Sunday, February 23, 2020

Re: Veracode detected 5 XSS issues in nocache.js



On Monday, February 24, 2020 at 1:10:06 AM UTC+1, Craig Mitchell wrote:
I thought the <module>.nocache.js file just did the loading of the cache.js files, and the user didn't have much control over what went in this file.

You do have full control: you can chose the linker being used (defaults to the CrossSiteIframeLinker), or configure the behavior of the default linker (see https://github.com/gwtproject/gwt/blob/master/user/src/com/google/gwt/core/CrossSiteIframeLinker.gwt.xml to being with).
You could extend the CrossSiteIframeLinker (or DirectInstallLinker) and override some of the behavior (e.g. getJsComputeUrlForResource or getJsInstallLocation); see https://github.com/gwtproject/gwt/blob/master/dev/core/src/com/google/gwt/core/linker/CrossSiteIframeLinker.java and the *.js scripts in https://github.com/gwtproject/gwt/tree/master/dev/core/src/com/google/gwt/core/ext/linker/impl

--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/e43ea87f-6f58-4eca-8516-7b6aeeff9926%40googlegroups.com.

Re: Veracode detected 5 XSS issues in nocache.js

I thought the <module>.nocache.js file just did the loading of the cache.js files, and the user didn't have much control over what went in this file.  If there was a security issue with how this file was generated, I imagine it would affect all GWT applications out there.

--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/017cb39a-5f8a-41f3-bd5b-caf2a2642520%40googlegroups.com.

Re: Is GWT 3.0 /GWT 2.9 dead?

GWT is for large projects.

GWT is also great for small projects.  I'm using it for a little game I made  https://drift.team/  It's brilliant, as I can reuse the game logic code, to replay the game on the server, and make sure the person didn't hack the game and cheat.  :D

Big thanks to the community for keeping GWT going.  Looking forward to GWT3.0!

I do wonder if/when WASM supports garbage collection, then it'd be possible to make a good Java to WASM compiler.  GWT would then have some serious competition.

--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/c95ca5da-88e8-4be0-ae12-59af7ef2fc6c%40googlegroups.com.

Saturday, February 22, 2020

Learn more about our updated Terms of Service

Google
Updating Our Terms of Service
We're improving our Terms of Service and making them easier for you to understand. The changes will take effect on March 31, 2020, and they won't impact the way you use Google services.
For more details, we've provided a summary of the key changes and Frequently Asked Questions. And the next time you visit Google, you'll have the chance to review and accept the new Terms. At a glance, here's what this update means for you:
Improved readability: While our Terms remain a legal document, we've done our best to make them easier to understand, including by adding links to useful information and providing definitions.
Better communication: We've clearly explained when we'll make changes to our services (like adding or removing a feature) and when we'll restrict or end a user's access. And we'll do more to notify you when a change negatively impacts your experience on our services. We've also described how we respond to data disclosure requests, such as requests from government agencies.
Adding Google Chrome, Google Chrome OS and Google Drive to the Terms: Our improved Terms now cover Google Chrome, Google Chrome OS, and Google Drive, which also have service-specific terms and policies to help you understand what's unique to those services.
No changes to our Privacy Policy: We're not making any changes to the Google Privacy Policy and we haven't made any changes to the way we treat your information. As a reminder, you can always visit your Google Account to review your privacy settings and manage how your data is used.
If you're the guardian of a child under the age required to manage their own Google Account and you use Family Link to manage their use of Google services, please note that when you accept our new Terms, you do so on their behalf as well, and you may want to discuss these changes with them.
And of course, if you don't agree to our new Terms and what we can expect from each other as you use our services, you can find more information about your options in our Frequently Asked Questions.
Thank you for using Google's services.
Your Google team

Thursday, February 20, 2020

Snail Mail: Stigmatized Spaces

Slow Ventures Snail Mail

Stigmatized Spaces

Thursday, February 20, 2019

Happy New Year 🥳! It's been a while. This week, we're diving into why we're so strong on stigmatized companies & industries.

Also, consider this your formal invite to our Social 2030 event in SF next Wednesday (more info directly below).

Got forwarded this and want to subscribe? Go to https://slow.claims. 
🎟 Social 2030
Next Wednesday, February 26th, Slow Ventures, Lightspeed and The Information are hosting a discussion focused on the challenges and opportunities facing social media in the next decade.

