Open-source developers say securing their code is a soul-withering waste of time web developers

---

• Open-source developers say securing their code is a soul-withering waste of time
• Cloudflare’s privacy-first Web Analytics is now available for everyone
• How Can I Create Animation on scroll like this? I Know Javascript, vuejs, nuxtjs os any module for this kind of animation?
• Hackers hide web skimmer inside a website's CSS files
• Working with client IT team is always a nightmare
• I'm working on a "Legacy" project with a security hole the size of Texas. It's been classified as "out of scope/won't fix". Help?
• Looking for price suggestions on first project
• Tailwind Starter Kit a beautiful extension for TailwindCSS, Free and Open Source
• How do frontend developers keep track of all the new frameworks?
• Is plagiarism considered ethical for white hat hackers?
• Ready to leave front end behind. But where next?
• remove the div seperator?
• jwt frontend validation of ranking systems
• Server location is more important than a good CDN?
• Where can I get free domain names that isn't Freenom?
• Release Notes for Safari Technology Preview 117
• Debugging WebAssembly with modern tools
• Publish, ship, and install modern JavaScript for faster applications
• Alternative to loading.io without a monthly plan for animations?
• Speed up ideas for dashboard
• Static/Fixed Nav Bar ONLY Using HTML
• JAMstack blog - confusion around usage of headless CMS
• Affordable Selenium grid options for solo/freelance work?
• Who do you think has a harder job, front-end, or back-end?
• Error handling (and DB design) in production apps

Open-source developers say securing their code is a soul-withering waste of time Posted: 10 Dec 2020 07:19 AM PST submitted by /u/magenta_placenta [link] [comments]

Cloudflare’s privacy-first Web Analytics is now available for everyone Posted: 09 Dec 2020 08:27 PM PST submitted by /u/Atulin [link] [comments]

How Can I Create Animation on scroll like this? I Know Javascript, vuejs, nuxtjs os any module for this kind of animation? Posted: 10 Dec 2020 02:00 AM PST submitted by /u/mdsaban [link] [comments]

Hackers hide web skimmer inside a website's CSS files Posted: 10 Dec 2020 08:51 AM PST submitted by /u/julian88888888 [link] [comments]

Working with client IT team is always a nightmare Posted: 10 Dec 2020 11:20 AM PST I am a freelance dev, and about 90% of the time I pick a host and just deploy sites directly. but the other 10% of the time I have to work with the clients' internal IT teams. And every single time it's a major pain in the ass. The same issues over and over again: Complete lack of response from the IT teams. After multiple emails. Weird territorial issues with the teams. As if I am planning on taking someone's job or interfere with their precious server set-up in some way. They always set up some needlessly complicated AWS instance for something like a 10 page static site that has a limited lifespan. The reason I am hired is because IT teams don't have the bandwidth for these marketing initiatives. But then get pissy because someone else is working on it. Servers that are never configured properly. Say Craft needs certain packages to run - they don't want to install said package without a dozen meetings on their end discussing it. Then, when its finally installed its not the package that was discussed. Want to include me in some daily stand-up or other agile silliness when I could just launch the site in the time one meeting takes. Constantly having to communicate with my client contacts with all of this since they are always scared of the IT people. Does anyone else have these same issues. submitted by /u/bobcottle [link] [comments]

I'm working on a "Legacy" project with a security hole the size of Texas. It's been classified as "out of scope/won't fix". Help? Posted: 09 Dec 2020 06:37 PM PST I'm currently planning on following orders and not fixing the bug. I need some advice though. The project is using un-salted md5 for password storage. The owner is aware of the issue apparently. The database is used by multiple projects, which is why its classified as won't fix. I guess I'm wondering what I should do in this situation? I know the fallout from this could be massive, but I can't do anything about it. Is there anything the company I work for needs to do in case of a breach? Thankfully, my company is just a development agency, and I'm not working directly for the security-ignorant company. submitted by /u/yramagicman [link] [comments]

