@tbroyer@piaille.fr avatar

tbroyer

@tbroyer@piaille.fr

Web development (frontend, Web APIs), Web app security, build tools, Java, Kotlin, Gradle, etc.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

nixCraft, to linux
@nixCraft@mastodon.social avatar

What should the fandom be called? 🤔

tbroyer,
@tbroyer@piaille.fr avatar

@fmuc @nixCraft Nah, that's for frontend web developers fan of web components: https://developer.mozilla.org/en-US/docs/Web/API/Web_components/Using_shadow_DOM

tbroyer, to random
@tbroyer@piaille.fr avatar

Tell me you don't understand REST and HTTP without saying you don't understand REST and HTTP.

mayank, to random
@mayank@front-end.social avatar

📝 new blog post: "web components" considered harmful

https://www.mayank.co/blog/web-components-considered-harmful

tbroyer,
@tbroyer@piaille.fr avatar

@mayank Oh sure, but due to https://html.spec.whatwg.org/multipage/syntax.html#syntax-tag-name so would any element with a : or _ in its name (and those are just examples, HTML is very lenient when it comes to parsing tag names: https://html.spec.whatwg.org/multipage/parsing.html#tag-name-state), but those can't be registered in the "custom element registry" so they can't be turned in "defined custom elements" (which everyone just calls "custom elements" I believe)

tbroyer,
@tbroyer@piaille.fr avatar

@mayank Well, technically, dashed names don't create "custom elements" either, but the same kind of "unknown elements".

BTW, I just noticed this in the spec: https://html.spec.whatwg.org/multipage/custom-elements.html#custom-elements-upgrades-examples
> Because element definition can occur at any time, a non-custom element could be created, and then later become a custom element after an appropriate definition is registered. We call this process "upgrading" the element, from a normal element into a custom element.

So a dashed name, per spec, creates a "non-custom element" (aka unknown element), and a "custom element" is one that has been registered.

zachleat, (edited ) to random
@zachleat@zachleat.com avatar

curious what percentage of y’all:

tbroyer,
@tbroyer@piaille.fr avatar

@zachleat Did use one to have more grip, but it was a bit too big. Removed it a few weeks ago and I don't think I'll get back (well, except it allows me to also attach an accessory… which I only use once in a while… (Xiaomi photography kit))

tbroyer, to random
@tbroyer@piaille.fr avatar

Anyone knows how to create a "meta" ES decorator? I.e. a decorator that applies other decorators. Such that:

@metaDecorator accessor myProp = 42;

would be equivalent to:

@someDecorator  
@otherDecorator  
accessor myProp = 42;

I'm looking for any blog post, example, or helper lib (if needed, I don't know).

/poke @rauschma

josh, to microsoft
@josh@vickerson.me avatar

Parts of #Microsoft #Edge get up to 76% faster by dropping #React in favor of Web Components.

React's days may finally be coming to an end 🤞

https://blogs.windows.com/msedgedev/2024/05/28/an-even-faster-microsoft-edge/
————
#WebDev #WebComponents

tbroyer,
@tbroyer@piaille.fr avatar

@josh Well, it's not just react vs web components.

They also rearchitected their code; and as a side effect of moving away from react, they can have code optimized for the most recent Edge when react needs to support many more browser engines and versions (something you definitely want for most web apps).

tbroyer, to webdev
@tbroyer@piaille.fr avatar

📣 I've written about how I improved (in my opinion) @stefan' <sparkly-text> by, for instance, moving the sparkles to the shadow DOM. I also left many things to be done though. Of course this is subjective, so YMMV.

https://blog.ltgt.net/web-component-step-by-step-improvement/

bagder, (edited ) to windows
@bagder@mastodon.social avatar

users running stupid scanners now contact us for support regarding CVE-2023-46218 which the scanners say affects 8.4.0 shipped by Microsoft.

It would, if their version was built to use , a prereq for this CVE, which does not.

Security scanners. A snake oil business.

https://curl.se/docs/CVE-2023-46218.html

tbroyer,
@tbroyer@piaille.fr avatar

@bagder The problem is not the tools themselves (not entirely at least because they have many shortcomings, like not accounting for Debian/Ubuntu fixes backports) but how people (don't) analyze the results.
We do use vulnerability scanners (sending SBOMs to Dependency-Track) but this clearly requires work to analyze the results and determine if you're actually vulnerable (false positive, non-exploitable vuln, only if configured in some specific way, etc.)
Contacting project maintainers for assistance without even some prior analysis is just plain wrong I 💯 agree!

westbrook, to webdev
@westbrook@mastodon.social avatar

#vite would be such a better tool if it wasn't doing some non-platform thing with platform primitives at every turn. Or at least, could it have a "vite, but for people who actually like the web" configuration option?