To register, visit our website and use the Snail Mail code "Social2030" at checkout for free tickets. More information below! 

Social 2030:
  • When: Wednesday 02/19 from 12:30pm - 5pm PST
  • Where: The Pearl SF @ 601 19th St, San Francisco, CA 94107 
  • Audience: About 200 people actively building, interested in or investing in Social. 
  • Event Format: 30 minute group discussions featuring 2-3 panelists followed by drinks
  • Click here to register!
*Can't make it, but know someone who would be a good fit? Please pass on the event info, or reach out to adam@slow.co to make sure they get on the list.*
Stigmatized Spaces 😒
by Jill Carlson & Adam Heerwagen

This week, we thought it'd be interesting to dive into stigmatized companies & industries. We're bullish on these spaces not only because they represent huge, often untapped financial opportunities, but also because there's tremendous social good to be gained by de-stigmatizing these topics. Our culture is in the process of reframing these "taboo" subjects, and we are grateful to work with so many leaders in this growing conversation.


The mental health space is an arena that has seen dramatic shifts in public attitudes in just a few years. Until not long ago, mental health issues were largely deemed private matters to be dealt with behind closed doors, within families (if acknowledged at all). The rise of scientific research initiatives, media attention, and medical treatment options over the course of the 1980's and 1990's have advanced a new era of comfort and innovation around mental health. Now as everyone from celebrities to private companies join the conversation, emotional wellbeing and treatment has entered the mainstream.


Innovators in the wellness space are opening previously closed-door conversations about mental health across the board. Most directly, technology has begun to provide both services to better enable the patient-therapist relationship. From services improving the patient/therapist experience like *Brightside to software for ensuring secure payment to therapists like *Kip, innovators are enabling patients and doctors alike to access and provide care more seamlessly.  While cannabis used to be perceived as a recreational substance, it's now increasingly being viewed as a safer alternative to many other prescription pharmaceuticals for pain and depression. A growing body of scientific evidence demonstrates that cannabis can effectively treat everything from physical ailments like pain and inflammation to mental health issues like PTSD and depression. 


By no coincidence, the last five years have seen alcohol consumption rates decline as millennials become more conscious of the negative physical and emotional effects of excess drinking. In the last two decades, the number of drinkers worldwide has dropped by 5%. Low and no-alcohol drinks brands are increasingly cropping up. Players like *Tempest are creating the tools to support this new and growing population of non-drinkers, particularly targeting younger generations who seek community in their lifestyle choices. We look forward to finding more companies tapping into this shift in relationships with alcohol, substance use and abuse, and addiction.


Mental and emotional health are often tied to other areas of wellness, including sex. The last decade has seen major shifts in attitudes toward everything from pre-marital sex to relationships between same-sex couples. We've seen companies and brands encourage and lead this newly open conversation. Brands like *Unbound & *O.School are offering women an empowered experience engaging with their sexuality and sexual wellness. Sexual and reproductive health issues from erectile dysfunction to fertility have long been stigmatized and associated with shame, but companies like *Ro and *Stork Club are creating new avenues for individuals and couples to address these areas. Creators like *Mariposa are even breaking down barriers for trans-healthcare by enabling quality hormonal therapy to communities without access. We've seen a rapid evolution in public dialogue around sexual wellness, consent, pleasure, and expression and anticipate this will only continue to grow.

 

Every generation ushers in a shift in what is considered the norm. From preferences around money to discussion of mental health, the last few years has seen its share of change, only accelerated by social media and the internet. For the first time in history, we are able to connect instantly and globally with others who share our views, however niche they may seem to us in our own neighborhoods. Never before have we been able to engage anonymously, en masse, to share the interests and experiences we may otherwise have been ashamed to disclose. We understand that it's our job to pay close attention to the trends that emerge out of these changes and align our investments with the future, no matter the stigma that might surround them today. It is our hope that with these investments, a more open discourse around these areas will continue to unfold.

