Re: Ambient Light Sensor API

Well, I'm not saying "don't fix it" but if we switch the API off then other-than-evil ways of using the API will never happen and, as Belen said before, it undermines the confidence on the Web platform. I can not foresee the canonical use of the API that would support the decision of not switching

Re: Future of out-of-tree spell checkers?

On 04/26/2017 07:02 AM, Henri Sivonen wrote: On Tue, Apr 25, 2017 at 9:02 PM, Bill McCloskey wrote: On Tue, Apr 25, 2017 at 5:41 AM, Henri Sivonen wrote: What problem did you mean to address by code signing? The reason I suggested code signing is because loading libvoikko would provide an ea

Re: Ambient Light Sensor API

On 04/26/2017 11:36 AM, Salvador de la Puente wrote: Right, I did not remember that request to victim.com originated in tags inside evil.com went to the network with victim.com credentials so clients can reach more than servers. That's

Re: Ambient Light Sensor API

Which, from my perspective, is justification to disable reading the sensor until it can be implemented in a way that prevents the cross-origin stealing attack. Users shouldn't have to worry about this. Haik On Wed, Apr 26, 2017 at 8:28 AM, Ehsan Akhgari wrote: > On 04/25/2017 08:26 PM, Salvador

Re: Ambient Light Sensor API

Right, I did not remember that request to victim.com originated in tags inside evil.com went to the network with victim.com credentials so clients can reach more than servers. That's fine. Anyway, with only that use of the APIs, is it not a little bit early to say that every possible usage will b

Re: Ambient Light Sensor API

On 04/25/2017 08:26 PM, Salvador de la Puente wrote: So the risk is not that high since if the image is not protected I can get it and do evil things without requiring the Light Sensor API. Isn't it? No, the risk is extremely high. Here is a concrete example. Some banks give their users scan

Re: A reminder about commit messages: they should be useful

Hi! On Wed, Apr 26, 2017 at 7:05 AM Boris Zbarsky wrote: > On 4/25/17 4:27 PM, Alexander Surkov wrote: > > Maybe we should have a style guide, explaining what makes a good commit > message and what makes a good and descriptive bug, with number of (good and > bad) examples. > > Yes, we should. >

Re: A reminder about commit messages: they should be useful

On 4/25/17 4:27 PM, Alexander Surkov wrote: Maybe we should have a style guide, explaining what makes a good commit message and what makes a good and descriptive bug, with number of (good and bad) examples. Yes, we should. Maybe we should have a discussion at the all hands about this... -Bo

Re: Ambient Light Sensor API

On Wed, Apr 26, 2017 at 10:26 PM, Eric Rescorla wrote: >> Surely we can avoid this problem without being so >> drastic? > > > Perhaps, but actually designing such security measures is expensive, so > absent some argument that this is in wide use, probably doesn't > pass a cost/benefit test. Yeah,

Re: Ambient Light Sensor API

Auth related images are the attack vector, that and history attacks on same domain. On Tue, Apr 25, 2017 at 11:17 PM, Salvador de la Puente < sdelapue...@mozilla.com> wrote: > Sorry for my ignorance but, in the case of Stealing cross-origin resources, > I don't get the point of the attack. If hav

Re: Ambient Light Sensor API

On Wed, Apr 26, 2017 at 2:01 AM, Gervase Markham wrote: > On 25/04/17 16:46, Eric Rescorla wrote: > > This suggests that maybe we could just turn it off > > It would be sad to remove a capability from the web platform which > native apps have. I'm not sure why it would be particularly sad if al

Re: Ambient Light Sensor API

Hi all, I understand that the privacy of users is paramount, but please let's try to find a solution to mitigate the effect instead of "just switching it off". Switching an API off that previously worked is bad for the Web as a whole, not just for the (small) percentage of sites using that API.

Re: Future of out-of-tree spell checkers?

On Tue, Apr 25, 2017 at 9:02 PM, Bill McCloskey wrote: > On Tue, Apr 25, 2017 at 5:41 AM, Henri Sivonen wrote: >> >> What problem did you mean to address by code signing? > > The reason I suggested code signing is because loading libvoikko would > provide an easy way for people to inject code int

Re: Ambient Light Sensor API

On 2017-04-26 11:01, Gervase Markham wrote: On 25/04/17 16:46, Eric Rescorla wrote: This suggests that maybe we could just turn it off It would be sad to remove a capability from the web platform which native apps have. Surely we can avoid this problem without being so drastic? Is it right tha

Re: Ambient Light Sensor API

On 25/04/17 16:46, Eric Rescorla wrote: > This suggests that maybe we could just turn it off It would be sad to remove a capability from the web platform which native apps have. Surely we can avoid this problem without being so drastic? Is it right that one key use of this sensor is to see if the

Re: PBlob refactoring landed

Thanks for this refactoring! Especially given that this code is quite complex and I remember the times when there's was only one guy who understood it (bent) Jan On 26/04/17 09:13, Andrea Marchesini wrote: Hi all, In the last month I have worked on the refactoring of PBlob code and today I

Re: PBlob refactoring landed

I forgot to say that there is a meta bug for this PBlob refactoring: bug 1353629. On Wed, Apr 26, 2017 at 9:13 AM, Andrea Marchesini wrote: > Hi all, > > In the last month I have worked on the refactoring of PBlob code and today > I'm very excited to announce that the first block of patches (20~

PBlob refactoring landed

Hi all, In the last month I have worked on the refactoring of PBlob code and today I'm very excited to announce that the first block of patches (20~) is finally in nightly. Everywhere in gecko, PBlob has been converted to IPCBlob, except for 2 components: FileHandle and IndexedDb. The former has p