.org


      . . . In Mexico City and the surrounding areas, the response of the state has caused exasperation and anger. Outside the capital, in smaller towns in the state of Puebla, for example, no official help has arrived at all; citizens are left to coordinate relief themselves. But in parts of Mexico City where massive volunteer efforts got underway immediately after the quake—such as in the central neighborhoods of Condesa and La Roma, where multiple buildings collapsed—the military later arrived and cordoned off damaged blocks, kicking out volunteers and refusing to provide further information. This has created what one journalist called a “struggle” between the military and civilians, many of whom argue that the army and marines, with their heavy equipment and top-down approach, care little about finding survivors and have done nothing to communicate with those looking for their loved ones. The marines are also coming under blame—together with the PRI-aligned Televisa television network—for stoking the false story of “Frida Sofia,” the non-existent student who was supposedly trapped in a collapsed elementary school.

      Elsewhere, aid collected by volunteer groups is being channeled by a state agency known as the DIF, which is headed by the first lady and the wife of the interior minister, and is nominally responsible for family welfare programs. That is, rather than distributing government aid, the agency appears to be appropriating aid collected by citizens in order to distribute it under their banner. A widely circulating video showed aid trucks arriving in Morelos from the state of Michoacán forcibly diverted by police from their intended destination to the DIF headquarters, where huge stores of supplies sat undistributed, officials said, because they did not have bags. . . .

      –Christy Thornton, In Mexico, Solidarity Versus the State (23 Sep. 2017)

      September 25 2017

      16:30
      Google Summer of Code turns 14

      September 23 2017

      13:55

      Anarchy, Swamp, and Utopia

      Shared Article from Reason.com

      Anarchy, Swamp, and Utopia

      Archeologists offer a new look at a secretive settlement of runaway slaves.

      Jesse Walker @ reason.com


      September 22 2017

      18:10

      Aspirational History and the Color of American Citizenship

      There’s a new political book out by E.J. Dionne, Norm Orenstein and Thomas E. Mann, called One Nation After Trump. Dionne and Orenstein went on Fresh Air the other day to talk about their book, their take and their hopes for a better political climate. Terry Gross asked them to speak a bit about one of the themes of their book — that part of what’s notable and different about Donald Trump and the political movement behind him, as opposed to past waves of right-wing politics, is the extent to which they have embraced ideas from the European far right.

      That much is certainly true, and it’s worth noting. But what’s harder to go along with is Dionne’s effort to pivot from the influence of the European far right, into a countervailing political appeal to American patriotism. Here’s what Dionne says:

      DIONNE: The idea that Bannon and Trump have imported ideas from the European far-right comes from the notion that there’s been a great historical difference between what it meant to be an American and what it meant to be a citizen in many European countries. . . . American citizenship has always been based on a commitment to ideas. It didn’t matter where you were from. It didn’t matter what the color of your skin was . . . .

      –E.J. Dionne, interviewed by Terry Gross. Could The Trump Presidency Lead To An Era Of Democratic Renewal?
      Fresh Air, NPR, 19 September 2017

      This is just wrong. It would have been nice, and better for America and the entire world, if it had been true, but it’s flat-footedly and literally mistaken. In 1790, when Congress passed the first Naturalization Act in the U.S., the language of that act directly stated that it mattered what the color of your skin was: you had to be a free white person to qualify for naturalized American citizenship:

      Section 1. Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, That any alien, being a free white person, who shall have resided within the limits and under the jurisdiction of the United States for the term of two years, may be admitted to become a citizen thereof, on application to any common law court of record, in any one of the states wherein he shall have resided for the term of one year at least, and making proof to the satisfaction of such court, that he is a person of good character, and taking the oath or affirmation prescribed by law, to support the constitution of the United States, which oath or affirmation such court shall administer; . . .

      — An Act to establish an uniform Rule of Naturalization (March 26, 1790)
      United States Statutes at Large, First Congress, Second Session, 103ff. (Source: White By Law: Naturalization Act of 1790)

      Whiteness was a condition not only for naturalization, but for both the rights and obligations of citizenship more broadly, at the federal level and at the state level. Skin color prerequisites, nearly identical to the federal prerequisite, were written even more pervasively into the state constitutions and legal codes of antebellum Southern states. For example, in Alabama, the same formulas made white skin color was an explicit prerequisite for the franchise and for political office. At the federal level, to take another example, in 1792 Congress said that the color of your skin (as well as your gender and citizenship) mattered to your eligibility, and obligation, to serve in the militia:

      Section 1. Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, That each and every free able-bodied white male citizen of the respective states, resident therein, who is or shall be of the age of eighteen years, and under the age of forty-five years (except as is herein after excepted) shall severally and respectively be enrolled in the militia by the captain or commanding officer of the company, within whose bounds such citizen shall reside, and that within twelve months after the passing of this act.