Looking for price suggestions on first project Posted: 10 Dec 2020 11:26 AM PST Hi everyone For the past 6 months I've been learning web development online. Luckily I got a referral from one of my friend to develop a website like this (http://Reazent.com). His website requires me to code 3 pages. I'm not sure how to proceed with pricing, contracts and what things to discuss before hand. Request you all to help with price quote and what are the major thing, me and the client need to agree on before I take up the project. Thank you for your time. Edit: link submitted by /u/red632 [link] [comments]

Tailwind Starter Kit a beautiful extension for TailwindCSS, Free and Open Source Posted: 10 Dec 2020 06:20 AM PST submitted by /u/speckz [link] [comments]

How do frontend developers keep track of all the new frameworks? Posted: 10 Dec 2020 12:13 PM PST I'm a data engineer/backend developer that is only now starting to do some Angular development as part of a new project. I was speaking with one of the full stack engineers, and he was joking in his 5 year career, that he has seen jquery get replaced by AngularJS, AngularJS get replaced by Angular, and Angular get replaced by Vue and React. I can honestly say that this is much more difficult than my current job, where data engineers typically only need to keep track of learning new languages like Scala and Go, or using AWS. It seems like a lot to learn, so how do many of you keep learning all the new frameworks? submitted by /u/statistical_engineer [link] [comments]

Is plagiarism considered ethical for white hat hackers? Posted: 10 Dec 2020 09:32 AM PST This week, I received a vulnerability report for a way to allow clickjacking for my site, bypassing X-Frame-Options and CSP headers. Further research seemed to indicate that the origin code was published on GitHub as a POC, and the reporter took this code verbatim and is reporting it to companies for bug bounties. We're not able to actually reproduce the issue, but it doesn't seem fair to award a bounty to somebody who did no work to research this vulnerability. I also know this happens all the time. Common vulnerabilities are loaded into automated scanners, and amateur "security researchers" spray reports out and pray their targets will pay. This is not that scenario. Would love to hear you guys/gals thoughts. submitted by /u/mailto_devnull [link] [comments]

Ready to leave front end behind. But where next? Posted: 10 Dec 2020 11:19 AM PST Hey all. I'm about 10 years into a frontend career, and I'm really at the end of my rope with it. I work at a WordPress agency doing 95% of my work at the very front of frontend — css/html/ui js. I'm so tired of nudging things 1px this way and 2px that way, I could scream when I see another QA ticket come in. I'm realizing now that without setting any actual long-term goals, I'll probably be doing this forever. So I'm determined to set some actual goals and try and spend some time getting to somewhere new. Trouble is, I feel frozen with self-doubt. I'm really struggling to figure out where to go next. Maybe I'm burned out, maybe I can't see the road ahead? Maybe I'm just burned out with agency life? I don't know. I'd really, really appreciate some new perspectives. In my head, I'm constantly going back and forth — Try rails! Stay in JS-land! You already know React, do that! Try Vue since you liked that! You'll never master backend, just give up! etc etc etc self doubt.........etc.... What do I know? Solid on all frontend stuff — css/html/js/WordPress Intermediate with React and Vue I've built some relatively complex interfaces with both, interacting with apis, etc. Basically, I'm definitely not a beginner ​ How much time do I have available? With young kids and a full-time job, I have so little time. I have from about 8:30-10:30pm each night and another hour in the early morning I could give over. Literally 0 minutes on the weekends. So that's roughly 2-3hrs a day I could put in, 3-5 days a week. That's not a lot of time, but I'm thinking if I had a target in mind, I wouldn't be worried about taking a year or two to get there. ​ What am I currently thinking? Try and move up the frontend stack, away from CSS and towards the middle of the frontend. This makes sense, but honestly, I don't see this job anywhere at my current company, so I have trouble imagining what it would even look like. Try my hand at backend. I've never done backend. I'm playing with Ruby on Rails at the moment, just because I played with it about 10 years ago and recall liking it a bit. At this point, I really don't know if backend is "for me" at all. Rails is attractive to me at this moment b/c it's totally different. As I look for some kind of spark, different feels good. Though every night I sit down and spend about 20mins self-doubting before I dig in (ie: googling "should I learn Rails in 2020"....etc) Since I know JS, maybe I should dip into Node? Maybe I should focus all my energy into React or Vue? I worry about getting sucked back into the frontend/css vortex on this path though. PHP since I work at a WP shop already? I'm not the sharpest frontend-er on the team, so that's where my doubts about backend come from. It seems like it'd be harder than frontend .....but maybe that's just because I haven't spent any dedicated time learning backend. Thanks to anyone taking the time to read. I really appreciate your perspective. submitted by /u/johnwhitely2020 [link] [comments]

