@tbroyer@piaille.fr avatar

tbroyer

@tbroyer@piaille.fr

Web development (frontend, Web APIs), Web app security, build tools, Java, Kotlin, Gradle, etc.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

ppk, to random
@ppk@front-end.social avatar

Apple gives in on PWAs.

In fact, it did so faster than I thought.

Good. Congrats, @owa

https://developer.apple.com/support/dma-and-apps-in-the-eu/#dev-qa:~:text=UPDATE%3A%20Previously,exist%20in%20iOS
(Open "Why don’t users in the EU have access to Home Screen web apps?")

tbroyer,
@tbroyer@piaille.fr avatar

@ppk @owa …as long as you're OK with WebKit as the only browser engine for Home Screen web apps though.

tbroyer,
@tbroyer@piaille.fr avatar

@ppk @owa The point is that everyone seems to be relieved that in the end nothing's changing, rather than being mad at Apple that they don't open Home Screen web apps to other browser engines like the DMA also requires (to my understanding).

(and yes, Google still hasn't announced the same on Android, except the situation doesn't seem as "locked down" as on iOS: for instance, Samsung Internet can install WebAPKs on Samsung phones through the Samsung Galaxy Store)

jaffathecake, to random
@jaffathecake@mastodon.social avatar

🔊 Apple is removing web app features from Safari in the EU, rather than allowing other browsers to have those features on iOS.

Here's a new episode of OTMT with all the details, and what you can do about it:

https://offthemainthread.tech/episode/the-apple-pwa-ban/

tbroyer,
@tbroyer@piaille.fr avatar

@jaffathecake They don't open Home Screen web apps to other browser engines though. Still much better than what was previously announced though.

tbroyer,
@tbroyer@piaille.fr avatar

@jaffathecake It's a return back to the status quo, not what I'd call a step forward (or call it a step forward after a step back if you prefer): iOS 17.4 will be the same as iOS 17.3 as far as Home Screen web apps are concerned.

b0rk, (edited ) to random
@b0rk@jvns.ca avatar

poll: do you use git on the command line or in a GUI?

(you can pick more than one option if it’s a mix of both, sorry magit users I didn't have space for you in this poll)

tbroyer,
@tbroyer@piaille.fr avatar

@b0rk 💯

Fwiw, I like using a GUI (git citool) for crafting commits, whether "complex changes" or not, as seeing the diffs invites me to review the changes before staging and committing them, rather than "blindly" adding the files.

codepo8, to random
@codepo8@toot.cafe avatar

OK, JavaScript's Array methods allow you to write pretty unreadable and powerful things. What does that do? (yes, there is an easier version in ES10)

tbroyer,
@tbroyer@piaille.fr avatar

@codepo8 "duplicate" an object but sort its properties by value?

I have no idea why you'd want to do this but meh

(btw, maybe use Object.fromEntries() rather than that reduce()? unless maybe it doesn't give you that ordering guarantee)

tbroyer, to webdev
@tbroyer@piaille.fr avatar

Announcing Platformer: a set of libraries to help implement:

• attribute reflection in web components following the HTML specification
• WebIDL type coercions for your public JS APIs (including web component properties)

https://github.com/tbroyer/platformer

Comes with ECMAScript decorators (compatible with TypeScript 5.2+ and Babel) for vanilla custom elements and Lit elements.

Currently not published on NPM (as I'm still evaluating whether all of this is a good thing worth pursuing 😂 feedback welcome!)

tbroyer, (edited )
@tbroyer@piaille.fr avatar

@haydencodes Ha good point, but no, it implements all numeric and string types of WebIDL, as well as "less common" types like symbol or bigint. I thought about classifying them into distinct files to reflect that opinion (and possibly cut some bytes, depending on tooling) but haven't yet. This is still something I'm contemplating but… naming is hard 😄

(and thanks for the kind words, heartwarming)

melix, to random French
@melix@mastodon.xyz avatar

Un copain m'a fait remarquer que mon dernier billet était un peu long. En effet, je viens de vérfiier, 15 pages A4, ça n'est plus trop un billet mais presque un essai à ce niveau ! Entre les 2 je dirais :)

tbroyer,
@tbroyer@piaille.fr avatar

@melix "ChatGPT, fais moi un résumé" 🫣

tbroyer,
@tbroyer@piaille.fr avatar

@melix <insert meme Doctor in Philosophy: "we're all going to die (eventually)">

(rhaa, pourquoi y a pas d'emoji :troll: quand on en a besoin)

develwithoutacause, to til
@develwithoutacause@techhub.social avatar

#TIL any errors thrown in attributeChangedCallback get swallowed. They're not propgated to whoever called el.setAttribute('observed', 'data').

tbroyer,
@tbroyer@piaille.fr avatar

@zachleat @develwithoutacause Probably because no built-in element would ever throw when changing an attribute.
State is derived from attributes, but attributes don't directly "set" state, and it's not abnormal to sometimes be in some sort of "invalid state" and you have to cope for it.

