Websites haven’t always been as adaptable as they are today. For modern designers, “responsivity” is one of the most significant defining factors of a good design. After all, we’re now catering to a host of users who frequently jump between mobile and desktop devices with varying screen sizes.
However, the shift to responsive design didn’t happen overnight. For years, we’ve been tweaking the concept of “responsive web design” to eventually reach the stage we’re at today.
Today, we’re going to take a closer look at the history of responsive web design.
Where Did Web Design Begin?
When the first websites were initially created, no one was worried about responsivity across a range of screens. All sites were designed to fit the same templates, and developers didn’t spend a lot of time on concepts like design, layout, and typography.
Even when the wider adoption of CSS technology began, most developers didn’t have to worry much about adapting content to different screen sizes. However, they still found a few ways to work with different monitor and browser sizes.
Liquid Layouts
The main two layout options available to developers in the early days were fixed-width, or liquid layout.
With fixed-width layouts, the design was more likely to break if your monitor wasn’t the exact same resolution as the one the site was designed on. You can see an example here.
Alternatively, liquid layouts, coined by Glenn Davis, were considered one of the first revolutionary examples of responsive web design.
Liquid layouts could adapt to different monitor resolutions and browser sizes. However, content could also overflow, and text would frequently break on smaller screens.
Resolution-Dependent Layouts
In 2004, a blog post by Cameron Adams introduced a new method of using JavaScript to swap out stylesheets based on a browser window size. This technique became known as “resolution-dependent layouts”. Even though they required more work from developers, resolution-dependent layouts allowed for more fine-grained control over the site’s design.
The resolution-dependent layout basically functioned as an early version of CSS breakpoints, before they were a thing. The downside was developers had to create different stylesheets for each target resolution and ensure JavaScript worked across all browsers.
With so many browsers to consider at the time, jQuery became increasingly popular as a way to abstract the differences between browser options away.
The Rise of Mobile Subdomains
The introduction of concepts like resolution-dependent designs was happening at about the same time when many mobile devices were becoming more internet-enabled. Companies were creating browsers for their smartphones, and developers suddenly needed to account for these too.
Though mobile subdomains aimed to offer users the exact same functions they’d get from a desktop site on a smartphone, they were entirely separate applications.
Having a mobile subdomain, though complex, did have some benefits, such as allowing developers to specifically target SEO to mobile devices, and drive more traffic to mobile site variations. However, at the same time, developers then needed to manage two variations of the same website.
Back at the time when Apple had only just introduced its first iPad, countless web designers were still reliant on this old-fashioned and clunky strategy for enabling access to a website on every device. In the late 2000s, developers were often reliant on a number of tricks to make mobile sites more accessible. For instance, even simple layouts used the max-width: 100% trick for flexible images.
Fortunately, everything began to change when Ethan Marcotte coined the term “Responsive Web Design” on A List Apart. This article drew attention to John Allsopp’s exploration of web design architectural principles, and paved the way for all-in-one websites, capable of performing just as well on any device.
A New Age of Responsive Web Design
Marcotte’s article introduced three crucial components developers would need to consider when creating a responsive website: fluid grids, media queries, and flexible images.
Fluid Grids
The concept of fluid grids introduced the idea that websites should be able to adopt a variety of flexible columns that grow or shrink depending on the current size of the screen.
On mobile devices, this meant introducing one or two flexible content columns, while desktop devices could usually show more columns (due to greater space).
Flexible Images
Flexible images introduced the idea that, like content, images should be able to grow or shrink alongside the fluid grid they’re located in. As mentioned above, previously, developers used something called the “max-width” trick to enable this.
If you were holding an image in a container, then it could easily overflow, particularly if the container was responsive. However, if you set the “max-width” to 100%, the image just resizes with its parent container.
Media Queries
The idea of “media queries” referred to the CSS media queries, introduced in 2010 but not widely adopted until officially released as a W3 recommendation 2 years later. Media queries are essentially CSS rules triggered based on options like media type (print, screen, etc), and media features (height, width, etc).
Though they were simpler at the time, these queries allowed developers to essentially implement a simple kind of breakpoint – the kind of tools used in responsive design today. Breakpoints refer to when websites change their layout or style based on the browser window or device width.