🤦‍♂️

#webdev

tbroyer,
@tbroyer@piaille.fr avatar

@westbrook I don't use vite but know teams at work who do so I'm curious. Could you name a few of those things it does?

tbroyer,
@tbroyer@piaille.fr avatar

@Lukew @westbrook Ah yes, I do remember that in 2021 the french website https://vitemadose.covidtracker.fr (to easily book covid vaccination appointments) had (and probably still has) a similar issue: the CSS ended up duplicated between the main page and the shadow dom. This was due to import styles from "style.scss" both injecting the styles in the HTML and returning them as string (so they could be used as unsafeCss with Lit).
I did report this to Vite at the time and indeed the answer was to use ?inline (might have been added specifically in response to that issue): https://github.com/vitejs/vite/issues/3246
That was 3 years ago though, I'd have hoped it would have changed…

tbroyer, to Java
@tbroyer@piaille.fr avatar

Sigh, Oracle being Oracle again?

Anyone knows what changed in the TCK license agreement? and why it was announced just days before the release?

https://adoptium.net/blog/2023/09/temurin21-delay/

tbroyer, to random
@tbroyer@piaille.fr avatar

This is awesome news! Many more manufacturers should do that (if not DIY, at least make it easy)

Nokia launches DIY repairable budget Android phone https://www.theguardian.com/technology/2023/feb/25/nokia-launches-diy-repairable-budget-android-phone

tanepiper, to random
@tanepiper@tane.codes avatar

Should this even be optional? 🤔

tbroyer,
@tbroyer@piaille.fr avatar

@tanepiper AFAIK the most critical level is not optional, you can only disable lower levels (and given how irresponsibly the Paris prefecture abused it to advertize for the olympic games' opening ceremony pass, I bet may parisians disabled those lower levels already).

tbroyer, to webdev
@tbroyer@piaille.fr avatar

So, what do people use nowadays to make slideshows from Markdown, Asciidoc, or HTML that can ideally render to PDF in addition to HTML?
(if it doesn't do PDF, don't hesitate to suggest anyway!)

tbroyer, to random
@tbroyer@piaille.fr avatar

Unpopular opinion: "I could rewrite <framework or library> in a few days" is a good proxy metric for:

• actually using such framework/library rather than reimplementing it in a few days: this means you grasp what it does but delegates edge cases handling to it

• not using a library/framework this wouldn't apply to: this means it's too complex/"magic" to comprehend, and remember you're liable for everything you put to prod, whether you wrote it or not; too complex == undebuggable/unmaintainable

patrickbrosset, to CSS
@patrickbrosset@mas.to avatar

Have you used CSS Subgrid?

Looking at the comments that people left about it in the State of CSS survey 2023, I see mostly negative comments. 3 broad themes:

  1. Lack of cross-browser support.
    This is no longer a problem! Subgrid is implemented in all engine as of Chrome/Edge 117.

  2. Complexity/lack of good docs.
    Do you feel this too?

  3. Lack of actual use cases for it.

tbroyer,
@tbroyer@piaille.fr avatar

@tomayac @patrickbrosset We've been using subgrid at work in an internal knowledgebase site since before it came to Chrome. It goes like this:

&lt;body&gt;  
 &lt;header&gt;  
 &lt;div&gt;site title  
 &lt;div&gt;theme toggle  
 &lt;div&gt;  
 &lt;div&gt;search  
 &lt;div&gt;site version  
 &lt;nav&gt;main menu  
 &lt;main&gt;  
 &lt;h1&gt;page title  
 &lt;div&gt;main content  
 &lt;div&gt;author, date, tags, outline  
 &lt;footer&gt;  
 &lt;div&gt;left  
 &lt;div&gt;right

and we want to render in 1, 2 or 3 columns. We could remove the <header>, <div>, <main> and <footer> grouping level and just use grid, but using subgrid seems like a better fit here.

tbroyer, (edited ) to random
@tbroyer@piaille.fr avatar

"The fediverse is a privacy nightmare" – Café Lob-On
by @Bloonface
https://blog.bloonface.com/2023/07/04/the-fediverse-is-a-privacy-nightmare/

tbroyer, to webdev
@tbroyer@piaille.fr avatar

Built-in HTML elements' properties all share similar behaviors, that don't come for free when you write your own custom elements. Let's see what those behaviors are, why you'd want to implement them in your web components, and how to do it, including how some web component libraries actually don't allow you to mimic those behaviors.

https://blog.ltgt.net/web-component-properties/

#webdev #WebComponents #buildWithLit #fastdesign #stencil

tbroyer, to webdev
@tbroyer@piaille.fr avatar

Announcing Platformer: a set of libraries to help implement:

• attribute reflection in web components following the HTML specification
• WebIDL type coercions for your public JS APIs (including web component properties)

https://github.com/tbroyer/platformer

Comes with ECMAScript decorators (compatible with TypeScript 5.2+ and Babel) for vanilla custom elements and Lit elements.

