nsAutoConfig

2017-10-30 Thread Nicholas Nethercote
Hi, I was just looking at the extensions/pref/autoconfig/ directory and trying to understand what it does. As far as I can tell, the code is there to allow custom deployments with particular prefs set, as described at

Re: Visual Studio 2017 coming soon

2017-10-30 Thread smaug
On 10/30/2017 10:03 PM, Kris Maglione wrote: On Mon, Oct 30, 2017 at 08:28:39AM -0700, Jim Blandy wrote: Okay, this is half the argument. The second half would be: - Does auto cause such mistakes more often than it prevents them? The benefit claimed for auto is that it usually makes code more

PSA: Retiring Bugzilla Socorro Lens

2017-10-30 Thread Anthony Hughes
This is a heads up that I am shutting down further development of my Bugzilla Socorro Lens add-on. If you're currently using the add-on I recommend that you uninstall it and please file issues at https://github.com/ashughes1/bmo-bsl. Over the past few weeks I've been working to integrate the

Re: Visual Studio 2017 coming soon

2017-10-30 Thread Kris Maglione
On Mon, Oct 30, 2017 at 08:28:39AM -0700, Jim Blandy wrote: Okay, this is half the argument. The second half would be: - Does auto cause such mistakes more often than it prevents them? The benefit claimed for auto is that it usually makes code more legible. Hopefully that prevents mistakes, on

Re: How can I get SOCKS settings params of Firefox?

2017-10-30 Thread nmago
понедельник, 23 октября 2017 г., 11:52:19 UTC+3 пользователь Karl Tomlinson написал: > I don't know how well GConf is supported by more recent GNOME > versions. I assume GSettings support was added to > nsUnixSystemProxySettings because GConf was to be no longer > supported, but the crash

Re: Visual Studio 2017 coming soon

2017-10-30 Thread Kris Maglione
On Mon, Oct 30, 2017 at 11:04:10AM -0400, Boris Zbarsky wrote: On 10/30/17 10:52 AM, Simon Sapin wrote: How do new language features lead to security bugs? By making unsafe behaviors easier or more tempting. For example: [&]() { /* stuff */ } is a huge footgun in a language without a

Re: Default Rust optimization level decreased from 2 to 1

2017-10-30 Thread Markus Stange
On 2017-10-25 1:34 PM, Gregory Szorc wrote: Adding --enable-release to your mozconfig (the configuration for builds we ship to users) enables -Copt-level=2. (i.e. we didn't change optimization settings for builds we ship to users.) I've added a note about this to our benchmarking instructions

Re: Visual Studio 2017 coming soon

2017-10-30 Thread Jim Blandy
Okay, this is half the argument. The second half would be: - Does auto cause such mistakes more often than it prevents them? The benefit claimed for auto is that it usually makes code more legible. Hopefully that prevents mistakes, on the balance. - Is ranged-for more prone to iterator

Re: Visual Studio 2017 coming soon

2017-10-30 Thread smaug
On 10/30/2017 04:52 PM, Simon Sapin wrote: On 30/10/17 15:05, smaug wrote: And let's be careful with the new C++ features, pretty please. We managed to not be careful when we started to use auto, or ranged-for or lambdas. I'd prefer to not fix more security critical bugs or memory leaks just

Re: Visual Studio 2017 coming soon

2017-10-30 Thread Boris Zbarsky
On 10/30/17 10:52 AM, Simon Sapin wrote: How do new language features lead to security bugs? By making unsafe behaviors easier or more tempting. For example: [&]() { /* stuff */ } is a huge footgun in a language without a borrow checker. You _could_ still do something like that before

Re: Visual Studio 2017 coming soon

2017-10-30 Thread Alex Gaynor
I don't know about C++14 specifically, but a good example is C++17's std::string_view, which allows an implicit cast from std::string&& and can very easily lead to UAF: https://github.com/isocpp/CppCoreGuidelines/issues/1038 Alex On Mon, Oct 30, 2017 at 10:52 AM, Simon Sapin

Re: Visual Studio 2017 coming soon

2017-10-30 Thread Simon Sapin
On 30/10/17 15:05, smaug wrote: And let's be careful with the new C++ features, pretty please. We managed to not be careful when we started to use auto, or ranged-for or lambdas. I'd prefer to not fix more security critical bugs or memory leaks just because of fancy hip and cool language

Re: Visual Studio 2017 coming soon

2017-10-30 Thread smaug
And let's be careful with the new C++ features, pretty please. We managed to not be careful when we started to use auto, or ranged-for or lambdas. I'd prefer to not fix more security critical bugs or memory leaks just because of fancy hip and cool language features ;) -Olli On 10/30/2017

Re: Intent to ship: CSP directive worker-src

2017-10-30 Thread Christoph Kerschbaumer
> On Oct 18, 2017, at 3:30 PM, Mike West wrote: > > We do have `worker-src` tests, FWIW: > https://github.com/w3c/web-platform-tests/tree/master/content-security-policy/worker-src/ > >