Cyber security is the practice of protecting systems, networks, and programs from digital attacks. These attacks are usually aimed at accessing, changing, or destroying sensitive information, extorting money from users, or interrupting normal business processes. Implementing effective cyber security measures is particularly challenging today because there are more devices than people, and attackers are becoming more innovative. People often use the same passwords on multiple accounts (and rarely change their passwords unless prompted). Since people are often the “weakest link” in a security program, one should periodically do a security checkup. This applies to individuals as well as organizations.

As you know, a security hacker is someone who seeks to breach defenses and exploit weaknesses in a computer system or network. Hackers may be motivated by a multitude of reasons, such as profit, protest, information gathering, challenge, recreation, or to evaluate system weaknesses to assist in formulating defenses against potential hackers. Once systems have been compromised or passwords leaked, access credentials are often placed on the “dark web.”

Some recent attacks – Facebook

3 months back on September 25, Facebook engineering team discovered a security issue affecting almost 50 million accounts. Attackers exploited a vulnerability in Facebook’s code that impacted “View As” a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.

In this article you can read about these Facebook attacks investigation and what we have learned from it. There is another article which tells more about how to check if your Facebook account got hacked and how badly.

Another attack – Starwood

Marriott’s guest reservation system has been hacked, potentially exposing the personal information of approximately 500 million guests. The hotel chain reported the hack affects its Starwood reservation database, a group of hotels it bought in 2016 that includes the St. Regis, Westin, Sheraton and W Hotels.

The company recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it.

Here is link to read the detailed news.

These are just two examples of many security breaches in 2018. It is a good idea to periodically question if you have been hacked.

How to tell if you have been hacked?

There are several online tools that can help you determine whether your accounts are secure. Here are a few of the best tools to check whether your online accounts have been hacked or compromised.

Have I Been Pwned is one of the best ways to check if your online accounts have been compromised? The tool uses your email address to check whether it is associated with any hacked data. Security expert Troy Hunt created the website, which lets users cross-reference their information with databases of breached credentials which were made.

Helpful sites for to tell if you have been hacked

• Has my email account has been hacked (if you suspect your account has been compromised, this is one of the first places you should check out).
• OSINT Framework (this is a collection of tools which more experienced individuals can reference to help determine if an account has been compromised).
• Firefox Monitor is another tool (an add-on to the Firefox Browser in this case) which informs you of what information hackers already have on you (and more).

What should one do if they find they are hacked?

• Take a close look at the “hacked” account.
• Get your account back to normal status.
• Tell friends and family you’ve been hacked.
• Keep an eye on your financial or credit accounts.
• Scan your computer for viruses and malware.
• Reinstall your operating system and restore critical data from your backups (you have tested backups and can restore from them, haven’t you).

Precautions we should take to avoid the Hacks

• Change your passwords routinely.
• Use a password vault. There are many available. This allows you to use different passwords on every site.
• Use two factor authentication where possible.
• Don’t re-use passwords on multiple sites.
• Keep your passwords long (and complex). If in doubt, length wins over complexity.

Sites you should reference

• Length wins – sites like http://correcthorsebatterystaple.net/provide long passwords that can almost be remembered (again use a password vault)
• This article 30 security terms you need to know to protect yourself online gives you more information on how you can protect yourself online.
• https://www.komando.com/tips/386048/check-whether-your-email-account-has-been-hacked
• https://www.makeuseof.com/tag/check-online-accounts-hacked/

We recommend periodically checking your accounts (and following recommended steps such as regularly changing your passwords). As 2018 draws to a close, this is a good time to review your security practices (and to start the habit of frequent reviews).

As always, we look forward to your comments and insights.

The post Year End Security Check appeared first on Web Professionals.

View full post on Web Professional Minute

The post Year End Security Check appeared first on SchoolofWeb.org.

Digital cookies are the behind-the-scenes gizmo that credits you with a sale generated by a web page visitor. What you may not realize is that it is entirely possible for a clever hacker to hijack those cookies and end up with a sale that should have been credited to your account.

We’re talking big money. Shawn Hogan drew the attention of the FBI when he redirected around $28 million from rightful affiliates to his own account over the course of a few years.

The process in question is known as cookie hijacking or session hijacking.

To protect your cookies, it’s time to get serious about cybersecurity. It’s time to learn what cookies are, how they get hijacked, and what you can do minimize the risk.

Understanding Cookies

A cookie is a small packet of data that a web server transfers to a browser when someone visits a web page. Think of it as a message that originates with the server and is received by the visitor. Unless the visitor has blocked cookies, that data downloads onto the system and makes it easier for the page to load the next time the visitor returns.

