2014-05-19 23:37 GMT-04:00 Rik Cabanier <caban...@gmail.com>: > > > > On Mon, May 19, 2014 at 6:46 PM, Benoit Jacob <jacob.benoi...@gmail.com>wrote: > >> +1000! Thanks for articulating so clearly the difference between the >> Web-as-an-application-platform and other application platforms. >> > > It really surprises me that you would make this objection. >
I didn't think of this as specifically an objection to the hardwareConcurrency proposal, but rather as a criticism of the argument that "the Web should have this feature because other application platforms have this feature". > WebGL certainly would *not* fall into this > "Web-as-an-application-platform" category since it exposes machine > information [1] and is generally insecure [2] according to Apple and (in > the past) Microsoft. > > Please note that I really like WebGL and not worried about these issues. > Just pointing out your double standard. > > 1: http://renderingpipeline.com/webgl-extension-viewer/ > 2: http://lists.w3.org/Archives/Public/public-fx/2012JanMar/0136.html > I'm not going to reply here to all of the things stated or implied in your above sentence, as that would be off-topic in this thread. The problem in the present conversation, that Jonas objected to, is that the present proposal is being pushed with, among other arguments, the one that "native platforms already have this API, so the Web should too". I don't remember WebGL being pushed with this argument. WebGL had a much more basic and solid argument for itself: the Web needed _some_ way to do serious, general-purpose, realtime graphics. Among the existing prior art, OpenGL ES 2 appeared as a reasonable starting point. Web-ification ensued, and involved dropping or adapting parts of the API that weren't good fits for the Web. As a result, WebGL exposes some machine information when that's deemed the right trade-off, but the bar for that is much higher than in OpenGL. Privacy is not the only issue at hand. More basic issues include "is this the right API in the first place?", and "is this the right balance between features and portability/sustainability" ? Likewise here. I don't think anyone is saying that "hardwareConcurrency" is failing on the grounds of exposing too much system information alone. The way I read this thread, people either aren't convinced that it's the right compromise given its usefulness, or that it's the right API for the task at hand in the first place. Benoit > > >> 2014-05-19 21:35 GMT-04:00 Jonas Sicking <jo...@sicking.cc>: >> >>> On Mon, May 19, 2014 at 4:10 PM, Rik Cabanier <caban...@gmail.com> >>> wrote: >>> > I don't see why the web platform is special here and we should trust >>> that >>> > authors can do the right thing. >>> >>> I'm fairly sure people have already pointed this out to you. But the >>> reason the web platform is different is that because we allow >>> arbitrary application logic to run on the user's device without any >>> user opt-in. >>> >>> I.e. the web is designed such that it is safe for a user to go to any >>> website without having to consider the risks of doing so. >>> >>> This is why we for example don't allow websites to have arbitrary >>> read/write access to the user's filesystem. Something that all the >>> other platforms that you have pointed out do. >>> >>> Those platforms instead rely on that users make a security decision >>> before allowing any code to run. This has both advantages (easier to >>> design APIs for those platforms) and disadvantages (malware is pretty >>> prevalent on for example Windows). >>> >>> / Jonas >>> _______________________________________________ >>> dev-platform mailing list >>> dev-platform@lists.mozilla.org >>> https://lists.mozilla.org/listinfo/dev-platform >>> >> >> > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
