When I was there, I caught a couple interesting (and relevant) sessions.
Jen Myers (@antiheroine) - slides Jen is a web designer/developer, teacher and speaker from Chicago. She gave a good presentation on diversity in software development, an especially relevant topic in today’s environment.
Also, by viewing HTTP headers coming from Google Fonts, I learned about the Timing-Allow-Origin Response header from the Resource Timing spec:
The PerformanceResourceTiming interface exposes timing information for a resource to any web page that has included that resource. To limit the access to the PerformanceResourceTiming interface, the same origin policy is enforced by default and certain attributes are set to zero, as described in Section 4.5 Cross-origin Resources. Resource providers can explicitly allow all timing information to be collected for a resource by adding the Timing-Allow-Origin HTTP response header, which specifies the domains that are allowed to access the timing information.
David Epler (@dcepler) - To get good at writing secure software, you really should try and hack your own code - ZAP is a tool that can help you do that.
Elliott Sprehn (@ElliottZ) -
Elliott is the tech lead for the web components effort at Google, so he seemed qualified to speak on this topic. His HTML5 based slide deck was written using Web Components (you can view source and look for
<sd-slide> elements). He also helped me make progress on an open Chromium bug I submitted last fall: Issue 304722 - chromium - Intl NumberFormat minimumFractionDigits options property not honored
Nothing really new in this moderator led panel discussion on client-side vs. server side development, but it did validate that this is a common issue faced by many web developers. The answer almost always was that “it depends.”