That’s the main purpose of cookies: to make visiting a page simpler by ensuring it loads a little faster. It also helps the owner of the page have a better idea of how many visitors the page generates, if there are return visitors, and in general keep up with traffic patterns.

As it relates to affiliates, those cookies also make it easier for you to get credit when a consumer purchases something via your page.

How Can They Be Hijacked?

Cookies are dead simple, which may be why they are often overlooked as a means of committing a crime. All it really takes is for a hacker to seize the cookie and make a minor alteration.

The next time a visitor lands on your page the cookie ensures that the hacker’s content loads. In most cases, it will be an almost perfect mirror of the original page. What’s different is the packet of information downloaded for the session is not original. It’s been altered. That sets the stage for the hacker to control what happens next.

What Does this Mean For Affiliates?

Why would cookie hijacking matter to an affiliate? After all, doesn’t the visitor use the URL to get to the right place and make a sale? What does the cookie have to do with it anyway?

The thing to remember is that the cookies make loading the order page easier. If you alter the data in the cookie so that the affiliate ID is no longer the same, the credit for that order is redirected to another source. That’s because the cookie is often stored in the raw URL for the session. Alter the cookie by changing the affiliate ID and the end user doesn’t really notice anything.

In other words, it appears that the consumer is placing the order with you, but it’s actually being placed with someone different. You never get credit for the sale and certainly don’t receive a commission. That makes this little malfeasance a form of affiliate fraud.

How Do You Know If Your Affiliate Cookies are Hijacked?

Cookie hijacking is difficult to spot. In fact, it would be almost impossible to detect when it happens during a live session. Whether the session hijacking is active or passive, you only have a chance of identifying the damage once it’s done.

One sign that something is not right has to do with the performance of the web page. If it begins to function erratically for no apparent reason, that could mean something has been altered. Alternatively, the page shutting down can be an indication something has been changed. At this juncture, you may want to check the cookies related to the page closely and see if the affiliate ID or even some other aspect of the cookie code is not as it should be.

If your affiliate partner emails or texts you when individual sales occur, compare that information to the commission report. If they don’t match, and there’s no evidence of returns or canceled orders, someone else is ending up with your commissions.

Are There Ways to Prevent Hijacks?

Preventing a hijack is actually simpler on the visitor side. If the page visitor has up to date malware and antivirus software, the protections in those programs will likely spot that something was changed during a session. This gives the individual the opportunity to end the session before completing a transaction. The problem is the high rate of old malware and antivirus software in use.

Your affiliate can provide some support in terms of preventing cookie-jacking. Depending on how the servers download cookies and what sort of security is used for your customized affiliate page, it may be possible to prevent hacking software from modifying the cookies and the session ID that’s generated.

Create Your Own Encrypted Internet Connection

It’s not as complicated as it sounds. The concept of a virtual private network or VPN is coming into its own and likely will become an indispensable component of internet connections before too much more time has passed.

A VPN works in conjunction with your ISP. It is a separate service that encrypts the data that flows between your device and the internet. You don’t have to be a cryptographer to realize that encryption makes it harder for a hacker to complete his task. The extra ten or so bucks a month is money well-spent.

Make sure your affiliate pages use HyperText Transfer Protocol Secure (HTTPS) rather than HyperText Transfer Protocol (HTTP). Doing so adds another layer of protection by scrambling the code that’s shared between the originating server and the recipient

The Bottom Line

You don’t devote time and energy to building a business only to have someone else steal sales as certainly as if they reached over and grabbed twenty bucks from your wallet. Make it a point to educate yourself about online security. Subscribe to a blog or two. You don’t have to be a techie to stay updated on the latest threats and keep solid malware protection in place.

The post Are Affiliate Cookie Hijackers Stealing Your Commissions? appeared first on Web Professionals.

View full post on Web Professional Minute

The post Are Affiliate Cookie Hijackers Stealing Your Commissions? appeared first on SchoolofWeb.org.

There is no question that learning interfaces are superior to hard-wired ones. The biggest example to me is the virtual keyboard on my mobile. The more I use it, the better it gets. It doesn’t only fix typos for me but also starts guessing the words following the current one correctly. And it doesn’t even matter if I swipe in English or German, the system is clever enough to recognize my needs based on earlier actions on my part.

Machine Learning is everywhere – it is just not accessible to most developers

I love the idea of learning machines and I think it is an inevitable step in the evolution of human-machine interaction. What we saw years ago in Star Trek – a ubiquitous computer at our beck and call with a voice interface – is now common. And we use it mostly to ask it about the weather. It makes no sense that we need to buy a certain device to reap the rewards of a new technology – I want this to be available on the web and any device.