Viewport Meta tags need to be used in most cases to ensure media queries work in the way today’s developers expect.
The Rise of Mobile-First Design
Since Marcotte’s introduction of Responsive Web Design, developers have been working on new ways to implement the idea as effectively as possible. Most developers now split into two categories, based on whether they consider the needs of the desktop device user first, or the needs of the mobile device user. The trend is increasingly accelerating towards the latter.
When designing a website from scratch in an age of mobile-first browsing, most developers believe that mobile-first is the best option. Mobile designs are often much simpler, and more minimalist, which matches a lot of the trends of current web design.
Taking the mobile first route means assessing the needs of the website from a mobile perspective first. You’d write your styles normally, using breakpoints once you start creating desktop and tablet layouts. Alternatively, if you took the desktop-first approach, you would need to constantly adapt it to smaller devices with your breakpoint choices.
Exploring the Future of Responsive Web Design
Responsive web design still isn’t perfect. There are countless sites out there that still fail to deliver the same incredible experience across all devices. What’s more, new challenges continue to emerge all the time, like figuring out how to design for new devices like AR headsets and smartwatches.
However, it’s fair to say we’ve come a long way since the early days of web design.
Featured image via Pexels.
Source
The post A Brief History of Responsive Web Design first appeared on Webdesigner Depot.
Source de l’article sur Webdesignerdepot
Popular Design News of the Week: May 30, 2022 – June 5, 2022
Actualités, ActualitésEvery day design fans submit incredible industry stories to our sister-site, Webdesigner News. Our colleagues sift through it, selecting the very best stories from the design, UX, tech, and development worlds and posting them live on the site.
The best way to keep up with the most important stories for web professionals is to subscribe to Webdesigner News or check out the site regularly. However, in case you missed a day this week, here’s a handy compilation of the top curated stories from the last seven days. Enjoy!
Bob Ross Ipsum
22 Apps Designers Can’t Live Without
15 Best New Fonts, June 2022
Payload is Now Completely Free and Open Source
Why Does Every Movie Poster Design Look like This?
Web Design Tools for Fast and Efficient Design
Developers: Stop Feeling the Pressure – Do this Instead
What People Think that Web Developers do Vs. What We Really do
Anytype: A Local, Privacy-first Notion Alternative
Rumor: Apple to Announce New Search Engine Next Week
Background Grids, from Paper to Display
Source
The post Popular Design News of the Week: May 30, 2022 – June 5, 2022 first appeared on Webdesigner Depot.
Source de l’article sur Webdesignerdepot
On Architects, Architecture, and Failures
Actualités, Méthodes et organisation des process ITLet’s consider two things:
1.) Bad things happen to good people
Source de l’article sur DZONE
3 Proven Ways Managers Can Improve Developer Focus
Actualités, Méthodes et organisation des process ITWe want to make the Dev Interrupted podcast a vital, enjoyable part of your week. Please take 2 minutes and answer our new Listener Survey. It lets us know a bit about you, what you want from Dev Interrupted and what you want from podcasts in general!
This article was written exclusively for Dev Interrupted by Max Kolomaznik
Source de l’article sur DZONE
WordPress 6.0 Lives Up To The Hype
Actualités, ActualitésWordPress 6.0 has been released, and another niche jazz musician will be enjoying extra Spotify royalties next month.
WordPress 6, named for latin-jazz musician Arturo O’Farrill, is the realization of a change of direction the WordPress Foundation adopted several years ago.
All versions of WordPress now power around 42% of the web. That’s approximately 810,000,000 sites. If you looked at each site for a single second, without pausing to blink, it would take you over 25 years to see the home page of each one — of course, if you factor in how long a typical WordPress site takes to load it would take well over a century.
Some people (i.e., me) have been predicting the decline of WordPress for so long that sooner or later, we were bound to be correct. And, despite its astonishing reach, there are some signs that its market share may now be in decline. Even the W3C abandoned it in favor of Craft.
Of the 1,930,000,000 sites that currently make up the web, only around 400,000,000 are active. WordPress’s long-term dominance, coupled with a stalling market share, means that a disproportionate number of abandoned sites are WordPress. With site builders like Wix, Squarespace, and Shopify taking huge chunks of WordPress’ share of new sites, WordPress is facing something of a cliff edge.
