Reposted by Fabrice
Highlights from last week:
- Use Webdriver for all WPT runs
- Improve look & feel of various form controls
- Support :open and ::details-content pseudos
- Support JSON modules
- Insert a cache for animation with smarter updates
- Use Webdriver for all WPT runs
- Improve look & feel of various form controls
- Support :open and ::details-content pseudos
- Support JSON modules
- Insert a cache for animation with smarter updates
February 7, 2026 at 11:25 AM
Highlights from last week:
- Use Webdriver for all WPT runs
- Improve look & feel of various form controls
- Support :open and ::details-content pseudos
- Support JSON modules
- Insert a cache for animation with smarter updates
- Use Webdriver for all WPT runs
- Improve look & feel of various form controls
- Support :open and ::details-content pseudos
- Support JSON modules
- Insert a cache for animation with smarter updates
WebBT and WebUSB are lowering the security of the web in their current shape. If you use WebUSB to install an Android image on your device, you rely on all the elements in the chain: server -> browser -> device to not be flawed.
Compare with regular web where trusting the browser is enough.
Compare with regular web where trusting the browser is enough.
February 4, 2026 at 11:07 PM
WebBT and WebUSB are lowering the security of the web in their current shape. If you use WebUSB to install an Android image on your device, you rely on all the elements in the chain: server -> browser -> device to not be flawed.
Compare with regular web where trusting the browser is enough.
Compare with regular web where trusting the browser is enough.
Read the Mozilla and WebKit positions. And "no one has been hacked in 7 years" is a very poor argument:
1) How can you know that...
2) How does that ensure this will never happen?
Running untrusted code with high privileges requires a different model than the current web.
1) How can you know that...
2) How does that ensure this will never happen?
Running untrusted code with high privileges requires a different model than the current web.
February 4, 2026 at 10:59 PM
Read the Mozilla and WebKit positions. And "no one has been hacked in 7 years" is a very poor argument:
1) How can you know that...
2) How does that ensure this will never happen?
Running untrusted code with high privileges requires a different model than the current web.
1) How can you know that...
2) How does that ensure this will never happen?
Running untrusted code with high privileges requires a different model than the current web.
why do you think malware can't exist? (and not exactly of the form you're thinking about).
February 4, 2026 at 10:56 PM
why do you think malware can't exist? (and not exactly of the form you're thinking about).
I don't know... what does that mean to be "safe to use with the web"? Does that mean that any code / commands you send to that device will be ok? Sending a firmware update can be safe, or not... Not everyone can secure their backend like Google, we need trust and integrity of the payloads.
February 4, 2026 at 10:47 PM
I don't know... what does that mean to be "safe to use with the web"? Does that mean that any code / commands you send to that device will be ok? Sending a firmware update can be safe, or not... Not everyone can secure their backend like Google, we need trust and integrity of the payloads.
One major security issue that is glossed over by the Chrome people is that servers can get compromised and serve malicious payloads. The usual web sandbox protects you against damage for regular apis by design, but not for something like WebUSB / WebBT.
February 4, 2026 at 10:40 PM
One major security issue that is glossed over by the Chrome people is that servers can get compromised and serve malicious payloads. The usual web sandbox protects you against damage for regular apis by design, but not for something like WebUSB / WebBT.
Skills are similar to intents that have been a thing for a while. Apps are intent bundles with a default view
February 4, 2026 at 6:53 PM
Skills are similar to intents that have been a thing for a while. Apps are intent bundles with a default view
Une alternative raisonnable si tu veux rester chez des Frenchies: www.bookmyname.com
BookMyName - Best Domain Name Registration & Email Services
Secure your online presence with BookMyName. We offer reliable domain name registration, and professional email services. Start your online journey with us today!
www.bookmyname.com
January 30, 2026 at 11:35 PM
Une alternative raisonnable si tu veux rester chez des Frenchies: www.bookmyname.com
Sounds great! Will you publish details about your corpus and training process?
January 29, 2026 at 10:11 PM
Sounds great! Will you publish details about your corpus and training process?
