Protecting Against HSTS Abuse
Well, the HSTS standard describes that web browsers should remember when redirected to a secure location, and to automatically make that conversion on behalf of the user if they attempt an insecure connection in the future. This creates information that can be stored on the user’s device and referenced later. And this can be used to create a “super cookie” that can be read by cross-site trackers.
JSC 💕 ES6
New language, new benchmark.
Introducing Riptide: WebKit’s Retreating Wavefront Concurrent Garbage Collector
This post begins with a brief background about concurrent GC (garbage collection). Then it describes the Riptide algorithm in detail, including the mature WebKit GC foundation, on which it is built. The field of incremental and concurrent GC goes back a long time and WebKit is not the first system to use it, so this post has a section about how Riptide fits into the related work. This post concludes with performance data.
Introducing Custom Elements
Someday HTML will be feature complete, but not today.