What the ill-informed naysayers (i.e., me) hadn’t counted on was that WordPress had already seen the writing on the wall and formulated a plan…
WordPress’s problem has always been its legacy code; supporting out-of-date ideas and a spaghetti-like codebase has meant a great deal of work to do anything new. As a result, the last few releases have seen great ideas stifled by labored implementation. Even the most loyal WordPress user has to admit that Gutenberg, while filled with potential, doesn’t work the way it should. However, with WordPress 6, all the work may be starting to pay off.
With version 6, the block editor in WordPress is starting to feel like a design tool that, if not perfect, is at least usable. Editing content no longer feels like you’re fighting against the UI. Most importantly, the bar for creating a site is much, much lower. WordPress 6 also offers improved performance and accessibility, both areas that have traditionally been lacking. Security is still something of an issue, but that is mainly due to the ROI for hackers that massive market shares generate.
WordPress, it seems, has arrived at two conclusions: its main competition isn’t other CMS but other site builders. To maintain its market dominance, it needs to cater not to professionals but to amateurs.
Don’t get me wrong; the WordPress ecosystem will benefit from WordPress 6, at least reputationally. New sites run by amateurs eventually become established sites run by, if not professionals, then at least knowledgeable amateurs.
OK, so WordPress probably isn’t a good choice for enterprise sites. And there are certainly better options for ecommerce. And as for SEO, well, probably best not mentioned.
But in WordPress 6, we have a free, open-source site builder that lowers the bar for making a new site. It’s a credit to the community that has persevered to produce it.
Source
The post WordPress 6.0 Lives Up To The Hype first appeared on Webdesigner Depot.
Source de l’article sur Webdesignerdepot
CERTFR-2022-ALE-006 : [MàJ] Vulnérabilité dans Atlassian Confluence (03 juin 2022)
Actualités, Sécurité de l'information et du SI, Sécurité de l’information, Sécurité du système d’information[Mise à jour du 03 juin 2022 à 19h52] Atlassian a publié des correctifs.
Une vulnérabilité a été découverte dans Atlassian Confluence. Elle permet à un attaquant non authentifié de provoquer une exécution de code arbitraire à distance.
Cette vulnérabilité est …
Source de l’article sur CERT-FR
The Quest to Build the Perfect Bot w/ Ubisoft’s Joshua Romoff
Actualités, Méthodes et organisation des process ITWe want to make the Dev Interrupted podcast a vital, enjoyable part of your week. Please take 2 minutes and answer our new Listener Survey. It lets us know a bit about you, what you want from Dev Interrupted and what you want from podcasts in general!
Almost every single company we talk to focuses on having their engineering teams solve problems.
Source de l’article sur DZONE
Jump Into the DevOps Pool. The Water is Fine.
Actualités, Méthodes et organisation des process ITIn scanning the IT landscape, the call for DevOps engineers remains toward the top of many companies’ priorities. A nationwide search through various job posting sites returns literally thousands of DevOps opportunities. However, reviewing these job postings shows that the skillsets required are widely varied. In comparison, software development job descriptions and requirements tend to have a narrower focus – broadly speaking, a language and a particular framework. DevOps job descriptions and requirements range from implementing continuous integration and continuous delivery (CI/CD) processes, to building infrastructure, to configuration management, to cloud operations, to writing code in any number of languages, and so on. It’s an impressive and intimidating list. Have you considered joining the DevOps wave but have been challenged in getting a clear picture of what DevOps is or means? If so, you’re not alone.
What is DevOps?
While many organizations have DevOps teams, even within a single organization, there are likely to be multiple roles within a DevOps team. Why is that? The reason is that DevOps is a process, and various roles within a DevOps team each contribute to the process. The DevOps process is a product of the evolution of Agile development processes. With Agile, production-quality software is iteratively delivered, which drives the need to deploy software more often. The process of getting software into production needed to be streamlined, thus the DevOps movement and process was born.
Source de l’article sur DZONE
A Brief History of Responsive Web Design
Actualités, ActualitésWebsites haven’t always been as adaptable as they are today. For modern designers, “responsivity” is one of the most significant defining factors of a good design. After all, we’re now catering to a host of users who frequently jump between mobile and desktop devices with varying screen sizes.