The problem I have with this new evolution in computing is that it is opaque and locked to a few vendors. I love the web for what it is and how it broke down closed development environments and vendor lock-in when it comes to tooling. Anyone can start developing on the web, as it is the one and only truly open and distributed platform we have. The difference is the skill you have, not what device you have access to.

Now, when it comes to Machine Learning on the web, things look a lot less open and mature than I’d like them to be. In order to train models or to even get insights from models you need to use a third party service or library. Out-of-the-box, you can’t do any training or even image or facial detection in the browser.

Enter the WebML Community Group

I think this needs to change, which is why I am happy that there is a new community group of the W3C that works on an API proposal for Machine Learning on the web. This work started with Intel and Microsoft and I am happy we’ve come quite far, but now we need your help to make this a reality.

Let’s quickly recap why Machine Learning on the web and on device is a good idea:

• Enhanced performance – results from trained model are returned immediately without any network latency
• Offline functionality – lookups running on device don’t need a connection to a cloud service
• Enhanced privacy – it is great that many cloud services offer us pre-trained models to run our requests against, but what if I don’t want that image I just took to go to some server in some datacenter of some corporation?

As with every innovation, there are current limitations and things to consider. These are some of the ones we are currently working on in the discussion group:

• File size – well-trained models tend to be on the large side, often hundreds of megabytes. Using file sizes like that on the client side will result in I/O delays and also extensive RAM usage of browsers or your Node solution
• Limited Performance – browsers are still hindered by a single thread JavaScript engine and no access to multiple cores of the device. Native code doesn’t have that issue which is why we propose an API that allows access to the native ML code on different OSes instead of imitating them.

The current state of affairs

Currently you can use tensorflow.js and onnx.js to talk to models or do your own training on device. Whilst there are some impressive demos and ideas floating around using those it still feels like we’re not taking the notion that serious.

That said, it is pretty amazing what you can do with a few lines of code and the right idea. Charlie Gerard’s learning keyboard is a great example that uses tensorflow.js and mobilenet to teach your computer to recognize head movements and then control a keyboard with it.

I used Tensorflow.js to build a quick prototype of head-controlled keyboard to allow people to communicate with simple head movements. Might not be much but it's amazing that you can do stuff like that in JS ? https://t.co/KrEfxkywji #tensorflowjs #javascript #ML #accessibility pic.twitter.com/89V65DitLE

— Charlie Gerard ???? (@devdevcharlie) November 2, 2018

Why not just offer this as browser functionality?

One of the requests we often heard was why browsers don’t have this functionality built-in. Why can’t a browser create an alternative text for an image or recognize faces in a video? Well, it could, but once again this would mean your data is in the hand of some company and said company would control the functionality. It is no better than the offerings of native platforms in their SDKs. The web doesn’t work that way.

How can you help?

We’re right now in an experiment and investigating phase. As rolling out a new standard in the W3C isn’t a matter taken lightly we want to make sure that we deliver the right thing. Therefore we need to get real-life implementation examples where running ML on-device would make a massive difference to you.
So, please tell us what use cases aren’t covered in a satisfactory manner in the current web-talks-to-cloud-and-waits-for-data-to-come-back scenario.
We’re not looking for “I’d like to do facial recognition” but scenarios that state “If I had face recognition in JavaScript, I could…”. I’d be very interested in companies who do need this functionality to improve their current products, and I am already working with a few.
You can reach me on Twitter , you can fill out this form , or you can mail me at chris.heilmann@gmail.com with the subject “[WEBML scenario]”.

Thanks for your attention and all the work you do to keep the web rocking!

View full post on Christian Heilmann

The post Let’s make Machine Learning on the web and in the client happen. We need your input! appeared first on SchoolofWeb.org.

(Or something like that)

A few weeks ago I found this incredibly useful chart that describes different emotions you can use when you write about, well, emotions.

As you can see it’s been through the optimise-by-force mill of several posts on Facebook and other social media mangles and thus has become hard to read.

Fret not, for I spent the five minutes to turn it into a more readable interface.

You can find the source code of the HTML version on GitHub or click through it in all its glory on capable browsers. Older browsers get a simpler interface. I tried to make the showing and hiding as accessible as possible, but there is still space for optimization which I will ponder when I am back from the Christmas market.

Enjoy.

View full post on Christian Heilmann

The post Feeling chart – to make you write more goodly with better emotionness appeared first on SchoolofWeb.org.

PHP is a commonly used language for web sites and web application development. It is a general purpose, server-side scripting language run a web server that’s designed to make dynamic pages and applications. PHP is mainly focused on server-side scripting tasks, such as collecting form data, generating dynamic page content, or tracking session state. PHP also does much more.