(* indicates Slow Portfolio company)

Want moar? Check us out on:
Facebook, Twitter, Medium or our Website

Signup for Snail Mail Newsletters at  http://slow.claims
Our mailing address is:
1006 Kearny St, San Francisco, CA 94133

Don't Want These Emails?
unsubscribe from this list
 

Donate BTC: 3BJW4B6GGpoQrjeom6RpVtkza3XPw2qjoK
Donate ETH: 0xD7599b3D15805aDF3144676914964e8fff53C925

Re: GWT strengths and suitability for enterprise apps - presentation

Would be also a good idea to point out to the evolving new ecosystem where new libraries and frameworks are being introduced.

On Tuesday, December 8, 2015 at 7:52:35 PM UTC+2, deba...@ainosoft.com wrote:
Dear community members,

Recently I came across a medium sized company specializing in BI and analytics and pitched them to switch their dev stack from Angular JS to GWT. Though I am yet to know how successful I am in it I definitely managed to create some ripples and start an internal debate. 

For this I created a Google presentation here.

I invite all of you to comment, debate and create a community ready material for all who may need in future. 

Let me know if there are any issues in accessing the document. 

thanks,
Debasish


--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/d8e07483-98b5-44ec-9b7c-695016db4ede%40googlegroups.com.

Re: Is GWT 3.0 /GWT 2.9 dead?

It is great to know we can use the snapshot with support for Java 11 already!
Unfortunately, except for the GWT team and those that follow the project closely, it looks like GWT is stuck at the 2.8.2 release 2.5 years ago, because the GWT official website contains no information on this. Maybe it would be good to put some text in the home page pointing to this.
I'm surely much more optimistic now that I know there is an usable updated version.
Great work, guys!

Em quinta-feira, 20 de fevereiro de 2020 08:01:43 UTC-3, Ahmad Bawaneh escreveu:
And lets not forget that it is not so long since j2cl was made public.

On Thursday, February 20, 2020 at 1:00:33 PM UTC+2, Ahmad Bawaneh wrote:
You dont need to maintain a separate branch or code base, you can use the latest snapshot which is as stable as a release, i am pretty sure when 2.9 is release you will only need to switch version and everything still works, if you can use the snapshot for some reason you can use the unofficial release as discussed here https://groups.google.com/forum/#!topic/google-web-toolkit/qmwiMVofhR8/discussion or you can fork and release internally.

and the community work, we need to know that the active members in the community is small, that is said we could have made a GWT3.0 a lot earlier, we could have focused in shipping a working maven plugin for j2cl and call the day, but most of the efforts is focused in making sure that old apps will be able to migrate to gwt3.0 without much effort and this part in specific is very important and very hard and consumes a lot of time, GWT apps in general are big apps and making GWT3.0 that only works for new apps only or requires app rewrite does not make any sense.

to get more insight on what have been done check this list

https://ci.vertispan.com/ 

On Wednesday, February 19, 2020 at 3:21:03 PM UTC+2, Luis Fernando Planella Gonzalez wrote:
It has always been said that GWT is active when similar questions are asked in the forum.
However, given that the last version, 2.8.2, was released on Oct 19, 2017 and was a bugfix for the 2.8.0 version, released on Oct 20, 2016, I can't see it as "active".
At least it smells bad!
Even the 1.0 release of Elemental can't be used, because it requires newer components than the pre-packaged version.
It is a sad thing, because I work on a large project using GWT since its 1.5.0 version, and our project is actively developed and still evolving.
I hope GWT 2.9 is out "soon", because we're planning to switch to Java 11 in the coming months, and it would be a burden to maintain a separated Java version only for the frontend part (been there, done that with Java 8).
The fact is that since Google left the project, things are way too slow.
Understandable, as it is based on best effor from the brave developers, but still disheartening.
Still, I don't loose hope that GWT will be still maintained.

Em terça-feira, 18 de fevereiro de 2020 12:08:40 UTC-3, Jeff Zemsky escreveu:
Frank - Thanks for the reply, but it would be good to understand the plans to complete the GWT 2.9 release - particularly with reference to Java 11 support.  Any insight there?

On Monday, January 27, 2020 at 4:23:09 AM UTC-5, Frank Hossfeld wrote:
Atm the community is very active. We are working on GWT modules: replacing generators and JSNI, testig the migraed moules against J2CL, etc.
Besides that, many new frameworks are evolving.

Take a look at this rooms:
https://gitter.im/gwtproject/gwt
to get more infos.

--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/9bf77f8d-2c11-4d1f-98f2-aa1ca188eb43%40googlegroups.com.