Apple and Google recently announced the initial rollout of the joint effort Exposure Notification API. The API, which enables cross-platform contact tracing functionality, has been greeted with varying degrees of acceptance. Some municipalities, including my home state of Washington, are jumping headfirst into incorporating the functionality. Others, not so much.
Google Patches Critical Vulnerability in Site Kit Plugin
In late April Wordfence discovered a critical vulnerability in Google’s Site Kit plugin for WordPress that would make it possible for any user on the site to gain full access to the Google Search Console without verifying ownership. Google patched the vulnerability and released the fix in version 1.8.0 on May 7, 2020.
Wordfence published a timeline of the vulnerability, describing it as a proxySetupURL disclosure:
In order to establish the first connection with Site Kit and Google Search Console, the plugin generates a proxySetupURL that is used to redirect a site’s administrator to Google OAuth and run the site owner verification process through a proxy. Due to the lack of capability checks on the admin_enqueue_scripts action, the proxySetupURL was displayed as part of the HTML source code of admin pages to any authenticated user accessing the /wp-admin dashboard.
The other aspect of the vulnerability is related to the site ownership verification request, which used a registered admin action that was missing capability checks. As a result, any authenticated WordPress user was capable of initiating the request.
Wordfence identified several ways a malicious attacker might use this vulnerability to the detriment of the site’s ranking and reputation, including manipulating search engine results, requesting removal of a competitor’s URLs from the search engine, modifying sitemaps, viewing performance data, and more.
The security fixes are not detailed in the plugin’s changelog on GitHub. It does, however, include a note at the top that states, “This release includes security fixes. An update is strongly recommended.” Google has not published a post to notify users on the news section of the plugin’s official website. Without Wordfence’s public disclosure, users may not know about the importance of the update.
Google’s Site Kit plugin has more than 400,000 active installs, according to WordPress.org. Details of the 1.8.0 update are not available to users in the admin, since the plugin’s changelog is hosted on GitHub. There is no way for users to know that the update includes security fixes without clicking through to research. Due to the great deal of sensitive information to which attackers could gain access, users are advised to update the plugin as soon as possible.
PowerReviews Announces API Updates Including Improved Documentation
PowerReviews today announces competitive updates to its API, which will enable powerful new integrations with select technology partners and improve the usability of its entire platform.
Camel K in a Nutshell
Camel K, a project under the famous Apache Camel project, is a project that totally changes the way developers work with Kubernetes/OpenShift cloud platforms by automating the nasty configuration and loads of prep work from developers. If you are an old-time developer like me, you did your best to slowly try to adapt to the latest and greatest cloud native “ecology.” It’s not difficult, but with small things and traps here and there. I’ll tell you it's not a smooth ride. It’s understandable for emerging technologies. But with the large adoption of cloud, I see it’s reaching a level of maturity, where now we are thinking of how to make things go faster, as well as making it more accessible to the larger audience.
Check out some reasons why you might love Camel K.
Is Blockchain Tech the Solution to IIoT Security Dilemmas?
Digital transformation and the convergence of IT and OT in the industrial space have resulted in considerable challenges in securing infrastructures. This includes power grids, nuclear power plants, oil rigs, Supervisory Control and Data Acquisition (SCADA) systems, and machinery in factories and locations that traditionally have enjoyed security by obscurity.
While IoT provides critical data insights, it also means systems are vulnerable to cyberattacks, and network-level protection is not enough. Working with data brings significant challenges, from data generation, transportation, and storage to controlling data access, analytics, and sharing amongst multiple parties. To deal with these challenges, organizations need new tools, processes, and cybersecurity architectures.
Notion-Powered Websites
I’m a big fan of Notion, as you likely know from previous coverage and recent video. It’s always interesting to see what other people do with Notion, and even how Notion uses Notion.
I’d say most usage of Notion is private and internal, but any page on Notion can be totally public with the flip of a switch. We do that with some stuff like our post ideas page and here’s a simple camping checklist I made for myself.
![](https://i1.wp.com/css-tricks.com/wp-content/uploads/2020/05/Screen-Shot-2020-05-08-at-2.12.44-PM.png?resize=407%2C280&ssl=1)
That’s pretty rad. You could use that for lots of business-things you might otherwise literally build a website to do. Maybe a public product roadmap, a job posting, a press release an announcement…
But it’s not quite a website. You don’t get a custom domain name. You don’t have any analytics on it. You’re limited by the exact feature set of Notion.
People have been trying to extract the data out of Notion and essentially use it as a CMS for a while now…
- Krzysztof Kowalczyk: Powering a blog with Notion and Netlify
- Ben Borgers: How to use Notion as your blog’s CMS
- Tony Faieta: How I Use Notion As My CMS For My Gatsby Site
But all those ways are, ya know, a decent amount of effort.
Stephen Ou recently showed me a pretty cool idea he has called Fruition. It’s entirely free, and also a bit of effort to set up, but once you’re done, you have your own domain name that hosts a Notion page and gives you some control over it (like putting in fonts and scripts and such).