Would you like it if you had to be careful updating min, max and value in proper order or it would throw?

See https://blog.ltgt.net/web-component-properties/ where I touch the subject a bit (among other things)

andrewfeeney, to random
@andrewfeeney@phpc.social avatar

Still crazy to me that a credit card is basically your money password written on a card in your wallet. Want to pay over the phone? Just tell us your money password!

tbroyer,
@tbroyer@piaille.fr avatar

@andrewfeeney In the EU, you have to validate transactions in an app on your phone (works with a push notification; conversely also means you have to have a smartphone compatible with the bank's app and app store).
And for non-remote transactions, all cards (I believe, at least that's the case in France) have been chip-cards with a PIN (or biometric for some) for decades.

nixCraft, (edited ) to infosec
@nixCraft@mastodon.social avatar

Poll: Are you encrypting DNS traffic using protocols such as DoT (DNS over TLS) or DoH (DNS over HTTPS)? #infosec #security #DNS

tbroyer,
@tbroyer@piaille.fr avatar

@nixCraft @stephengentle That's exactly what I did (also installed pi-hole, so pi-hole is the DNS server pushed through DHCP, and it uses the dnscrypt-proxy as upstream, that then uses DNS-over-? I don't remember what kind of encrypted protocol is used 🫣)

b0rk, (edited ) to random
@b0rk@jvns.ca avatar

poll: when you have a merge conflict, how do you prefer to handle it?

tbroyer,
@tbroyer@piaille.fr avatar

Fwiw, I use (and recommend) Meld: https://meldmerge.org/
But VS Code or IntelliJ IDEA work great too
(and in any case, I invoke it with git mergetool)

davatron5000, to random
@davatron5000@mastodon.social avatar

📝 New post! I spent a bunch of time on this one.

A tale of three architectures: How we built, rebuilt, and then rebuilt Luro + 3 things I've learned about software architecture.

https://daverupert.com/2024/02/three-architectures/

tbroyer,
@tbroyer@piaille.fr avatar

@davatron5000 Didn't you mix up the numbers of duck-size horses and horse-size ducks? In the list of each architecture you wrote "100 horse-sized ducks" and "1 duck-sized horse", shouldn't that rather be "100 duck-sized horses" and "1 horse-sized duck"?

tbroyer,
@tbroyer@piaille.fr avatar

@davatron5000 LGTM 👍

rauschma, to random
@rauschma@fosstodon.org avatar

For a static checking tool: What are best practices w.r.t. writing to stdout and stderr? Information: progress, successes, failures.

Update—found material on the web:
– stdout: normal output of program. Everything you want to see if you save it to a file and read it later.
– Only print “live” UI elements such as progress bars if stdout is interactive (directly observed by a user, not piped somewhere etc.).
– stderr: diagnostic or unexpected data not useful to consumers of normal output

tbroyer,
@tbroyer@piaille.fr avatar

@immibis @rauschma +1, which to me means that the result of the tool (validation failures and warnings) goes to stdout, and stderr is for failures of the tool itself.

nimphal, to random
@nimphal@techhub.social avatar

It has been a while since I've encountered this, but just in case it's not clear - do not, and I mean, do not, validate people's names

tbroyer,
@tbroyer@piaille.fr avatar

@nimphal poke @yournameisinvalid

owa, to random
@owa@mastodon.social avatar

Let’s make it very clear. Apple is under NO obligation to kill Web Apps in the EU. It’s a spiteful decision driven from pure greed.

Don’t put up with it, join us in fighting back

https://open-web-advocacy.org/apple-attempts-killing-webapps/

tbroyer,
@tbroyer@piaille.fr avatar

@owa Do you think Google could argue they're compliant already? given that:
• A2HS is about generating an application and installing it
• they already support third-party application stores that could install such apps
• this is exactly what Samsung does already iiuc (on its devices, as the Samsung Store is only available there), so Mozilla or Microsoft (or others) could possibly do it too, and Samsung could possibly open it up to non-Samsung devices? (given Samsung Internet is available more widely)

(I don't know all the technical details, so I might be entirely wrong)

b0rk, to random
@b0rk@jvns.ca avatar

popular git config options https://jvns.ca/blog/2024/02/16/popular-git-config-options/

tbroyer,
@tbroyer@piaille.fr avatar

@b0rk

> and now git’s default behaviour when your branch has diverged from the upstream is to just throw an error and ask you what to do (very similar to what git pull --ff-only does).

