Last Friday's Dev Digest was a spotlight issue covering the problem of Apple's plan to disallow web applications to be added to the homescreen and run as standalone apps. We had an expert round and wrote about it here, too. Other than that, had a lot more in store for you:

News and Articles

In security news, probably the biggest one is that the WordPress Bricks Theme has a security flaw that impacts 25k+ sites. Like it or not, Wordpress is a huge part of the web, and thus makes it a tempting target for attackers. This vulnerability in detail allows execution of PHP, which, depending on the setup of your Wordpress instance, can allow attackers to take over your whole machine. At one time, I had the same on my personal blog and found out by looking at my traffic that I had a blog running in a sub folder that was showing price comparisons! 

Mastodon is great. I love that it is a superbly open alternative to X and others, but lately it has been a  spammy mess, and it shows issues of the fediverse. The good news is that as things are open, they might be easier to fix. The bad news is that it needs every Mastodon instance admin to apply the same safeguards. What do you think? Is Mastodon the new X for you?

A Nginx core developer quits in security dispute, and starts a “freenginx” fork.

In platform news a notable thing is that CSS might soon have functions and mixins, making preprocessors history. I love to see how CSS evolves, especially as it is a journey from specifics (make this blue and 200px wide) to generics (make this a blue that has enough contrast with the background, as wide as possible, but not wider than 40 characters and with a margin on the right or left, depending on the reading direction). Functions and mixins have been part of Sass or others for quite a while, and could make it easier for non-CSS developers to embrace the language. It also can mean we can ditch conversion steps and create fewer CSS. Right now with preprocessors, we often create a ton of CSS and then use another, performance-oriented tool, to cut down to the bare minimum again Often people cite the reason that CSS on its own doesn't give them all they need. This is now over, I suppose.

The Microsoft Edge team proposes EditContext, replacing contentEditable, which always felt good, but was a mess when it comes to error handling. Low-code and No-code solutions do need good WYSIWYG editing, and many editors are a mess. So adding this to the platform sounds like an excellent idea.

In terms of thought pieces and articles we had Jack Lindamond writing on infrastructure decisions he endorses or regrets and a discussion about Tailwind, it's marketing and misinformation engine and a 1:1 comparison of a site built with Tailwind vs. Semantic CSS.

Code and Tools

Our very own Daniel Cranney explains the Next.js App Router by building a "WoofPix" app! If you wonder how to use it, this is a good start. And it uses the absolutely fabulous Dog API which also contains photos of some of our dogs!

Search boxes need to provide people with results and not be frustrating. That's why "fuzzy searches" are a great thing. Allow your users to make typos, write only partial results and the like. Frontend Fuzzy Search allows you to build forgiving search forms.

Browser automation has been a staple of testing and development for quite a while. Autotab allows you do do things in the browser and let AI learn to repeat it by automating the process. If you are familiar with Chrome DevTools' Recorder feature, this is that one on steroids.

Videos and talks

In the video section, we have a few to choose from:

• Scott Chacon: So You Think You Know Git? (45m) - FOSDEM 2024
• Davide Imola - Securing secrets in the GitOps Era (1h)
• Lucien Immink - Project Fugu: Extending the web (1h) ‍

Work and Jobs

CodeRev is an interesting idea: conduct job interviews doing code reviews rather than demo code. This, to me, is much closer to what you will do in the real world. We debug/review a lot more than we code from scratch. That said, research shows that coding interviews are effective, even though they feel academic at times. More insights come in falsehoods Junior Devs believe about becoming Senior. and I can vouch that many are exactly that, !true.

Many companies think AI can replace both their employees and real users, but it turns out that  AI user research is not “better than nothing" but actually worse. Kind of when you do personas and don't think them through - at all. Even worse is that AI hiring tools may be filtering out the best job applicants.

Procrastination Corner / Wonderful Weird Web

In the time wasting section we have a fun way to generate passwords, a very simple game I wrote 12 years ago and an impressive 3D game full of atmosphere.

• Making generating random passwords fun by catching chars in a basket.  
• Can you scroll - a game where you need to scroll the right amount of pixels
• The Cursed Library is a very atmospheric and impressive web game.

And that's that! See you next Friday in your inbox or the following Monday here!