However, the shift to responsive design didn’t happen overnight. For years, we’ve been tweaking the concept of “responsive web design” to eventually reach the stage we’re at today.
Today, we’re going to take a closer look at the history of responsive web design.
Where Did Web Design Begin?
When the first websites were initially created, no one was worried about responsivity across a range of screens. All sites were designed to fit the same templates, and developers didn’t spend a lot of time on concepts like design, layout, and typography.
Even when the wider adoption of CSS technology began, most developers didn’t have to worry much about adapting content to different screen sizes. However, they still found a few ways to work with different monitor and browser sizes.
Liquid Layouts
The main two layout options available to developers in the early days were fixed-width, or liquid layout.
With fixed-width layouts, the design was more likely to break if your monitor wasn’t the exact same resolution as the one the site was designed on. You can see an example here.
Alternatively, liquid layouts, coined by Glenn Davis, were considered one of the first revolutionary examples of responsive web design.
Liquid layouts could adapt to different monitor resolutions and browser sizes. However, content could also overflow, and text would frequently break on smaller screens.
Resolution-Dependent Layouts
In 2004, a blog post by Cameron Adams introduced a new method of using JavaScript to swap out stylesheets based on a browser window size. This technique became known as “resolution-dependent layouts”. Even though they required more work from developers, resolution-dependent layouts allowed for more fine-grained control over the site’s design.
The resolution-dependent layout basically functioned as an early version of CSS breakpoints, before they were a thing. The downside was developers had to create different stylesheets for each target resolution and ensure JavaScript worked across all browsers.
With so many browsers to consider at the time, jQuery became increasingly popular as a way to abstract the differences between browser options away.
The Rise of Mobile Subdomains
The introduction of concepts like resolution-dependent designs was happening at about the same time when many mobile devices were becoming more internet-enabled. Companies were creating browsers for their smartphones, and developers suddenly needed to account for these too.
Though mobile subdomains aimed to offer users the exact same functions they’d get from a desktop site on a smartphone, they were entirely separate applications.
Having a mobile subdomain, though complex, did have some benefits, such as allowing developers to specifically target SEO to mobile devices, and drive more traffic to mobile site variations. However, at the same time, developers then needed to manage two variations of the same website.
Back at the time when Apple had only just introduced its first iPad, countless web designers were still reliant on this old-fashioned and clunky strategy for enabling access to a website on every device. In the late 2000s, developers were often reliant on a number of tricks to make mobile sites more accessible. For instance, even simple layouts used the max-width: 100% trick for flexible images.
Fortunately, everything began to change when Ethan Marcotte coined the term “Responsive Web Design” on A List Apart. This article drew attention to John Allsopp’s exploration of web design architectural principles, and paved the way for all-in-one websites, capable of performing just as well on any device.
A New Age of Responsive Web Design
Marcotte’s article introduced three crucial components developers would need to consider when creating a responsive website: fluid grids, media queries, and flexible images.
Fluid Grids
The concept of fluid grids introduced the idea that websites should be able to adopt a variety of flexible columns that grow or shrink depending on the current size of the screen.
On mobile devices, this meant introducing one or two flexible content columns, while desktop devices could usually show more columns (due to greater space).
Flexible Images
Flexible images introduced the idea that, like content, images should be able to grow or shrink alongside the fluid grid they’re located in. As mentioned above, previously, developers used something called the “max-width” trick to enable this.
If you were holding an image in a container, then it could easily overflow, particularly if the container was responsive. However, if you set the “max-width” to 100%, the image just resizes with its parent container.
Media Queries
The idea of “media queries” referred to the CSS media queries, introduced in 2010 but not widely adopted until officially released as a W3 recommendation 2 years later. Media queries are essentially CSS rules triggered based on options like media type (print, screen, etc), and media features (height, width, etc).
Though they were simpler at the time, these queries allowed developers to essentially implement a simple kind of breakpoint – the kind of tools used in responsive design today. Breakpoints refer to when websites change their layout or style based on the browser window or device width.
Viewport Meta tags need to be used in most cases to ensure media queries work in the way today’s developers expect.