PHP 5.6 Released August, 2014

PHP 5.6 was released August 14, 2014 with end of support scheduled for December 31, 2018. As readers know, many sites rely on this version (or slightly older versions).

The main features of PHP 5.6 included:

• Constant scalar expressions.
• Variadic functions and argument unpacking using the … operator.
• Exponentiation using the ** operator.
• Function and constant importing with the use keyword.
• phpdbg as an interactive integrated debugger SAPI.
• php://input is now reusable, and $HTTP_RAW_POST_DATA is deprecated.
• GMP objects now support operator overloading.
• File uploads larger than 2 gigabytes in size are now accepted.

For those who need more information about this version, we recommend this link.

PHP version life cycle

Each release branch of PHP is fully supported for two years from its initial stable release. During this period, bugs and security issues that have been reported are fixed and are released in regular point releases.

After this two year period of active support, each branch is then supported for an additional year for critical security issues only. Releases during this period are made on an as-needed basis: there may be multiple point releases, or none, depending on the number of reports.

Once the three years of support are completed, the branch reaches its end of life and is no longer supported. A table of end of life branches is available.

Here are the currently supported versions of PHP. Keep in mind that PHP 7.1 was released roughly 2 years ago. Unfortunately, many sites have still not upgraded to PHP 7. This will become more of an issue after December 31, 2018.

WHY UPGRADE TO PHP 7?

After over a decade without any major upgrades to the language, PHP 7 made its debut in December 2015. Since this upgrade brings so many significant changes after such a long time, the process of adapting to it can be intimidating.

However, there are quite a few reasons to switch over to PHP 7, particularly if you use WordPress. The minimum PHP requirements for WordPress core have increased, and many plugins and themes may soon become incompatible with older versions of PHP. Meanwhile, those past versions will not continue to receive security fixes forever, which could leave your site exposed to hackers.

Making the switch to PHP 7 is essential. At the same time, there are a few issues to watch out for during the process, such as non-compatible scripts. In this article, we’ll show you how to handle the upgrade to receive the best possible results.

HOW TO UPGRADE TO PHP 7

The simplest way to upgrade to PHP 7 is by asking your hosting company to update it for your account. This means you’ll need to be working with a hosting company that supports PHP 7 in the first place. Some companies make it easier to upgrade to PHP 7 than others.

This link has more information regarding a PHP upgrade for WordPress along with how to check compatibility issues.

What are the implications of doing a PHP upgrade?

When PHP is updated, it may break systems that relied on old or no longer supported features.  Existing themes, plugins, or modules may be incompatible with a PHP upgrade. To offset this risk, the best practice is to test the PHP update on a copy of your site (we recognize WordPress powers roughly 30% of web sites these days, but any site running older versions of PHP should be upgraded, regardless of the content management system or other application used). This initial testing allows developers to identify problems and test fixes before the update is made on your live site. Major hosting platforms like Pantheon and Acquia will automatically update applications that run on end-of-life versions. These automatic updates are a good safety measure but can break organizations’ sites unintentionally. Budget hosting platforms may continue to let organizations run end-of-life versions of PHP, leaving site owners unaware that their infrastructure is now vulnerable.

We found this article Ending the Year with a PHP Update contains a lot of useful information on why we need to do a PHP update and implications of doing this PHP upgrade.

For more information, we recommend

• https://haydenjames.io/php-5-6-eol-end-of-life-php-7-compatibility-check/
• https://webilicious.com.au/php-5-6-end-of-life-implications-for-joomla-1-5-and-joomla-2-5
• https://wpengine.com/resources/upgrading-to-php-7/

PHP is the programming language in which many common web applications are written – for example, Drupal, WordPress, and Joomla! PHP is the underlying framework for these content management systems. By the end of 2018, older versions of PHP (5.6 and 7.0) will officially be end-of-life and will stop receiving active security support.

The PHP team provides three years of support to major versions. This support includes fixes for bugs and security issues; however, at the end of three years, security patches will stop being released. These older PHP versions are then marked “end-of-life”.

In this case, PHP 5.6 and 7.0 are end-of-life on December 31, 2018, and December 3, 2018, respectively.) Continuing to run an end-of-life version is extremely risky and leaves a web server vulnerable to malicious scripts, malware, data breaches, etc. Although exploits to WordPress and Drupal – and their plugins and modules – get more media coverage, PHP vulnerabilities can be just as serious. Web Professionals should aware of these changes in the PHP.

Now is the time to confirm your site is running a newer version of PHP. We are always interested in your thoughts and look forward to your comments.

We encourage members (and non-members) check out our social media channels. If you aspire to be a web professional and don’t know where to start, we offer a number of beginning classes to our members via our School Of Web learning management system. As a member, your first class is free.