Reposted by Fabrice
Highlights from last week:
- More work on DevTools, Web Crypto API, WebDriver
- Improve mouse interaction in form inputs
- Implement navigate to fragment
- overflow-clip-margin now supports <visual-box>
- More work on DevTools, Web Crypto API, WebDriver
- Improve mouse interaction in form inputs
- Implement navigate to fragment
- overflow-clip-margin now supports <visual-box>
January 23, 2026 at 12:55 PM
Highlights from last week:
- More work on DevTools, Web Crypto API, WebDriver
- Improve mouse interaction in form inputs
- Implement navigate to fragment
- overflow-clip-margin now supports <visual-box>
- More work on DevTools, Web Crypto API, WebDriver
- Improve mouse interaction in form inputs
- Implement navigate to fragment
- overflow-clip-margin now supports <visual-box>
Reposted by Fabrice
December in Servo…
🎤🧑🏫 FOSDEM talks next week!
🤹🪟 multiple windows
🪆🌐 HTTP proxy support
🔐🕵️ more SubtleCrypto algorithms
💽🗃️ new site data & network API
servo.org/blog/2026/01...
🎤🧑🏫 FOSDEM talks next week!
🤹🪟 multiple windows
🪆🌐 HTTP proxy support
🔐🕵️ more SubtleCrypto algorithms
💽🗃️ new site data & network API
servo.org/blog/2026/01...
January 23, 2026 at 6:39 AM
December in Servo…
🎤🧑🏫 FOSDEM talks next week!
🤹🪟 multiple windows
🪆🌐 HTTP proxy support
🔐🕵️ more SubtleCrypto algorithms
💽🗃️ new site data & network API
servo.org/blog/2026/01...
🎤🧑🏫 FOSDEM talks next week!
🤹🪟 multiple windows
🪆🌐 HTTP proxy support
🔐🕵️ more SubtleCrypto algorithms
💽🗃️ new site data & network API
servo.org/blog/2026/01...
Andor is excellent, but I liked Rogue One too!
January 19, 2026 at 10:43 PM
Andor is excellent, but I liked Rogue One too!
Web 3.0 has roots way before Solid, in the Semantic Web work at the W3C on RDF, OWL etc.
January 19, 2026 at 7:27 PM
Web 3.0 has roots way before Solid, in the Semantic Web work at the W3C on RDF, OWL etc.
Get the 13yo to submit a hand written essay!
January 17, 2026 at 6:14 PM
Get the 13yo to submit a hand written essay!
Reposted by Fabrice
Highlights from last week:
- DevTools, Web Crypto API and WebDriver improvements
- Use shadow DOM in user agent widgets for form controls
- Ship navigator.sendBeacon()
- Implement Origin API
- DevTools, Web Crypto API and WebDriver improvements
- Use shadow DOM in user agent widgets for form controls
- Ship navigator.sendBeacon()
- Implement Origin API
January 16, 2026 at 12:40 PM
Highlights from last week:
- DevTools, Web Crypto API and WebDriver improvements
- Use shadow DOM in user agent widgets for form controls
- Ship navigator.sendBeacon()
- Implement Origin API
- DevTools, Web Crypto API and WebDriver improvements
- Use shadow DOM in user agent widgets for form controls
- Ship navigator.sendBeacon()
- Implement Origin API
ha, cheating with application/octet-stream works? I read that they're doing some content checks to filter out contentious media.
January 15, 2026 at 6:58 AM
ha, cheating with application/octet-stream works? I read that they're doing some content checks to filter out contentious media.
how do you deal with blob filtering by the PDS?
January 14, 2026 at 11:23 PM
how do you deal with blob filtering by the PDS?
Hetzner is fine, except their web UI which is very confusing. Good thing you don't have to use it often!
Depending on your needs you can find great servers for cheap on their auctions at www.hetzner.com/sb/
Depending on your needs you can find great servers for cheap on their auctions at www.hetzner.com/sb/
Refurbished server for sale in Hetzner Server Auction
Be quick and save money: Top and cheap refurbished dedicated servers at Hetzner Server Auction
www.hetzner.com
January 13, 2026 at 11:44 PM
Hetzner is fine, except their web UI which is very confusing. Good thing you don't have to use it often!