The Rise of Mobile-First Design
Since Marcotte’s introduction of Responsive Web Design, developers have been working on new ways to implement the idea as effectively as possible. Most developers now split into two categories, based on whether they consider the needs of the desktop device user first, or the needs of the mobile device user. The trend is increasingly accelerating towards the latter.
When designing a website from scratch in an age of mobile-first browsing, most developers believe that mobile-first is the best option. Mobile designs are often much simpler, and more minimalist, which matches a lot of the trends of current web design.
Taking the mobile first route means assessing the needs of the website from a mobile perspective first. You’d write your styles normally, using breakpoints once you start creating desktop and tablet layouts. Alternatively, if you took the desktop-first approach, you would need to constantly adapt it to smaller devices with your breakpoint choices.
Exploring the Future of Responsive Web Design
Responsive web design still isn’t perfect. There are countless sites out there that still fail to deliver the same incredible experience across all devices. What’s more, new challenges continue to emerge all the time, like figuring out how to design for new devices like AR headsets and smartwatches.
However, it’s fair to say we’ve come a long way since the early days of web design.
Featured image via Pexels.
Source
The post A Brief History of Responsive Web Design first appeared on Webdesigner Depot.
Source de l’article sur Webdesignerdepot
AA22-152A: Karakurt Data Extortion Group
Sécurité de l'information et du SI, Sécurité de l’information, Sécurité du système d’informationOriginal release date: June 1, 2022
Summary
Actions to take today to mitigate cyber threats from ransomware:
• Prioritize patching known exploited vulnerabilities.
• Train users to recognize and report phishing attempts.
• Enforce multifactor authentication.
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury (Treasury), and the Financial Crimes Enforcement Network (FinCEN) are releasing this joint Cybersecurity Advisory (CSA) to provide information on the Karakurt data extortion group, also known as the Karakurt Team and Karakurt Lair. Karakurt actors have employed a variety of tactics, techniques, and procedures (TTPs), creating significant challenges for defense and mitigation. Karakurt victims have not reported encryption of compromised machines or files; rather, Karakurt actors have claimed to steal data and threatened to auction it off or release it to the public unless they receive payment of the demanded ransom. Known ransom demands have ranged from $25,000 to $13,000,000 in Bitcoin, with payment deadlines typically set to expire within a week of first contact with the victim.
Karakurt actors have typically provided screenshots or copies of stolen file directories as proof of stolen data. Karakurt actors have contacted victims’ employees, business partners, and clients [T1591.002] with harassing emails and phone calls to pressure the victims to cooperate. The emails have contained examples of stolen data, such as social security numbers, payment accounts, private company emails, and sensitive business data belonging to employees or clients. Upon payment of ransoms, Karakurt actors have provided some form of proof of deletion of files and, occasionally, a brief statement explaining how the initial intrusion occurred.
Prior to January 5, 2022, Karakurt operated a leaks and auction website found at https://karakurt[.]group. The domain and IP address originally hosting the website went offline in the spring 2022. The website is no longer accessible on the open internet, but has been reported to be located elsewhere in the deep web and on the dark web. As of May 2022, the website contained several terabytes of data purported to belong to victims across North America and Europe, along with several “press releases” naming victims who had not paid or cooperated, and instructions for participating in victim data “auctions.”
Download the PDF version of this report (pdf, 569kb).
Technical Details
Initial Intrusion
Karakurt does not appear to target any specific sectors, industries, or types of victims. During reconnaissance [TA0043], Karakurt actors appear to obtain access to victim devices primarily:
Common intrusion vulnerabilities exploited for initial access [TA001] in Karakurt events include the following:
Network Reconnaissance, Enumeration, Persistence, and Exfiltration
Upon developing or obtaining access to a compromised system, Karakurt actors deploy Cobalt Strike beacons to enumerate a network [T1083], install Mimikatz to pull plain-text credentials [T1078], use AnyDesk to obtain persistent remote control [T1219], and utilize additional situation-dependent tools to elevate privileges and move laterally within a network.
Karakurt actors then compress (typically with 7zip) and exfiltrate large sums of data—and, in many cases, entire network-connected shared drives in volumes exceeding 1 terabyte (TB)—using open source applications and File Transfer Protocol (FTP) services [T1048], such as Filezilla, and cloud storage services including rclone and Mega.nz [T1567.002].
