On the inside, but not on the outside. Web Components standardize the interface for components to interact like MCP standardized the protocol but the server itself can be in and language. You can't just mix Solid, React and Vue components together but you can use any web component in a Lit app.
It depends on the app. If the app has many hundreds or even thousands of DOM elements, there's no way to make that work smoothly with React or any other library or framework. Then a canvas based solution can fix things. I know, I've had to fix slow React apps.
I wish they would go after the fake spinning wheel discount pattern and the "app exclusive" or "better in the app" pattern. That's all a way to get people to install apps that will then bombard folks with notifications or slurp data off the device.
Reading the fingerprint.js is interesting, it's not just the thousands of extensions. It looks like it's also probing for a long list of webgl extensions, fonts, and other capabilities. There's recaptcha v3 references in there too.
Perhaps an overly aggressive attempt to block bots.
This is never an issue with number of engineers, it's an issue of business priorities.
Large tech companies have plenty of engineers to fix bugs, but most of them are on projects trying to 10X things instead of paying down debt.
Apple used to be unique in it's immunity to it, they even shipped an OS update claiming it was only big fixes and not features which is unthinkable these days. Over time there's much less focus on polish from them though.
Airbnb doesn't really follow that guide internally anymore. There's a lot of weird in there. I wish they'd publish the actual internal style and lint rules instead.
In something like a database zeroing or poisoning on free is probably a good idea. (These days probably all allocators should do it by default.)
Allocators are an interesting place to focus on for security. Chris did amazing work there for Blink that eventually rolled out to all of Chromium. The docs are a fun read.
reply