Depending on your needs you can find great servers for cheap on their auctions at www.hetzner.com/sb/
Depending on your needs you can find great servers for cheap on their auctions at www.hetzner.com/sb/
I also learned after his death that one of my grandfathers was in a FFI group - no one ever talked about it in the family. Sadly I only found one mention of his group in a book and the list of the members.
You can lookup a lot of official information here: www.memoiredeshommes.defense.gouv.fr
You can lookup a lot of official information here: www.memoiredeshommes.defense.gouv.fr
Mémoire des Hommes
www.memoiredeshommes.defense.gouv.fr
January 13, 2026 at 11:40 PM
I also learned after his death that one of my grandfathers was in a FFI group - no one ever talked about it in the family. Sadly I only found one mention of his group in a book and the list of the members.
You can lookup a lot of official information here: www.memoiredeshommes.defense.gouv.fr
You can lookup a lot of official information here: www.memoiredeshommes.defense.gouv.fr
Reposted by Fabrice
Highlights from last week:
- Web Crypto API now passing 91% of WPT tests
- Make Windows installer respect customized path
- Enable css-font-loading tests
- More thoroughly convert between UTF-16 and UTF-8 offsets in text inputs
- Skip some steps when determining encoding for XML document
- Web Crypto API now passing 91% of WPT tests
- Make Windows installer respect customized path
- Enable css-font-loading tests
- More thoroughly convert between UTF-16 and UTF-8 offsets in text inputs
- Skip some steps when determining encoding for XML document
January 9, 2026 at 12:56 PM
Highlights from last week:
- Web Crypto API now passing 91% of WPT tests
- Make Windows installer respect customized path
- Enable css-font-loading tests
- More thoroughly convert between UTF-16 and UTF-8 offsets in text inputs
- Skip some steps when determining encoding for XML document
- Web Crypto API now passing 91% of WPT tests
- Make Windows installer respect customized path
- Enable css-font-loading tests
- More thoroughly convert between UTF-16 and UTF-8 offsets in text inputs
- Skip some steps when determining encoding for XML document
Interesting. I think the data sets used to train the models for the current translation feature are coming from paracrawl.eu/index.php but I can't figure out the licensing.
Releases
ParaCrawl
paracrawl.eu
January 8, 2026 at 11:24 PM
Interesting. I think the data sets used to train the models for the current translation feature are coming from paracrawl.eu/index.php but I can't figure out the licensing.
Nothing was destroyed, the web never had that kind of integrity. That's why browsers are hardened, they consider all code to be potentially hostile.
Now yes, content based addressing could be a solution, but so far that didn't get enough traction (ipfs, dat, others all failed).
Now yes, content based addressing could be a solution, but so far that didn't get enough traction (ipfs, dat, others all failed).
January 8, 2026 at 7:04 PM
Nothing was destroyed, the web never had that kind of integrity. That's why browsers are hardened, they consider all code to be potentially hostile.
Now yes, content based addressing could be a solution, but so far that didn't get enough traction (ipfs, dat, others all failed).
Now yes, content based addressing could be a solution, but so far that didn't get enough traction (ipfs, dat, others all failed).
HTTPS only protects transit but doesn’t help if the resource is compromised at the source. Think about an attacker replacing your index.html by their own
January 8, 2026 at 2:52 PM
HTTPS only protects transit but doesn’t help if the resource is compromised at the source. Think about an attacker replacing your index.html by their own
The tricky part is to bootstrap your SRI - there is no good way to ensure integrity of index.html
Whatsapp came up with faq.whatsapp.com/121042013649... which is interesting
Whatsapp came up with faq.whatsapp.com/121042013649... which is interesting
About Code Verify | WhatsApp Help Center
faq.whatsapp.com
January 8, 2026 at 5:10 AM
The tricky part is to bootstrap your SRI - there is no good way to ensure integrity of index.html
Whatsapp came up with faq.whatsapp.com/121042013649... which is interesting
Whatsapp came up with faq.whatsapp.com/121042013649... which is interesting
I've seen Claude cheat in tests to make sure they pass. Very human behavior I would say :)
December 31, 2025 at 4:11 PM
I've seen Claude cheat in tests to make sure they pass. Very human behavior I would say :)