The post PHP 5 – End of Life appeared first on Web Professionals.

View full post on Web Professional Minute

The post PHP 5 – End of Life appeared first on SchoolofWeb.org.

The term phishing applies to any instance where a message or website pretends to be part of a legitimate organization but in fact has malicious intent. Most begin with an email distribution, urging readers to click on a link and enter their passwords, social security numbers, or other identifying information.

When a person falls victim to a phishing scam, they may not realize the extent of the impact. Nowadays, stolen personal data is commonly sold on the dark web, a trend which will encourage more attacks in the future.

Even computer experts can sometimes be fooled by a phishing attempt, so it’s important to know what to watch for when opening your email and browsing the web. This article will describe the top five methods for quickly determining whether a website is real or fake.

1. Examine the URL Closely

All websites on the public internet must use the hypertext transfer protocol (HTTP) with a registered domain name, which is the part of a web address that includes .com or .net. So when you first browse to a new website or click on an unfamiliar link, be sure to take a few extra seconds to review the URL in the address bar. If the address does not start with HTTP or HTTPS, close your browser right away as the site is unsafe.

Hackers will often buy domains that look like they are connected to a reputable company but actually redirect to a nefarious site. These addresses typically have misspellings in their name or use a different suffix.

Another trick that cyber criminals use is the disguising of a URL within a phishing email message. They may have a hyperlink that shows a familiar .com address, but when you click on it, the link will point to an entirely different location. When it comes to URLs, don’t trust anything except for what you see in the address bar at the top of your browser.

2. Check For the SSL Certificate

Websites with a secure sockets layer (SSL) certificate are equipped to handle requests over an encrypted connection. This means that all data sent between your browser and the website’s back-end servers cannot be decoded by any outside entities or hackers.

One of the first indications of a suspicious website is a missing or out of date SSL certificate. You can quickly check for this by looking at the left side of the address bar in your browser to see if a padlock icon is displayed. A simple padlock indicates a standard SSL certificate, while a green bar means that the website is using an extended validation SSL certificate, which offers some additional levels of security.

Modern browsers like Google Chrome and Mozilla Firefox will automatically warn you when you try to load a website that has a missing or expired SSL certificate. To be extra careful, you can click on the padlock icon to view the status of the certificate and the entity who registered it. Never submit any credit card transactions or other personal data through websites that lack an SSL certificate.

3. Scan Developer Tools

When you load a website’s contents into your browser, the HTML displayed in the window does not always tell the full story. In fact, the most dangerous part of phishing websites is often hidden in JavaScript and other code that is invisible to the untrained eye.

Fortunately, you can use the Developer Tools option in Google Chrome to scan for suspicious threats. To launch it, open the Chrome menu, go to the “More tools” submenu, and choose the “Developer Tools” option. A new panel will open with various tabs of information.

Perform a full refresh of the webpage and first check the “Sources” tab to see what external content is being loaded by your browser. Then do the same in the “Network” tab. If you see an unfamiliar domain listed in the logs, consider closing your browser and manually navigating to the website with a typed URL. You can even examine the webpage’s HTML and JavaScript code through the “Elements” tab.

4. Look for Contact Information

Reputable websites will either include their contact information in a dedicated page or else within the footer at the bottom of the HTML content. If you are unsure whether to trust the company with your sensitive data, consider checking these locations to validate the website owner’s identity. If you can’t find any contact information at all, chances the site is dangerous or poorly maintained.

Website footers also typically include a link to a privacy policy, which is a critical piece of information for internet users concerned about how their data is stored and who prefer that it not end up being hawked for a few bucks on the Dark Web. The policy will explain what kind of information is tracked by the website, how long it is kept, and what a user needs to do to delete it.

5. Query the Website Registration

Upon purchasing any public domain name on the internet, whether it’s by an individual or a large company, the new owner must register it through the Internet Corporation for Assigned Names and Numbers (ICANN). Think of it like a DMV system for website registration.

This can come in handy when you want to check on the validity of a suspicious looking website. You can navigate to a ICANN lookup service and query any domain on the public internet with a WHOIS command.

The result of WHOIS query will indicate the legal name and address of website’s owner. It cannot tell you for sure whether a website is real or fake, but if the information provided does not look genuine or references a suspicious organization, you should avoid visiting the address entirely.

Final Thoughts

While phishers can be sneaky, the real problem lies in a gullible public or one too busy to take the time to learn how to properly vet websites. These tips we’ve just covered aren’t foolproof but can go a long ways towards ensuring you don’t hand over your credit card or other personal information to every hacker who throws a fake website in front of you.

