If it's really accessible from *.google.com, wouldn't this be simple to verify/exploit by using Google Sites (they publish your site to sites.google.com/view/<sitename>)?

JS on Google Sites, Apps Script, etc. runs on *.googleusercontent.com, otherwise cookie-stealing XSS happens.

We made drag-and-drop interfaces accessible by allowing users to TAB through the original list, press ENTER on the item they want to move, then use the arrow keys to move the item and press ENTER again when done (or ESC to cancel). After each move, the item's current position, and any necessary local context, was announced via `aria-live` region.

There are other ways that this can be accomplished with even fewer keystrokes, so I can't imagine a scenario where drag-and-drop interfaces would have to be avoided because they couldn't be made meaningfully accessible.

do you have a demo or a gif or this? would love to see it

I can't share the work I referred to above, but it was very similar to the last example on this page: https://salesforce-ux.github.io/dnd-a11y-patterns

Disclaimer: I have no affiliation with Salesforce or the creation of that example page. I just found it in a web search.

It helps to reframe your thoughts on accessibility as a subset of user experience (UX). Putting aside any potential moral argument, how important is UX to your business/project?

When accessibility is thought about and incorporated ahead of time, your overall user experience tends to be better. This is sometimes referred to as Universal Design.

I managed a project where we implemented a UI redesign for our existing enterprise SaaS software and we "went the extra mile" to not just make the experience accessible but to make that experience pleasant for our users with disabilities. In the end, some of the features -- especially around keyboard navigation -- that came out of that accessibility work were considered the best part of the redesign to our users.

Love this comment and the connection between UX and universal design. From a reductionist standpoint theres little value, from an expansive standpoint accessibility is literally how you make your product accessible to more customers

Heads up: I opened this link in a new tab and it immediately started playing a very loud, constant tone.

If you're wearing headphones or have your speakers turned up, be careful!

I've taken the approach of only reading the 3-star reviews.

In most cases, a 3-star review will provide a pretty thorough assessment of the pros and cons, and it's generally easier to determine the authenticity of the review.

It's worth noting that this is comparing the Apple Developer Transition Kit (with the A12Z SoC from the March 2020 iPad Pro) to the Surface Pro X (with the MS/Qualcomm SQ1 from October 2019).

It'll be interesting to see what Apple actually ships in production hardware.

Pretty much any Android device from the past 4-5 years should support connecting to WiFi via NFC (assuming the device actually supports NFC).

I get your point that a highly-motivated attacker has other, less sophisticated, ways of getting to your data.

However, if we're playing poker and I learn your tell, it's in my best interest that you are naive to that fact. While not the best analogy, I would think that the same concept would apply to state actors.

An "unknown caller" is typically one that has no caller ID information provided (e.g., unlisted number). However, getting a random telemarketing call from a VoIP-provided (or spoofed) local number would still come through since the caller ID information is provided, even though the number is not in your contacts list.

Except that many services (e.g., Family Libraries, Family Link, etc.) don't work with G Suite accounts.