On Tue, May 20, 2014 at 5:20 AM, Benoit Jacob <jacob.benoi...@gmail.com>wrote:
> > > > 2014-05-19 23:37 GMT-04:00 Rik Cabanier <caban...@gmail.com>: > > >> >> >> On Mon, May 19, 2014 at 6:46 PM, Benoit Jacob >> <jacob.benoi...@gmail.com>wrote: >> >>> +1000! Thanks for articulating so clearly the difference between the >>> Web-as-an-application-platform and other application platforms. >>> >> >> It really surprises me that you would make this objection. >> > > I didn't think of this as specifically an objection to the > hardwareConcurrency proposal, but rather as a criticism of the argument > that "the Web should have this feature because other application platforms > have this feature". > > >> WebGL certainly would *not* fall into this >> "Web-as-an-application-platform" category since it exposes machine >> information [1] and is generally insecure [2] according to Apple and (in >> the past) Microsoft. >> >> Please note that I really like WebGL and not worried about these issues. >> Just pointing out your double standard. >> >> 1: http://renderingpipeline.com/webgl-extension-viewer/ >> 2: http://lists.w3.org/Archives/Public/public-fx/2012JanMar/0136.html >> > > I'm not going to reply here to all of the things stated or implied in your > above sentence, as that would be off-topic in this thread. > No, I certainly didn't mean to imply anything negative about WebGL. > The problem in the present conversation, that Jonas objected to, is that > the present proposal is being pushed with, among other arguments, the one > that "native platforms already have this API, so the Web should too". > > I don't remember WebGL being pushed with this argument. > > WebGL had a much more basic and solid argument for itself: the Web needed > _some_ way to do serious, general-purpose, realtime graphics. Among the > existing prior art, OpenGL ES 2 appeared as a reasonable starting point. > Web-ification ensued, and involved dropping or adapting parts of the API > that weren't good fits for the Web. As a result, WebGL exposes some machine > information when that's deemed the right trade-off, but the bar for that is > much higher than in OpenGL. Privacy is not the only issue at hand. More > basic issues include "is this the right API in the first place?", and "is > this the right balance between features and portability/sustainability" ? > WebGL is an excellent example of trusting authors. It provides a script based solution that provides low level access to your system's graphics capabilities. At the same time, it doesn't fall into the trap of trying to solve high level problems but instead leaves that to the author or a library. > Likewise here. I don't think anyone is saying that "hardwareConcurrency" > is failing on the grounds of exposing too much system information alone. > The way I read this thread, people either aren't convinced that it's the > right compromise given its usefulness, or that it's the right API for the > task at hand in the first place. > Yeah, I don't think anyone has the answer. My thoughts are that if this proposed feature works on other platforms, why not here? I understand Ehsan's points but they can be made to any other platform where this is used successfully (ie photoshop, parallel builds, web servers, databases, games, etc) I don't understand people's assertions why the web platform needs to be different. > 2014-05-19 21:35 GMT-04:00 Jonas Sicking <jo...@sicking.cc>: >>> >>>> On Mon, May 19, 2014 at 4:10 PM, Rik Cabanier <caban...@gmail.com> >>>> wrote: >>>> > I don't see why the web platform is special here and we should trust >>>> that >>>> > authors can do the right thing. >>>> >>>> I'm fairly sure people have already pointed this out to you. But the >>>> reason the web platform is different is that because we allow >>>> arbitrary application logic to run on the user's device without any >>>> user opt-in. >>>> >>>> I.e. the web is designed such that it is safe for a user to go to any >>>> website without having to consider the risks of doing so. >>>> >>>> This is why we for example don't allow websites to have arbitrary >>>> read/write access to the user's filesystem. Something that all the >>>> other platforms that you have pointed out do. >>>> >>>> Those platforms instead rely on that users make a security decision >>>> before allowing any code to run. This has both advantages (easier to >>>> design APIs for those platforms) and disadvantages (malware is pretty >>>> prevalent on for example Windows). >>>> >>>> / Jonas >>>> _______________________________________________ >>>> dev-platform mailing list >>>> dev-platform@lists.mozilla.org >>>> https://lists.mozilla.org/listinfo/dev-platform >>>> >>> >>> >> > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