It’s like crossing the road. Stop for a few seconds, look both directions, and make sure you have the lay of the land before proceeding. Good luck and thanks for reading.

Editor’s note: Will Ellis develops the guts beneath beautiful websites and can’t wait to see what the blockchain world will look like once the technology fully emerges. He invests in cryptocurrencies and studies history.

The post How to tell at a glance if a website is fake appeared first on Web Professionals.

View full post on Web Professional Minute

The post How to tell at a glance if a website is fake appeared first on SchoolofWeb.org.

The post CS5 – User Video appeared first on SchoolofWeb.org.

The day before yesterday I was honoured to open the Berlin Edition of Codemotion
. Codemotion touts itself the biggest developer event in Europe and is a multi-track event in Amsterdam, Rome, Madrid, Milan and many other European locations. I spoke there before in Rome, but I have to say the event grew much bigger and they do a great job with the marketing around the event.

My opening keynote covered the topic of ethics in AI and democratizing Machine Learning. I made sure to end on a positive note and invite anyone to start playing with and owning these technologies instead of just becoming consumers or victims of it.

In addition to the keynote, I also got interviewed by InfoQ on the same topic and you can read the interview and my answers here .

I collected the slides, resources and tweet reactions of the opening keynote on notist.

My second task was a more technical JavaScript talk about getting to grips with the changed world of JavaScript without feeling overwhelmed. Again, all the resources, slides and tweet reactions of the JavaScript talk are on notist.

I’d love to say more about the event, but with me being interviewed in between and generally having a bad cold, I didn’t watch too many other talks and stayed in the shadows.

That said, I managed to bring my partner and the web-famous Larry the dog to the speaker dinner and he was a much bigger success than I could ever be .

I’m looking forward to the videos and the interviews done at Codemotion and thank everyone I met, as there were some interesting leads for me.

View full post on Christian Heilmann

The post Codemotion Berlin – AI for good keynote and making people happier JavaScript developers appeared first on SchoolofWeb.org.

This, in addition to a few other factors, makes Halfstack incredibly affordable, relaxed and at the same time full of great content. That’s why I keep presenting there, even when this time – for the first time – I had to fly to London to participate.

This year had quite an amazing line-up and a lot more talks than the past editions. The average talk length was a lot shorter than in the earlier years. To me, that’s a good thing. Better to make one point really well than treating an audience once again to the history of computing and how that relates to that brand new technology you actually wanted to talk about.

I shot a lot of photos, all of which are in this Google Photos album and here’s a quick recap of the talks.

The talks

Chris Heilmann, Microsoft: “Bringing best practices front and centre”

Chris Heilman kicks off #halfstackconf with the first presentation, Bringing Best Practices Front and Centre! pic.twitter.com/4mpNiZKzvk

— London HalfStack (@halfstackconf) November 16, 2018

My opening keynote was about what we consider best practices and how they are often not applicable in context. How we miss out the opportunity of making them a starting point for new developers rather than something they have to learn to value after making the same mistakes we did before. With open and extensible editors like Visual Studio Code and tools to test the quality of our products while we deploy or even create them like webhint, we have a chance to embed our knowledge into the development flow instead of hoping people start caring.

My slides, resources and twitter reactions for ‘Bringing best practices front and centre’ are on notist.

Ada Rose Cannon, Samsung: “The present and future of VR on the Web”

Ada Rose is chock-full of talent, knowledge and does a lot of good work to move the web into the third dimension and beyond. Working for Samsung’s Internet browser has its benefits as you have access to a lot of hardware to test. Ada showed examples from the history of VR/AR and XR and how it applies to web technologies. She ended with a call to action to support the Immersive Web Community Group of the W3C to get this work further along. It is fun to see someone who is so emerged in a topic explaining it in an accessible manner rather than drowning in jargon.

Alex Lakatos, Nexmo: “Building Bots with JavaScript”

Alex Lakatos worked with me at Mozilla, back then as a community member and was one of the first to benefit from their speaker training program. And it shows. In a few minutes he explained the benefits and pitfalls of bots as a platform and communication channel and showed in live demos how to train a bot in JavaScript how to understand humans. Both his slides and his demo code are available.

Alex also runs the developer avocados newsletter, a great resource for Developer Advocacy, call for papers and all that is related to that.

Anna Migas, Lunar Logic: “Fast But Not Furious: Debugging User Interaction Performance Issues”

Anna Migas doesn’t only have an incredibly easy to remember Twitter handle (@szynszyliszys), she also has done a lot of homework in the area of web performance when it comes to making interfaces react quickly to the user. There is a truckload of information on the topic out there, and Anna did her best to distill it for the audience into sensible, digestible chunks in this short talk. Well worth a watch and share. Her slides are here to peruse.