Currently not published on NPM (as I'm still evaluating whether all of this is a good thing worth pursuing 😂 feedback welcome!)

#webdev #WebComponents #buildWithLit

tbroyer, to climate
@tbroyer@piaille.fr avatar

What if I told you that most promoted actions about climate-friendly software are misguided?

Backing data for that claim and my opinion on the low-hanging fruits:

https://blog.ltgt.net/climate-friendly-software/

Key takeaways:

  • Pick servers in carbon-neutral or low-carbon datacenters first
  • Optimize for the perceived performance and battery life
  • Don't be the one that will make your users change their device
  • Sometimes, ideas aren't even worth their impacts

#greenIT #climate #sustainability #carbonfootprint #co2

tbroyer, to typescript
@tbroyer@piaille.fr avatar

I learned from https://instil.co/blog/crazy-powerful-typescript-tuple-types/ how one can "map" from a TypeScript tuple to another, transforming each item type, but it "ignores" optional values.

Anyone knows a solution?

https://www.typescriptlang.org/play?#code/C4TwDgpgBAsghmSAnAPAFQHxQLxQBQBucANgK4QBcUaAlDlmgNwBQzoksCACnEnALYBnNAHt4iCEkEpmUOVB58hUCAA9gEAHYATQVADaAOmNxNIfQF0LAGmZZcigXrUade-QEtNAM0lQAEhBw2tZQxoZevkjUcB7EFrLyAPwGifLySEHaIprEIJwSqIHBGJa26enh4o5CouLI0mixxBjl8gnpVJYszNoQAMbEvNDepJr9wB45UN4iInhwVILASF4A5qEARlSbc8RBmqH9SVSapPybkjRUBCIe2j0A9I+s7NCCIqRI-RBopGD7HAKXgCCAaKQoN4ibwzOYYFjPCoAPSSr3A0GAvDWYL+AOguGqINqYgQDRQHy+P1x+3hzER6RRrERAEkAOTaFSqSATKBwKBvKDEDwAawxAAsPHoctA8MyoNlNKzgFBMiQ8lB+sNebtSMrgGLoCIwJMciQPKAoND+QbBXBllAiGRxZ81mKaGx0ZzuRptNT8QZVQr1fVJOSVutSjYVVkcsHSaHdiJ9qZI6E8IHY-kQ6gzhc-AAfKBjPreLwQbSRmhJCxPF7Mfo5e0aZYARiomKQ2OAfqB+jSBlU9CgqkMwBEABkRAB3SQAYTtEDwNBs-f0g+wWAAhKoV+k10PBwAqKAAJhXNdYDc0TYgyxPVDU3vLPdwfb366wI7Hk5nSHngkXZc2jkfcNygbdd3kUCsDwQckhSAAGOhjzPWwLyAA

#TypeScript

tbroyer, to random
@tbroyer@piaille.fr avatar

Today I once again referred to @jaffathecake's 2016 blog post about HTTP caching, to be reminded that no-cache doesn't mean "don't cache", and must-revalidate doesn't mean "must revalidate".

Thanks again Jake.

https://jakearchibald.com/2016/caching-best-practices/

tbroyer, to random
@tbroyer@piaille.fr avatar

For those interested, I just published on GitHub a series of tests for reflecting attributes in web components (see https://blog.ltgt.net/web-component-properties/ for the rationale, I'll update it soon following those tests), reusing the same tests as used by browsers for built-in elements.
Tests include (for now) vanilla custom elements and Lit custom elements.

https://github.com/tbroyer/custom-elements-reflection-tests

#WebComponents #buildWithLit

tbroyer, (edited ) to random
@tbroyer@piaille.fr avatar

So, a company didn't include "credentials and OTP are stored together" (Google Authenticator sync'ing OTP to same GSuite account used for SSO) as part of their threat model (and didn't monitor Google Authenticator updates and update their threat model accordingly), and blames the tools, and Google for employing "dark patterns", when they're breached through social engineering?

https://retool.com/blog/mfa-isnt-mfa/

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • mdbf
  • everett
  • ethstaker
  • magazineikmin
  • thenastyranch
  • rosin
  • modclub
  • Durango
  • Youngstown
  • slotface
  • ngwrru68w68
  • kavyap
  • DreamBathrooms
  • Leos
  • InstantRegret
  • osvaldo12
  • cubers
  • GTA5RPClips
  • provamag3
  • normalnudes
  • khanakhh
  • tester
  • tacticalgear
  • cisconetworking
  • megavids
  • anitta
  • lostlight
  • All magazines
    •