![](https://i2.wp.com/css-tricks.com/wp-content/uploads/2020/05/Screen-Shot-2020-05-08-at-2.23.24-PM.png?fit=1024%2C877&ssl=1)
It’s very clever in that it uses Cloudflare Workers to do all the heavy lifting.
This is probably the easiest-to-manage website ever. Just open Notion, change stuff, done.
Stephen admits Fruition is somewhat complex to set up. If you’re looking for something easier and perhaps more flexible, check out Super.
![](https://i1.wp.com/css-tricks.com/wp-content/uploads/2020/05/Screen-Shot-2020-05-08-at-2.26.21-PM.png?fit=1024%2C949&ssl=1)
I would note that none of these things are official Notion products or affiliates of it in any way. Honestly, they all make me a little nervous in that they could break if Notion ever decides they don’t care for the product to be used this way. I also feel like Notion has been saying an API is something they’d like to offer for a while. That will be the real answer to all this and there will be a proliferation of third-party products once we have it.
The post Notion-Powered Websites appeared first on CSS-Tricks.
Cloud and an Architectural Perspective Between Risk and Services
Currently, software architecture has several challenges, such as long-awaited scalability. The cloud brought this possibility with several IaaS, PaaS, and SaaS services. With so many options and services, which one to choose for each scenario? This article aims to talk a little about the disadvantages of choosing cloud services in our corporate software.
There are many challenges for an architect, like scalability and reduction of the response time of a request. It is nothing new that the concept of the cloud has brought several benefits to the world of software. In general, the cloud brought some of the following advantages:
Envato Launches Template Kits Marketplace for Elementor
Watch out block patterns. There is an old player in town making the hard sell before you have even rolled out of bed. Envato just dropped a massive library of template kits for Elementor in your front yard.
Not to worry, the company plans to open things up for the block editor in the future. The Elementor page builder just makes the most sense right now. It was the first to market. It is mature and has a backing of 5 million users, many of whom will be accustomed to commercial upsells, and $15 million in recent funding. Financially, it is the smart play. The company can also test the waters of this new category of products before opening it to other page builders and the block editor in a proven market.
Envato, the company behind ThemeForest and other marketplaces for creators, launched over 200 template kits today to its large audience of end-users and site builders. The kits cover a wide range of niches. Everything from book authors to medical practices to restaurants is covered.
“Launching template kits is our latest response to the growing demand for page builders and customers looking for design inspiration that is simple and easy to apply to their website,” said Cameron Gough, General Manager of Envato’s Content team.
While this is not an official partnership between Envato and Elementor, at least not on paper, it further broadens the appeal of the Elementor page builder. It is sure to spur massive growth beyond its current 5 million users. If there is one thing Envato knows how to do and do well, it is selling products. When we questioned whether page builders would be able to compete in the long term with the block editor, the largest third-party theme marketplace is betting at least this one particular page builder can.
The marketplace is completely open. “We’re encouraging new and existing authors in the Envato community to create their own template kits and upload them,” said Gough. “It’s a great way to break into this market, especially at this early point.”
For site designers who have worked with Elementor, now is a great opportunity to submit a kit. You can set your own price — most kits range between $15-$30. The great thing is that designers are not responsible for building a full WordPress theme from scratch. Instead, they can essentially create multiple templates with a page builder, bundle them via the Template Kit – Export plugin, and cash in.
The interesting aspect here is that people with an eye for design and the skillset to build those designs in Elementor can sell their creations without learning to code.
What Are Template Kits?
“A template kit is a collection of page and block templates or layouts, each with a similar visual style and typically focused on a particular niche,” said Gough. “See some of the examples in our launch collection like a restaurant, or a gym, or a web/design agency. You could liken it sort of the demo content layer that you can find in some premium themes.”
Currently, end-users must have a theme installed that integrates with the Elementor page builder for these template kits to work. After purchasing and downloading a kit, users can simply upload templates to their sites via the Template Kit – Import plugin.
Kits are merely a starting point. Users will need to fill in their custom content. They also have the power to change the design through Elementor’s built-in tools.
Envato launched the template kits marketplace on its ThemeForest website. The current 200+ kits are broken down into 22 categories, the most popular of which are Business Services, Food and Drink, and Technology Apps.
Sales are already starting to roll in on launch day. There are no clear favorites at the moment with the top sellers hitting only two sales thus far. This should change in the coming days and weeks. The highest-priced kits tend to contain dozens of templates. Some kits, like Spring Watercolor and Floral, contain over 100 in the collection.
“We know many WordPress professionals that want a pre-packaged, fully functional website template may continue to favor our existing collection of WordPress themes,” said Gough. “But we increasingly see customers wanting to develop websites from a page builder foundation rather than a full WordPress theme. For these customers, template kits provide a leg up on design, and it’s important we continue to support those changing needs.”
For the launch, there is at least one free template kit called SaaSy. It is a SaaS and app landing page kit that includes 10 page templates and 26 block templates. It will be available for free until May 31.
![Screenshot of the SaaSy template kit.](https://wptavern.com/wp-content/uploads/2020/05/saasy-template-kit.png)
“We know that the WordPress world continues to evolve and respond exceptionally well to the changing needs of the wider web design industry, and you only have to look at Gutenberg as one example of how the platform is evolving to meet the increasing demand for easier tools that provide a leg up on website design,” said Gough.
