Wednesday, July 10th 2019
Video conferencing provider Zoom has pushed out an emergency patch to address the zero-day vulnerability for Mac users that could potentially expose a live webcam feed to an attacker, launching you into a Zoom video chat you’d never intended to launch. The move is a surprise reversal of Zoom’s previous stance, in which the company treated the vulnerability as “low risk” and defended its use of a local web server that incidentally exposed Zoom users to potential attacks.
Zoom says it used the local web server to make its service faster and easier to use — in other words, saving you a few mouse clicks. But the server also creates the rare but present possibility that a malicious website could activate your webcam by using an iframe, getting around Safari’s built-in protections.
Second, when Zoom is installed on a Mac device by the user, a limited-functionality web server that can only respond to requests from the local machine is also installed on the device to help launch Zoom meetings. This is a workaround to a change introduced in Safari 12 that requires a user to confirm that they want to start the Zoom client prior to joining every meeting. The local web server enables users to avoid this extra click before joining every meeting. We feel that this is a legitimate solution to a poor user experience problem, enabling our users to have faster, one-click-to-join meetings. We are not alone among video conferencing providers in implementing this solution.
My hope is that someone at Zoom got a call from someone at Apple today, indicating that the click-to-confirm Safari feature is intended to be used and that bypassing it is not cool.
Part of Zoom's response below. Basically: an update to Safari (probably for security?) added an extra click to joining a meeting. So Zoom added a whole damn, undisclosed, running webserver to your computer to Save You A Click. And it isn't sorry.
It's weird to me that Zoom is using UX as a scapegoat for a “feature” that turned into a large security vulnerability. Especially when Apple has been pretty clear about how the UX for this interaction should work through Safari's click-to-confirm.
I would further argue that good UX includes clarification of intent and system status especially when it even remotely concerns anything with video or audio functionality.
Apple has now taken things one step further and pushed out a silent macOS update that removes the web server, reports TechCrunch. The update is deployed automatically, so users don't have to manually apply it in order for it to take effect.
Zoom told TechCrunch it was "happy to have worked with Apple on testing this update" …
Tuesday, July 9th 2019
Asa Dotzler (via Zach Wood):
Today we released Firefox 68 with a color contrast audit feature in the dev tools. Before, you could inspect individual elements for color contrast. Firefox now offers a full page color contrast audit that identifies all elements on a page that fail color contrast checks. #a11y
With the addition of the color contrast audit feature in Firefox's dev tools, this will speed up accessibility audits of implemented designs. I'm excited to see more and more tools being updated to improve the process when designing and developing for accessibility. I'd love to see improved plugins or feature support for this stuff in Sketch/Figma/Photoshop.
Also: Tools For Accessibility, The WebAIM Million
Monday, July 1st 2019
So, it's thanks to the trash can Mac Pro that in 2019, it can truthfully be said: instead of putting a beefy graphics card inside your computer, you are now able to take a top-of-the-line gaming GPU, seat it inside an external box, plug that box into your computer, and—using a single high-bandwidth cable—push the necessary instructions to render 4K games at 60 frames per second on the card before (over the very same cable!) pushing those frames back to your notebook's built-in monitor without introducing any perceptible latency. I've seen daily evidence of this for the last month and I gotta say: it's pretty freakin' cool.
With more and more design apps slowly taking advantage of GPUs, this is something I would seriously consider if my 2015 iMac had TB3 ports.