      — An Act more effectually to provide for the National Defence by establishing an Uniform Militia throughout the United States (May 8, 1792)
      United States Statutes at Large, First Congress, Second Session, 271-274. (Source: White By Law: Uniform Militia Act of 1792)

      Every amendment to the Naturalization Act passed from 1790 up until 1952 repeated the free white person formula, or a close variation on it. In 1870, in the wake of Emancipation and Reconstruction, there was a debate in the Senate over whether to remove the racial prerequisite from citizenship; but in the end the Reconstruction drive to wipe out the racial-law legacy of slavery ran up against the rising nativist sentiment against Chinese immigration in the West. And in the event, the bill that they passed never struck out the racial prerequisite; it just added aliens of African nativity and … persons of African descent as a second racial category that could be admitted. For the next 80 years, a series of prerequisite cases in the federal courts — beginning with In Re Ah Yup — repeatedly affirmed that skin color absolutely mattered to a person’s eligibility for American citizenship, and then litigated over and over again the sometimes porous legal and social boundaries of just who counted as white. (For example, Chinese and Japanese immigrants did not; Mexican immigrants did. For many immigrant groups, including Arabs and South Asians, different courts made numerous, sometimes inconsistent rulings. A good, standard reference on this series of cases is Ian F. Haney-Lopez’s White By Law: The Legal Construction of Race.) Gradually Congress added more racial groups in addition to white and black, but this basic framework — of a limited number of racial categories allowed to become naturalized citizens, and everyone else ruled ineligible to citizenship — remained the core of American naturalization law until racial bars were finally repealed by the Immigration and Nationality Act in 1952.

      There is no question that for the first century and a half of its existence, the United States government was explicitly a racial state, and that race and skin color were explicit conditions on citizenship and political participation. This shouldn’t be surprising: before the Civil War, the United States was a slaveholding nation. After the Civil War, immigration exclusion and Jim Crow increasingly reinscribed systems of racial categorization into the law.

      I hope it should go without saying that this is not any kind of argument in favor of race or skin color as a condition of citizenship. The fact that the United States had a long tradition of racially discriminatory citizenship laws isn’t any reason to think kindly of the traditional, white supremacist approach. It’s a reason to think worse of the United States government, and to be much more skeptical of traditional American patriotism. Whatever deeper values Dionne may think were present in the American system, at some other level, and however much he may think that the old racial prerequisite law was an aberration or an inconsistency, there is no way that you can reasonably pretend that It didn’t matter what the color of your skin was without substituting a sort of aspirational self-identity for the much messier historical fact.

      September 20 2017

      11:43

      Chrome 62 Beta: Network Quality Estimator API, OpenType variable fonts, and media capture from DOM elements

      Unless otherwise noted, changes described below apply to the newest Chrome Beta channel release for Android, Chrome OS, Linux, Mac, and Windows.

      Network Quality Estimator API

      The Network Infomation API has been available in previous versions of Chrome, but has only provided theoretical network speeds given the type of a user's connection. In this release, the API has been expanded to provide developers with network performance metrics as experienced by the client. Using the API, a developer can inspect the current expected round trip time and throughput and be notified of performance changes. To simplify application logic, the API also summarizes measured network performance as the cellular connection type (e.g. 2G ) most similar to it, even if the actual connection is WiFi or Ethernet.


      Using these network quality signals, developers can tailor content to network constraints. For example, on very slow connections, developers can serve a simplified version of the page to improve page load times .  These signals will also soon be available as HTTP request headers and enabled via Client Hints .

      OpenType Variable Fonts

      OpenType Font Variations bring new typographic capabilities to the web. Previously, one font file contained just a single instance of a font family, including only one weight (Regular, Bold, Black…) or one stretch (Normal, Condensed, Expanded…).
      Figure: Animated Amstelvar and Decovar variable font examples


      With variable fonts, responsive design on the web now extends to typography. OpenType Variations provide a continuous spectrum of stylistic variations while saving space and bandwidth, since they all load from a single compact font file. Stretch, style, and weight can be adjusted using the respective updated CSS properties which now allow numeric values. Fine tuning of variation axis parameters, such as weight or width, is possible using the font-variation-settings CSS property.

      Media Capture from DOM Elements

      The W3C Media Capture from DOM Elements API now allows sites to live-capture content in the form of a MediaStream directly from HTMLMediaElements (i.e. <video> and <audio> ). By invoking the captureStream() method on HTMLMediaElements , streamed content can be recorded and sent remotely using WebRTC, processed with WebAudio, or manipulated in various other ways .


      Sorry! Your browser does not support the video element. View animationhere.
      Figure: A 3D rendering being live-captured and streamed to a peer connection using WebRTC.

      Other features in this release

      Deprecations and interoperability improvements

      • Following an update to native button appearance on macOS, the appearance of <input> buttons and the <button> element have been similarly changed , affecting the default values for the background-color ,   border ,   border-radius , and padding CSS properties .
      • The ability to request permission to show notifications has been removed over HTTP connections and within cross-origin iframes , in line with our policy on restricting powerful features to only HTTPS.
      • To increase accuracy and ensure that users receive content in the language they expect, base language is now added immediately after language+region when generating accept-language headers from language settings.
      • To improve UX and browser consistency, transitional mouse events will now be dispatched , and hover states will now be updated more quickly after the intended layout has been modified.
      • OfflineAudioContext now accepts a dictionary argument, in addition to the existing constructor that takes three separate arguments.
      • In line with other browsers, the getStreamById method on RTCPeerConnection has now been removed .
      • SharedWorker.workerStart has been removed, following its deprecation and removal from other major browsers.
      • To better conform to spec, the default value of <ol>.start has been set to 1 .

      Posted by Ben Greenstein and Tarun Bansal, The Network’s Watch
      Reposted bysofiasfinkregh

      September 19 2017

      14:00
      Authenticating to Hashicorp Vault using GCE Signed Metadata
      Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
      Could not load more posts
      Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
      Just a second, loading more posts...
      You've reached the end.

      Don't be the product, buy the product!

      Schweinderl