Third party

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

…why would cookies ever need to work across domains? Authentication, shopping carts and all that good stuff can happen on the same domain. Third-party cookies, on the other hand, seem custom made for tracking and frankly, not much else.

Then there’s third-party JavaScript.

In retrospect, it seems unbelievable that third-party JavaScript is even possible. I mean, putting arbitrary code—that can then inject even more arbitrary code—onto your website? That seems like a security nightmare!

I imagine if JavaScript were being specced today, it would almost certainly be restricted to the same origin by default.

Jeremy hits the nail on the head with third-party cookies and Javascript: if the Web were invented today, there’s no way that these potentially privacy and security-undermining features would be on by default, globally. I’m not sure that they’d be universally blocked at the browser level as Jeremy suggests, though: the Web has always been about empowering developers, acting as a playground for experimentation, and third-party stuff does provide benefits: sharing a login across multiple subdomains, for example (which in turn can exist as a security feature, if different authors get permission to add content to those subdomains).

Instead, then, I imagine that a Web re-invented today would treat third-party content a little like we treat CORS or we’re beginning to treat resource types specified by Content-Security-Policy and Feature-Policy headers. That is, website owners would need to “opt-in” to which third-party domains could be trusted to provide content, perhaps subdivided into scripts and cookies. This wouldn’t prohibit trackers, but it would make their use less of an assumed-default (develolpers would have to truly think about the implications of what they were enabling) and more transparent: it’d be very easy for a browser to list (and optionally block, sandbox, or anonymise) third-party trackers could potentially target them, on a given site, without having to first evaluate any scripts and their sources.

I was recently inspired by Dave Rupert to remove Google Analytics from this blog. For a while, there’ll have been no third-party scripts being delivered on this site at all, except through iframes (for video embedding etc., which is different anyway because there’s significantly less scope leak). Recently, I’ve been experimenting with Jetpack because I get it for free through my new employer, but I’m always looking for ways to improve how well my site “stands alone”: you can block all third-party resources and this site should still work just fine (I wonder if I can add a feature to my service worker to allow visitors to control exactly what third party content they’re exposed to?).

Dan Q found GC7B8X0 Into 7th Heaven

This checkin to GC7B8X0 Into 7th Heaven reflects a geocaching.com log entry. See more of Dan's cache logs.

Wonderful location for a virtual: what a view! I’m in Cape Town for a week of work and teambuilding with my new colleagues: a rare occasion as we normally work completely remotely from many different countries. I was pleased to be able to combine work with a trip up Table Mountain, especially on such beautiful day. Snapped the attached pic, then walked over to the other side to watch the sun set. TFTC!

Dan with the Table Mountain cable car

Map of -33.957617,18.403417

Dan Q found GC7B91V South with Scott

This checkin to GC7B91V South with Scott reflects a geocaching.com log entry. See more of Dan's cache logs.

Staying in the hotel nearby for a meetup event with my team, who’ve flown in from all over the world (USA, UK, France, Indonesia, Russia, among others) to meet one another face to face (we normally all work remotely). Needed to count the portholes twice but got the right answer in the end. TFTC (my first find in ZA)!

Dan with a statue at the GZ

Map of -33.919833,18.425133

Howdymattic Outtakes

Yesterday, I shared with you the introduction video I made for my new employer. A few friends commented that it seemed very well-presented and complimented me on my presentation, so I thought I’d dispel the illusion by providing this: the “outtakes”. My process was to write a loose script and then perform it multiple times (while being sure to wear the same hoodie) over the course of several days as I walked or cycled around, and then take only the “good” content.

That I’m able to effortlessly make a longer video out of a selection of the outtakes should be evidence enough that I’m just as capable of mucking-up a simple task as anybody else, probably moreso.

You may observe in this video that I made a number of “Hey, I found a…” snippets; I wasn’t sure what would scan best (I eventually went with “Hey, I found a… nothing?”). Folks who’ve seen this video have already criticised my choice; apparently the cow I found was more photogenic than me.

Also available on: VideoPress, QTube, YouTube.

Howdymattic

New employees at Automatticlike me! – are encouraged to make a “howdymattic” video, introducing themselves to their co-workers. Some are short and simple, others more-ornate, but all are a great way to provide the kind of interpersonal connection that’s more-challenging in an entirely-distributed company with no fixed locations and staff spread throughout the globe.

In anticipation of starting, tomorrow, I made such a video. And I thought I’d share it with you, too.

Also available on: VideoPress, QTube, YouTube.

When Experienced Women Engineers Look for New Jobs, They Prioritize Trust and Growth

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

How can we increase gender representation in software engineering?

Our Developer Hiring Experience team analyzed this topic in a recent user-research study. The issue resonated with women engineers and a strong response enabled the team to gain deeper insight than is currently available from online research projects.

Seventy-one engineers who identified as women or non-binary responded to our request for feedback. Out of that pool, 24 answered a follow-up survey, and we carried out in-depth interviews with 14 people. This was a highly skilled group, with the majority having worked in software development for over 10 years.

While some findings aligned with our expectations, we still uncovered a few surprises.

Excellent research courtesy of my soon-to-be new employer about the driving factors affecting women who are experienced software engineers. Interesting (and exciting) to see that changes are already in effect, as I observed while writing about my experience of their recruitment process.