You sure? 'cause unless I missed it, the doc says it will merge (I've had pull.ff=only for years so can't tell from experience).

tbroyer,
@tbroyer@piaille.fr avatar

@b0rk Oh, also, the core.excludesfile now has a "default value" so you can put your exclusion patterns to ~/.config/git/ignore without anything specific in your gitconfig.

tbroyer,
@tbroyer@piaille.fr avatar

@b0rk Ah true; the rest of the page is all centered around the fact that "git pull" is sort-of a shorthand for "git fetch && git merge" though.

(reading through this page, and the git-config page for pull.rebase, branch.<name>.rebase and autoSetupRebase, I can't understand what the default behavior is supposed to be 🤷 I'll happily defer to your experience as you seem to be using the default configuration whereas I configured a specific behavior on my end)

tbroyer,
@tbroyer@piaille.fr avatar

@b0rk This is a great move!
(thanks for the screenshot)

(did I thank you for these posts and conversations about Git? thank you ❤️; just shared this post on work chatroom, like many things you did, and we did buy your zines too)

tbroyer, to react
@tbroyer@piaille.fr avatar

I think I totally forgot what React Compiler and Offscreen API are. Majority of the rest has already been seen in Next.js, but I have to admit I never really understood what "transitions" are and how to use them (that said, I haven't coded with React for months). Appreciate the small note on web components support, at last!

It's really clear though that what once was a rather "simple" library (functions returning virtual dom; even the magic of hooks wasn't too hard to grok) has become something really really complex over time.

https://react.dev/blog/2024/02/15/react-labs-what-we-have-been-working-on-february-2024

panos, to bluesky
@panos@catodon.social avatar

OK this will probably be an unpopular opinion, but regarding the and whether it's ok to be opt-out... For me the discussion doesn't make much sense because this is how fedi works. When you enable federation, your posts are federated to any activitypub-supporting server, unless you opt-out by fediblocking. Do you approve all of these servers? Do you agree with their ToS? Have you read the ToS of all of them, or know where they belong to? No. I know this might make you insecure about your data, but it's better to be honest than create a false impression of control, which then feels attacked when Threads or Bluesky appear. I understand that somebody may not want their content appearing in Zuckerberg's or Dorsey's platform. But they could already be running an AP server that's federated to your server, and you will never know. This is what we signed up for, adopting an open protocol and using software that federates with everyone as the default. And tbh I like it this way - an opt-in federation would be a disaster for smaller servers, it would practically be impossible to federate. By using an AP-enabled server, I'm telling everyone that it's ok to interact with my content - unless I actively block them. It doesn't include an agreement for how or from whom this content will be used. The fact that both servers run AP-compatible software is only a technicality. So if Bluesky implemented AP support it would suddenly be ok that interacting with their users would be opt-out, like with every AP server?

Don't get me wrong, I understand that everyone wants to be in control of their social circle, and I support you if you want to block Threads or Bluesky bridges. But I don't really see how it's unethical to have a bridge that is opt-out, just like any other AP-server. Our only "agreement" is using an open protocol, not any common ToS. ActivityPub is not ethically superior by definition, anyone can adopt it, and we have the right to block them, and this is all by design, it's not a different corner of the internet, everyone in the internet can use the protocol and see/display your public content. The drama every time some server does basically what we allowed them to do and we don't like it, is getting really old quickly. It doesn't "protect" fedi, it only makes it hostile and boring. If you're concerned about who sees your content, please run a followers-only account and control your followers. Running a public account in an openly federated platform and then getting angry when you don't agree with every single server you're federating with is a recipe to make sure you'll be angry for years to come.

tbroyer,
@tbroyer@piaille.fr avatar

@panos @hsivonen This is not much different from free/libre open source software in a sense: you may not like that some people use the software you create, but if it's FLOSS then that's what you signed for, and adding terms to the license to prevent such use would make it no longer FLOSS.

That's how GAB can use Mastodon, 4chan can be built with PHP and YUI, etc. whether you like them or not.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • kavyap
  • DreamBathrooms
  • thenastyranch
  • magazineikmin
  • InstantRegret
  • ethstaker
  • Youngstown
  • mdbf
  • slotface
  • rosin
  • osvaldo12
  • tacticalgear
  • ngwrru68w68
  • provamag3
  • everett
  • GTA5RPClips
  • khanakhh
  • cisconetworking
  • normalnudes
  • Durango
  • tester
  • cubers
  • modclub
  • Leos
  • megavids
  • anitta
  • lostlight
  • All magazines
    •