remove the div seperator? Posted: 10 Dec 2020 02:46 PM PST hi i got a quick question, so i made a simple website for a school project and i have a canvas object and then a div but in betweet those two there is a white line that isnt part of anyone of them, is there a way to remove that line? https://preview.redd.it/csyamswsuf461.png?width=2000&format=png&auto=webp&s=82c2c38c1535af7653a2caae8b4a14f2badc63ca submitted by /u/CatSauce66 [link] [comments]

jwt frontend validation of ranking systems Posted: 10 Dec 2020 11:02 AM PST submitted by /u/CuberTuber780 [link] [comments]

Server location is more important than a good CDN? Posted: 10 Dec 2020 09:19 AM PST Let me explain. I live in Brazil and a good server here is expensive. 100% of my audience is in Brazil. But... The problem is that... it's expensive. Just to give you an example, any AWS EC2 instance is almost 1.5x more expensive in Brazil than US. This is the same for local brazilian companies, it's just expensive. Why the cdn question: with my budget I can get a decent dedicated server in US to do the heavy work, then pay for a good CDN to deliver cached content to Brazil. The question is: the CDN performance can surpass the speed of the entire site running in Brazil or it's still better pay more for a dedicated here, because server location is still king. THank you for your time. submitted by /u/glinskicwb [link] [comments]

Where can I get free domain names that isn't Freenom? Posted: 10 Dec 2020 04:27 PM PST I'd be happy with a subdomain if the domain isn't too long and too obviously branded submitted by /u/IngKnow69 [link] [comments]

Release Notes for Safari Technology Preview 117 Posted: 10 Dec 2020 04:22 PM PST submitted by /u/feross [link] [comments]

Debugging WebAssembly with modern tools Posted: 10 Dec 2020 05:42 AM PST submitted by /u/feross [link] [comments]

Publish, ship, and install modern JavaScript for faster applications Posted: 10 Dec 2020 04:03 PM PST submitted by /u/feross [link] [comments]

Alternative to loading.io without a monthly plan for animations? Posted: 10 Dec 2020 03:54 PM PST Hello everybody, I was looking for a background wave animation and I found this: https://loading.io/background/m-wave/ The animation itself is quite nice and exactly what I am looking for. I am willing to put time and effort in it to make it work and if necessary buy-a-coffee. Unfortunately, I am surely not paying a monthly plan for it. Any alternatives? submitted by /u/Nummerblatt [link] [comments]

Speed up ideas for dashboard Posted: 10 Dec 2020 03:42 PM PST At work, we have this table that loads a bunch of resources and displays it. It works fine to a degree, but for certain enterprise customers, they have 10x the median number of resources. For those big customers, not only does it take a long time to get back the result from the back, but it also doesn't work well in the browser. Currently all the sorting, pagination, and filtering happens in the frontend, so for those big customers, even after loading the resources, the table becomes unusable (so they don't. They opt to use CLI for this reason). There are plans to optimize the API so the frontend can call for smaller chunks for certain page and filters and sortings, so the page can request something like the third page of the list where sorted by X and filter Y is applied. My question is, is there some fancy computer science algorithm or data structure (which I'm admittedly not terribly good at) that I can apply so we don't have to rely on the API to make the table view more efficient? Any ideas are welcome, but link to a blog, or even just a Google search result page would be helpful, because I simply don't know what to search for. Or maybe even to a different subreddit where I can pose this question. If it matters, we use React, TS, and RxJS. submitted by /u/OriginalSynthesis [link] [comments]