Liliana Kastilio, Snyk: “npm install disaster-waiting-to-happen”

Liliana Kastilio gave her first ever presentation and covered a lot of security ground about what not to do in your JavaScript. I expected a different talk considering the title, but I was not disappointed. A lot of sensible takeaways in a short amount of time.

Andrico Karoulla, Trint: “Enter ES2018”

Andrico Karoulla is heir to a Fish and Chip shop and thus should already be set for life. However, his passion is telling people about the cool new features of JavaScript and he did so in a short talk. He didn’t only tell us about the features, but also managed to explain why they are important and what real implementation problems they fix. Good show, even when he had a tough time speaking into the mic and coding at the same time.

Stephen Cook, Onfido: “100% CSS Mario Kart”

Stephen Cook delivered the first jaw-dropping talk of the day by creating a CSS Mario Kart game. He applied a few interesting tricks, like a negative delay on CSS animations and using the validity state of the hidden form field to read out keystrokes in CSS. I’ve seen a few demos like that before, but it is pretty impressive to see it done live in such a short amount of time including explanations why some of these tricks work.
Both Stephen’s slides with explanations about the hacks and the demo of the Mario Kart animation are available

Sean McGee, Esri UK: “Buying a House with JavaScript”

Sean’s talk was a big let-down for anyone who thought they could learn how to afford buying a house in London with JavaScript as your only skill. If you came to learn about creating a clever mash-up of house offers, crime and travel information, you had a great time. Sean explained not only how to scrape the data, but also how to mash it up and display it in an intelligent manner that allowed him to find an affordable place with all the trimmings he wanted. As a former pipes/YQL and maps person, I was very happy.

Jonathan Fielding, Snyk: “Home Automation with JavaScript”

Jonathan Fielding is another person who spoke at a few Halfstack events and this time he covered the topic of home automation. It is a great topic and a market that needs cracking open as there are not many standards available. Instead you need to do a lot of reverse engineering and tinkering and Jonathan explained in an accessible fashion how to do this. Amongst other things, Jonathan lit and changed the colour of light bulbs on stage and deactivated his home security system – as you do.

Rob Bateman, The Away Foundation: “Reanimating the Web”

Rob gave a similar talk at the warm-up of Beyond Tellerand Duesseldorf earlier this year, so you see the high quality and lots of work that went into this. He covered the history of animation on the web and went deep down into the nitty gritty on how we can ensure both that animations are buttery smooth and comparatively fast to native solutions doing the same things. A good reminder that we had a lot of innovation in the Flash space, and we now need to catch up again – both in tooling and in our approach to write animations.

Carolyn Stransky, Blacklane “The Most Important UI: You”

Carolyn Stransky was the second “wow” moment for me this time. Her talk (slides are available here was about self care, how to be good to yourself and how to ensure we are not creating a horrible work environment. I’ve seen a few of these talks, but often they are high-level and “why aren’t we all better at this” finger pointing. Carolyn did a great job showing a truckload of resources you can use to make your life a bit easier and better and explained how to use them instead.

If you’re a conference organizer, contact her. This was absolutely lovely.

Tom Dye, SitePen and Dylan Schiemann, SitePen: “Cats vs. Dogs”

Tom and Dylan mostly did this talk to play out their fetish of wearing rubber animal masks:

Other than that kinky interlude, the talk was about all the weird little discussions and endless threads we have as a community about pointless things like tabs vs. spaces.

The real important part here was though that they build a PWA that allowed the audience to vote for cats or dogs and control the speed of their tails wagging. You could also make them miaow or bark. ARE YOU NOT ENTERTAINED?

Cameron Diverand and Theodor Gherzan of Balena: “JavaScript at the edge”

Cameron and Theodor showed how to control a board of LEDs in JavaScript with sound coming from the audience. They didn’t talk about the Edge browser, which – to me – was disappointing. If you like the sort of thing of doing crazy hardware things in JavaScript, though, this was a lot of fun.

Jani Eväkallio, Formidable: “This Talk Is About You”

Jani did a poetry reading at the last Halfstack. This time he went further and did a visual storytelling kind of presentation reminding us that we’re not victims of the market we are in but should be much more in control over the quality of and the impact our code has on the world. This is tough to explain, it may make more sense to wait for Halfstack to release the video, as it was thoroughly enjoyable.

Jani does a lot of performing and is a joy to see present. Check it out. The keynote file of his talk is here. He also organises a technology comedy night called Component did Smoosh and the next one is 30th of November in Berlin.

