2020 Web Milestones📅January 23, 2020🕒5 min read
Article Status: a work in progress, expected to be shaped and augment throughout 2020. Think of this more as a wiki page than a fully formed article.
The other day, as I watched Chromium Edge roll out, I thought to myself “end of an era. A huge milestone in the history of the Web”. I then stepped back and realized that there’s actually more than a few big things happening this year. Inspired, I fired off a tweet asking about big upcoming Web changes. It turns out that a lot of big stuff is happening this year, and this post will attempt to document most of it. I encourage you to submit pull requests here to help welcome in the new and eulogize the old. Without further ado, the list:
- (-) Windows 7 EOL - The second largest version of Windows with the lion’s share of remaining IE11 users. Hopefully its end of life prompts users to move to Windows 10 and off IE11.
- (-) EdgeHTML Rendering Engine EOL - Now that Edge is powered by Chromium, we have lost a renderer in the market. Moves the ecosystem from 4 main rendering engines “EdgeHTML, Webkit, Gecko, Blink” to 3 “Webkit, Gecko, Blink”.
- (+) Chromium Edge Released - With Chromium Edge, folks on Windows 7 and Windows 8.1 finally have an upgrade path to a modern browser while still having IE Mode so legacy enterprise sites that require IE11 still work.
- (+) Flow Rendering Engine and Browser Released - Just as we said goodbye to EdgeHTML a new rendering engine and browser popped onto the scene: https://www.ekioh.com/flow-browser/ Moves the ecosystem from 3 main rendering engines “Webkit, Gecko, Blink” right back to 4 “Webkit, Gecko, Blink, Flow”.
- (+) Web Components Everywhere - With Chromium Edge’s release, all major browser vendors are shipping Web Components V1, as per: https://www.webcomponents.org/
- (-) Goodbye CSRF, Hello Default SameSite Cookies - Browsers’ default policy has always been “when making a request to example.com, send cookies for example.com even if the request originates from a site other than example.com”. This behavior enables a security vulnerability and tactic called CSRF, where an attacker can trick you into visiting their site while you’re logged into example.com and then make malicious requests on your behalf. On Feb. 4th, this default behavior is changing to “when making a request to example.com, send cookies for exmaple.com only if the request originates from example.com”. The number of CSRF vulnerable websites this fixes is immeasurable, but a whole class of vulnerability will suddenly stop working for attackers on this day. HUGE.
- (+) Default image-orientation to “from-image” - Anyone who has dealt with image uploads and previews on the web can tell you about the bug report they’ve inevitably received: “help, when I upload my image, it appears sideways!” This is because browsers don’t take EXIF orientation into account when rendering
<img>tags. Photos shot from a phone turned sideways will appear rotated 90 degrees. Developers had 2 choices to work around this. 1. Upload photos to a backend which could manipulate and adjust the image before previewing. 2. Read the EXIF data off the image using a JS exif reading library, render the image to a
<canvas>, rotate the canvas, and then read the manipulated image data back out of the
<canvas>. Thankfully, by the time the next major version of Firefox and Chrome 81 roll out, the new default value for the CSS
image-orientationproperty will be
from-image, which will account for EXIF data and remove the need for these complicated and non-performant workarounds!
- (-) Python 2 EOL - Books will be written about the Python community’s long painful transition to Python 3. But finally it will be a history book as of April 20th.
- (-) Flash EOL - Adobe Flash pushed the entire web forward and served as a wakeup call to the Web community. You can probably say that HTML5 and a lot of the improvements to the Web that happened around that time were a direct response to Flash’s capabilities. All video sites, gaming sites, etc. ran Flash. Over time the Web (mostly) caught up. Flash was banned from the iPhone, which practically forced the Web community to move on. Flash languished for 10 years, mostly appearing in headlines about its many security vulnerabilities. Its EOL is December 31st. I’ll miss Flash.
Sometime This Year
- (+) http/3 Ships Unflagged in Major Browser - Chrome, Firefox, and others are already shipping http/3 behind flags. Major CDNs like Cloudflare have support. Work is going on right now to bring http/3 to Node. At some point, it’ll hopefully get unflagged this year, and we’ll shave another few % of latency off the average http request.
- (+) PHP 8 with JIT - PHP as a language and community is still productive and kicking. This year will see PHP move to a JIT which has potentially promising implications for performance, above and beyond all the impressive speed gains in the language since 7.0.