Starting with Chrome 56 and Firefox 51, browsers will start warning users if they browse a non-HTTPS site that contains a password or credit card input field.
Google wants to push for HTTPS everywhere with a combination of deprecating existing Chrome features in non-secure sites, as well as new features only supported in HTTPS.
Mozilla has launched their website security analysis tool. Dubbed Observatory, the tool helps to spread information on best security practices to developers and sys admins in need of guidance.
NGINX Plus R10 has been released, with a focus on improving application security, and network integration. The release supports API authentication by validating JSON web tokens (JWT), and improved SSL/TLS performance in production with support for elliptic curve crypto (ECC) certificates.
Microsoft has published their guidance for creating “RESTful” APIs. Roy Fielding calls them HTTP APIs that have little to do with REST.
Postman is a popular Chrome application used to test, build, and document web APIs. InfoQ interviewed Abhinav Asthana, the founder and CEO of Postman, about the latest release to give our readers a better understanding of what Postman is, how it was created, why it’s popular with API developers, and what’s new in 3.0.
Google has recently announced that they will propose their experimental transport layer network protocol QUIC as a IETF Standard. Furthermore. Google has provided the first available figures about the improvements in page load time that QUIC makes possible.
Mozilla has released Firefox 37, bringing native playback of HTML5 video for Windows, and many security changes.
HTTP/2 specifications have been approved for publication, according to the IETF. 15 years after the launch of HTTP/1.1, IETF have gone through over 200 design issues, 17 drafts, and 30 implementations to get the specification approved to be published as standards-track RFCs.
Mark Nottingham, chair of the HTTP Working Group, asks the question What is the Web? As he mentions, this simple question has some complex and perhaps unexpected answers depending upon your perspective. A common approach would be to say that it has to be rooted in the Web browser, but that has some interesting consequences, not all of which are useful for non-browser stakeholders.
Wesley Beary, a member of the API team at Heroku, has compiled a list of guidelines for creating HTTP+JSON APIs presented in a condensed form here.
Jesper Richter-Reichhelm, Head of Engineering at Wooga, spoke at GOTO Amsterdam 2014 about some of the challenges teams face developing mobile games with a continuous delivery mindset. In particular Jesper stressed how lack of control over the software delivery process on mobile nearly crashed their business.
During the recent GlueCon 2014 conference in Colorado, Tony Tam, the creator of Swagger and CEO of Reverb, gave a well attended talk on Swagger APIs for humans (and robots), where he announced the Swagger 2.0 Working Group and an early version of an online code editor offering a dynamic YAML to Swagger UI conversion.
The Google Dart team has announced Dart SDK 1.3 which improves the performance of asynchronous server-side code to the point that Dart VM is on par with Node.js, the later using another Google technology, the V8 engine.
QUIC (Quick UDP Internet Connections, pronounced 'quick') is a multiplexing transport protocol running over UDP with the main goal to have 0-RTT connectivity overhead.