Static/Fixed Nav Bar ONLY Using HTML Posted: 10 Dec 2020 03:41 PM PST Hi all, hope you're doing well. My boss recently asked me to rebuild the nav bar on our site. He wants to move away from our current method of just having the nav code on each and every web page - so we can make edits to the nav bar periodically that will be automatically implemented across the website. He built our website back in the early days of web dev, and as such it is basically an HTML animal that really just gets the job done (and has for years) but is not responsive or pretty. He's adamantly against using any sort of PHP or JS, since my initial thought was a JQuery script to grab a nav.html file on each page. Bummer! That being said, does anyone know how I can essentially create the same results? Having a singular file or block of code that can be changed and then reflected on all pages across our site , using only HTML? ​ Thanks in advance everyone! submitted by /u/cmorr7 [link] [comments]

JAMstack blog - confusion around usage of headless CMS Posted: 10 Dec 2020 03:30 PM PST I'm trying to wrap my head around the idea of a JAMstack blog. If I understand correctly the basic idea is: Write blog articles on a CMS - taking advantage of all the visual editing features it provides Develop a React (or similar) app that will make API calls to your CMS, fetch the blog posts and render them. Pre build your React app pages (as they are mostly static content) and serve these on a CDN What I don't understand is the gap between steps 1 and 2. If you design a nice fancy blog post on your CMS, aren't you losing all the styling as you're only sending a basic serialized version of the blog post over the API? You'd also surely be missing out on things like automatic structured data which some CMS can do for you. I've tried setting up Ghost CMS locally, and when I fetch one of the example blog posts I'm getting back some mark up that includes `<div class="kg-gallery-image"...` but there's no css styles included in the response. Is it standard to include some sort of CMS specific css file? submitted by /u/prl_lover [link] [comments]

Affordable Selenium grid options for solo/freelance work? Posted: 10 Dec 2020 02:47 PM PST I'm learning and reading up on Selenium, which I've never used before. Someone recommended it to me because I primarily develop in Linux, but need to test macOS with Safari . What I've come to find out, which they didn't tell me, was you still need access to macOS and Safari to run the test. One option would be to use something like BrowserStack and Selenium grid. The cost of these services though are usually around like $30/mo with an annual contract starting out, which seems kind of steep to me if I'm just working on some projects in my spare time. I'm probably just going to get a MacBook Air (when Docker is working), but I'm curious if there is anything more affordable... like <$10/mo. (I'm aware of running macOS in a VM, or doing a Hackintosh, which is what I've done for years.) submitted by /u/strumpy_strudel [link] [comments]

Who do you think has a harder job, front-end, or back-end? Posted: 10 Dec 2020 10:40 AM PST As a person who has worked with both, I really don't know which is harder. What do you think? Which one requires more work? submitted by /u/FarrisFahad [link] [comments]

Error handling (and DB design) in production apps Posted: 10 Dec 2020 01:41 PM PST Using the YouTube Music app just now, I thumbs-downed a song that was previously liked. Effects: - The UI removes it from my current screen - Modal appears saying "they're tuning my recommendations" - Behind the scenes, that song is presumably given a " hated" attribute - "Liked" attribute should be removed How would you go about creating this, with respect to error handling? I've never really seen an error message in the app, and everything goes where it should. submitted by /u/homosapiensapienzz [link] [comments]

You are subscribed to email updates from webdev: reddit for web developers. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States