Tony Edwards, Software Cornwall: “Beats, Rhymes & Unit Tests”

Tony Edwards is an incredibly passionate person about the web and organiser of the FutureSync conference, where he was crazynice enough to invite me to speak. In this session he covered the experimental web speech to text API and tried it on different rap lyrics with not much success. He then proceeded to do a live rapping session expecting the (mostly) British audience to go wild like a rap battle in Detroit or LA. It worked to a degree though, and his rap was much better converted by the API. All in all a thoroughly enjoyable talk by a multi-talented, nice bloke.

As a side node, using a full fledged deep learning API would give you much better results. The big thing about text recognition isn’t the interface to the browser, but the quality of the trained model. And they don’t come cheap which is why Mozilla tries to open-source that idea with their Common Voice project.

Professional detection software also started mixing audio recognition with lip-reading, which is incredibly exciting and yields much better results.

Joe Hart, Blend Media: Alpha, Beta, Gamer: Dev Mode

Joe Hart’s talk was a splendid end of the evening. He covered oddities in the history of computer gaming and had a lot of interactive games with the audience. A Flappy Bird clone that worked by shouting at it, a Tetris clone where one player painted impossible Tetronimos and the other had to fit them in and other cruel measures to make the audience have fun and participate. Joe Hart is a Fringe presenter, so there is no question about the quality. This was fun from start to end.

Summary

Yes, Halfstack is different and the quality of the projector was questionable. The food was lovely though and having it in a pub means speakers are much more relaxed and lapses in their presentations much easier forgiven by the audience. Dylan and team are trying to take this concept on the road and for the first time plan to do a Vienna and NYC edition of the conference. I am really looking forward to seeing this succeed. I’ll be back and I’ll be having a great time again. Halfstack is an easy-going, yet valuable and highly diverse event, and well worth the money.

View full post on Christian Heilmann

The post Let’s all go to the pub – to learn about web development – Halfstack 2018 in London, England appeared first on SchoolofWeb.org.

A voice-user interface (VUI) makes human interaction with computers possible through a voice/speech platform in order to initiate an automated service or process.” VUI design focuses on the process of interaction design for the user and the voice application system.

Everything You Should Know About Voice User Interface Design in 2018

Language is a communication method unique to human beings. We are now in the era of rapid development of artificial intelligence (AI) which will inevitably liberate our hands through the use of a Voice User Interface (VUI). Voice User Interface is a major trend in 2018 and has become a part of our daily lives. VUI is used in smartphones, smart homes, smart TVs, and a range of other products. All over the world, people are getting used to talking to Siri, Google Assistant, Cortana, or Bixby.

Voice User Interface design is a promising brand new field which provides solutions through voice control. With VUI and GUI combined, human-machine interaction can be enhanced and streamlined using input via facial expressions, gestures, and audio.

We encourage readers to follow this link for more information.

How to Design Voice User Interfaces

If you are new to designing voice user interfaces, you may quickly find yourself unsure of how to create great user experiences. The way users interact with voice user interfaces is very different from how they interact with graphical ones. Not surprisingly, users’ expectations for voice user interfaces are that the interaction will be more like communicating than using technology, because they associate voice and talking to other people, not technology. Voice user interfaces are growing in number, sophistication and reasonably priced availability. Here, you will learn what the users expect from voice communication and get practical guidelines for how to design great voice user interfaces.

This article has more information on designing the voice interface.

The Impact of Voice in UX Design

In the article The Impact of Voice in UX Design: And what to do about it, everything related  web and application designers, voice interaction represents, perhaps, the biggest UX challenge since the dawn of the touchscreen age has been explained.

• Voice 101
• What is Voice UI?
• The Rise Of Voice
• The Impact Of Voice On Web Design
• The importance of words
• Understanding user intent and adaptability
• Engagement and personalization

The continuing growth of voice UX is undoubtedly a welcome development – as evidenced by the proliferation of platforms and devices integrating the tech, and the increasing number of people getting acclimated to using voice.

Some additional links

For those who would like to learn more about voice interfaces and various uses, we recommend these articles.

• Conversational semantics
• Designing a VUI – Voice User Interface
• Using Amazon Polly and WordPress
• The UX of Voice: The Invisible Interface

Voice user interface is emerging as a major trend in 2018. Readers should understand the implications and begin thinking of how best to incorporate this technology into their business goals.

As always, we look forward to your comments and feedback (whether you are a member or not).

We encourage members (and non-members) check out our social media channels. If you aspire to be a web professional and don’t know where to start, we offer a number of beginning classes to our members via our School Of Web learning management system. As a member, your first class is free.

The post November Update – Voice User Interface appeared first on Web Professionals.

View full post on Web Professional Minute

The post November Update – Voice User Interface appeared first on SchoolofWeb.org.