Extortion
Following the exfiltration of data, Karakurt actors present the victim with ransom notes by way of “readme.txt” files, via emails sent to victim employees over the compromised email networks, and emails sent to victim employees from external email accounts. The ransom notes reveal the victim has been hacked by the “Karakurt Team” and threaten public release or auction of the stolen data. The instructions include a link to a TOR URL with an access code. Visiting the URL and inputting the access code open a chat application over which victims can negotiate with Karakurt actors to have their data deleted.
Karakurt victims have reported extensive harassment campaigns by Karakurt actors in which employees, business partners, and clients receive numerous emails and phone calls warning the recipients to encourage the victims to negotiate with the actors to prevent the dissemination of victim data. These communications often included samples of stolen data—primarily personally identifiable information (PII), such as employment records, health records, and financial business records.
Victims who negotiate with Karakurt actors receive a “proof of life,” such as screenshots showing file trees of allegedly stolen data or, in some cases, actual copies of stolen files. Upon reaching an agreement on the price of the stolen data with the victims, Karakurt actors provided a Bitcoin address—usually a new, previously unused address—to which ransom payments could be made. Upon receiving the ransom, Karakurt actors provide some form of alleged proof of deletion of the stolen files, such as a screen recording of the files being deleted, a deletion log, or credentials for a victim to log into a storage server and delete the files themselves.
Although Karakurt’s primary extortion leverage is a promise to delete stolen data and keep the incident confidential, some victims reported Karakurt actors did not maintain the confidentiality of victim information after a ransom was paid. Note: the U.S. government strongly discourages the payment of any ransom to Karakurt threat actors, or any cyber criminals promising to delete stolen files in exchange for payments.
In some cases, Karakurt actors have conducted extortion against victims previously attacked by other ransomware variants. In such cases, Karakurt actors likely purchased or otherwise obtained previously stolen data. Karakurt actors have also targeted victims at the same time these victims were under attack by other ransomware actors. In such cases, victims received ransom notes from multiple ransomware variants simultaneously, suggesting Karakurt actors purchased access to a compromised system that was also sold to another ransomware actor.
Karakurt actors have also exaggerated the degree to which a victim had been compromised and the value of data stolen. For example, in some instances, Karakurt actors claimed to steal volumes of data far beyond the storage capacity of compromised systems or claimed to steal data that did not belong to the victim.
Indicators of Compromise
victimname_treasure@protonmail.com
victimname_jewels@protonmail.com
victimname_files@protonmail.com
Msuxxx.dll: SHA1 – 030394b7a2642fe962a7705dcc832d2c08d006f5
.
Here’s the deal
We breached your internal network and took control over all of your systems.
2.
3.
FAQ:
Who the hell are you?
Mitre Att&ck Techniques
Karakurt actors use the ATT&CK techniques listed in table 1.
Table 1: Karakurt actors ATT&CK techniques for enterprise
T1589.002
Mitigations
Resources
Revisions
This product is provided subject to this Notification and this Privacy & Use policy.
Source de l’article sur us-cert.gov
The Serverless Database You Really Want
Actualités, Méthodes et organisation des process ITThe dreaded part of every site reliability engineer’s (SRE) job eventually: capacity planning. You know, the dance between all the stakeholders when deploying your applications. Did engineering really simulate the right load and do we understand how the application scales? Did product managers accurately estimate the amount of usage? Did we make architectural decisions that will keep us from meeting our SLA goals? And then the question that everyone will have to answer eventually: how much is this going to cost? This forces SREs to assume the roles of engineer, accountant, and fortune teller.
The large cloud providers understood this a long time ago and so the term “cloud economics” was coined. Essentially this means: rent everything and only pay for what you need. I would say this message worked because we all love some cloud. It’s not a fad either. SREs can eliminate a lot of the downside when the initial infrastructure capacity discussion was maybe a little off. Being wrong is no longer devastating. Just add more of what you need and in the best cases, the services scale themselves — giving everyone a nice night’s sleep. All this without provisioning a server, which gave rise to the term “serverless.”
Source de l’article sur DZONE