“Couple this with the strength of page builders such as Elementor and others, plus a vibrant and active community of developers, hosting providers, and more, we think there’s never been a better time to provide a new and easier way to bring WordPress websites to life.”
SQL Plus: The Sweet Spot
Need to get a bunch from rows out of the database? Most people are aware of the ARRAYSIZE parameter to improve the fetch performance back to the client, but many people are not aware of the newer ROWPREFETCH parameter.
Let's take a look at each to see how quickly we can drag data back to our SQL Plus client. I'll start with table called TX which is approximately 1500MB in size and has just over 10millions.
Media Feeds API for Chrome Would Enable Recommended Video Feeds
Google Chrome is in the early stages of developing a tool that would bring YouTube-like video recommendation feeds to most any website that has the content to support one. The fresh feature has already found its way to Canary builds of Chrome, where it lets people see what videos are queued up next.
The 5 Best Healthcare APIs for Medical App Development
myCOVIDrisk API Allows Companies to Track COVID-19 Risk to their Business and Workforce
Lepton Software, a GIS software provider, has announced myCOVIDrisk software and API. The new COVID-19 risk mapping solution helps businesses understand COVID-19 risks associated with their workforce, routes, assets, products, and more. The API tracks quarantine and containment zones in real-time.
Creating Your Own Language Objects in Teneo
Language objects are building blocks for language conditions. Sometimes you may not find the language objects you need in the Teneo Lexical Resources (TLR), for the simple reason that they do not exist. Teneo Lexical Resources have primarily been designed to cover general language expressions and common phrases, so whenever you want to use more (domain) specific words in your dialog, you may not find existing language objects for them.
The good news is that you can easily create missing language objects yourself. Once created, you can use them in your current solution. In fact, you can re-use them in other solutions as well!
The Ethics of AI
Whether in daily mobility, in industrial applications, or in the form of assistance solutions at home, artificial intelligence permeates an ever wider range of our lives. It is associated with great hopes, but it also raises fears. Therefore, the call for ethical guidelines regarding the new technologies is becoming increasingly louder.
How DevOps Teams Can Switch to Remote Work
COVID-19 has left things in disarray for Agile development teams. The sudden transition into a remote working structure has baffled the blended approach to DevOps which combines work culture and automation tools. The lack of contact work will start by striking your work culture first and then affect infrastructure and tools. It becomes imperative for your operative modes to adapt to the new normal. We've covered both these areas of Agile practices, so you don't incur the cost of inflexibility.
Keeping Things Continuous
Everything in DevOps is continuous. Code integration, delivery through testing, reviews, and deployment to end-users. The primary concern for a DevOps team would be to keep things continuous during the transition to this new work environment.
How to Repair Grub
Last time, installing Windows stopped my Ubuntu from booting-up. After some research, I managed to fix the boot-loader. I thought it might be worth sharing my experience for those who may face the same problem.
First of all, you need a live cd or bootable USB stick of any flavor of Linux distribution. For example, Ubuntu, Mint, or Fedora can be used.
Node.js v14 Has Arrived With Some New API Features
Version 14 of Node.js (the server-side Javascript platform) was released on April 14, and it brings several new features, some experimental, that can be a benefit to API providers and consumers. Node.js relies on an internal JavaScript engine called V8 that's built by Google. V8 recently released a new version, 8.1, that also includes new features. This newest version is part of Node.js 14, and as such, those new features are available in Node.js as well. Let's explore some of these new features.
UI Interactions & Animations Roundup #6
We are very happy to share our sixth UI interactions and animations roundup with you today! Lots of creativity has flown into these amazing works and it’s a pleasure to watch each and every one of them unfold their incredible imagination.
We hope you enjoy this collection and that it will spark some fresh inspiration in you!
Insidemind Motion Concept
by Nathan Riley
Motion exercise N°003
by Bastien Allard
Book event ios mobile app interaction
by Taras Migulko
Starlink Website Design
by Shakuro
Playful Creative Collective
by Zhenya Rynzhuk
Virtual Run | Landing Page
by Minh Pham
Memories Of A Geisha
by Kévin Lagier
Photographer Portfolio Interactions
by Kévin Lagier
Outpost – Concept Exploration
by Sean Hobman
Berluti Editorial Landing Page
by Francesco Zagami
Octane Material
by Matthew Hall
PanPan – Dog Treats UI
by Daniel Tan
Neural Network Website
by Max Gedrovich
Online Museums
by Viacheslav Olianishyn
Format web site design interaction
by Taras Migulko
Nana Asia Site of the Day on CSS Design Awards
by Cuberto
Kalli – Responsive HTML Templates II
by Anton Tkachev
Kati Forner Featured Projects Animation
by Zhenya Rynzhuk
X SEE
by Slava Kornilov
MUUTO Lookbook
by Nicholas.design
Interior Design Project Webpage Animation
by tubik
Play with Magic Motion
by Edoardo Mercati
UI Interactions & Animations Roundup #6 was written by Mary Lou and published on Codrops.