Will be live in a few minutes at https://ar.al with a S’update (small update) of what I’ve been up to. Today’s theme: talking openly about the dev process (I’ve had a frustrating few days recently).
Looks like we'll need authentication of any kind of external code - which upon writing it seems completely obvious.
How lazy we have become...
Nice to see folks thinking along the same lines (and three years ahead of me) ;) https://github.com/tasn/webext-signed-pages – looks like Tom Hacohen already built what I wanted to verify the index page at least.
(The reason I’m looking past subresource integrity is because I need to have dynamic plugins and subresource integrity is only useful for resources you know at build time.)
I’m playing with dynamic imports for a plugin system in JS but dynamic imports don’t have any sort of verification built in. So I’m thinking of implementing simple signed modules that are loaded in and evaluated. But before I fall down that particular rabbit hole, does anyone know of similar attempts? (I did the usual search engine scouring and stumbled on Web Bundles and Signed HTTP exchanges but though they sound similar, they’re very much not the same thing.)
Thanks to a heads-up from @heydon, I just fixed the formatting issues on my “Building a simple chat app with Site.js” post. Check it out here: https://ar.al/2019/10/11/build-a-simple-chat-app-with-site.js/
Reading: “Google proposed Web Bundles could threaten the Web as we know it”
(Missed this when it first came out. Funny how Google proposes standards that benefit their business model, isn’t it?)
Heads up: Small is Beautiful – our live stream on Small Technology – will henceforth be monthly, not weekly (so there’s no stream today).
This month’s stream is scheduled for the third Thursday (Feb 18, 2021) at 5PM UTC and will feature Paul Frazee (Beaker browser) to talk about his new decentralised social network project, CTZN.
Finally found the time to open a discussion on the Snowpack forums about the lack of subresource integrity (SRI) in Skypack: https://github.com/snowpackjs/snowpack/discussions/2569
(Background: my post from the end of last year titled Skypack: backdoor as a Service? https://ar.al/2020/12/30/skypack-backdoor-as-a-service/)
"CommonJS to ESM in Node.js" by @aral https://ar.al/2021/01/27/commonjs-to-esm-in-node.js/
I've been migrating some projects to native ESM, and I ran into many of the same problems. There are some nice quick fixes in here I wasn't aware of.
You'd think somebody would write a codemod to just do this all automatically... Here's hoping someone invents one before I have to do my next migration. 🤞
I make Small Tech.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!