On Thu, Sep 11, 2014 at 6:58 PM, Adam Roach wrote:
> When you force people into an "all or nothing" situation regarding
> security,
>
Nature finds his own way: As nothing was invented for doing Javscript
Cryptography, someone started using Java Applets. Java applets are much
more insecure than t
On Thu, Sep 11, 2014 at 6:56 PM, Richard Barnes wrote:
> No, WebCrypto on an http:// origin is not a replacement for TLS.
Addressing confusion on this point seems to be the main driver of
Chrome's restriction of Web Crypto to authenticated origins. Is there
any way to quantify in advance how dama
On Thu, Sep 11, 2014 at 9:00 PM, Richard Barnes wrote:
>
> On Sep 11, 2014, at 9:08 AM, Anne van Kesteren wrote:
>
>> On Thu, Sep 11, 2014 at 5:56 PM, Richard Barnes wrote:
>>> Most notably, even over non-secure origins, application-layer encryption
>>> can provide resistance to passive adversa
Is the argument still valid that active attacks are detectable while
passive attacks are not, making the costs/risks to an active attacker
significantly higher?
Rob
--
oIo otoeololo oyooouo otohoaoto oaonoyooonoeo owohooo oioso oaonogoroyo
owoiotoho oao oboroootohoeoro oooro osoiosotoeoro owoiolo
On Thu, Sep 11, 2014 at 3:21 PM, Ehsan Akhgari wrote:
> On 2014-09-11, 5:54 PM, smaug wrote:
>> If we just needs new coordinates, couldn't we extend the existing event
>> interfaces with some new properties?
>
> Yeah, this seems like the way to go to me as well.
Do we currently dispatch pointer
On 2014-09-11, 5:54 PM, smaug wrote:
> If we just needs new coordinates, couldn't we extend the existing event
> interfaces with some new properties?
Yeah, this seems like the way to go to me as well.
> On 09/12/2014 12:52 AM, smaug wrote:
>> What would be the event types for touchpad events?
>>
On 09/11/2014 08:26 PM, Chris Peterson wrote:
On 9/11/14 3:49 AM, Mounir Lamouri wrote:
On Thu, 11 Sep 2014, at 18:26, Ms2ger wrote:
First of all, you neglected to explain the standardization situation
here. Is this feature being standardized? If not, why not? How do
other browser vendors feel
If we just needs new coordinates, couldn't we extend the existing event
interfaces with some new properties?
-Olli
On 09/12/2014 12:52 AM, smaug wrote:
> What would be the event types for touchpad events?
> We must not add yet another types of events to handle pointer type of events.
>
>
> A
What would be the event types for touchpad events?
We must not add yet another types of events to handle pointer type of events.
And besides, touch event model is rather horrible, so if we for some strange
reason need
totally new events, I'd prefer using something closer to pointer events.
-Ol
On Sep 11, 2014, at 9:08 AM, Anne van Kesteren wrote:
> On Thu, Sep 11, 2014 at 5:56 PM, Richard Barnes wrote:
>> Most notably, even over non-secure origins, application-layer encryption can
>> provide resistance to passive adversaries.
>
> See https://twitter.com/sleevi_/status/5097237753491
On 9/11/14 3:49 AM, Mounir Lamouri wrote:
On Thu, 11 Sep 2014, at 18:26, Ms2ger wrote:
First of all, you neglected to explain the standardization situation
here. Is this feature being standardized? If not, why not? How do
other browser vendors feel about it?
Where does this stand in the curren
Hi Kershaw,
Has there been any discussions with other browser vendors about this
API? Or is there an official standard somewhere for them?
If not, I don't think that we'll want to expose this to the web at
large. It would still be fine to expose to certified apps, or even to
expose to privileged
On 2014-09-11, at 10:04, Anne van Kesteren wrote:
> Well, if there's https://maps.example/ that I share my location with,
> we could make it so that it if https://maps.example/ is embedded from
> https://mercent.example/, it no longer has the permission. That's what
> I meant with partitioning b
On Thu, Sep 11, 2014 at 6:58 PM, Martin Thomson wrote:
> On 2014-09-11, at 00:56, Anne van Kesteren wrote:
>> Are we actually partitioning permissions per top-level browsing
>> context or could they already accomplish this through an ?
>
> As far as I understand it, permissions are based on domai
On 9/11/14 11:08, Anne van Kesteren wrote:
On Thu, Sep 11, 2014 at 5:56 PM, Richard Barnes wrote:
Most notably, even over non-secure origins, application-layer encryption can
provide resistance to passive adversaries.
See https://twitter.com/sleevi_/status/509723775349182464 for a long
thread
On 2014-09-11, at 00:56, Anne van Kesteren wrote:
> Are we actually partitioning permissions per top-level browsing
> context or could they already accomplish this through an ?
As far as I understand it, permissions are based on domain name only, they
don’t include scheme or port from the origi
On Thu, Sep 11, 2014 at 5:56 PM, Richard Barnes wrote:
> Most notably, even over non-secure origins, application-layer encryption can
> provide resistance to passive adversaries.
See https://twitter.com/sleevi_/status/509723775349182464 for a long
thread on Google's security people not being par
Hey all,
Sorry for being late to the party here. I now subscribe to dev.platform :)
On the issue of whether WebCrypto should be restricted to secure origins: In
discussions I've had with folks around Mozilla, we have not seen sufficient
security risks to motivate cutting off the potential bene
On 14-09-11 09:03 AM, Joshua Cranmer 🐧 wrote:
> On 9/11/2014 7:58 AM, Armen Zambrano G. wrote:
>> What would people want to see in the long term to make mozharness easier
>> for you?
>
> A Dockerfile (or a container image) that produces a Ubuntu64 test slave.
>
Hi Joshua, that would be ideal, how
On 2014-09-10 10:32 PM, Philip Chee wrote:
“New personal versions of Firefox are released roughly every six weeks,”
writes Oracle's Steven Chan. “It is impractical for us to certify these
new personal versions of Firefox with the Oracle E-Business Suite
because a given Firefox release is general
Hi Mounir,
The finger activity on touchpad can be still translated to touch event and
mouse event as usual. But for the application that wants to know the
absolute finger position on touchpad, we will need this new touchpad event.
So, this proposal is about creating new standard rather than re-usi
Hi Ms2ger,
Please see my response below.
Thanks and regards,
Kershaw
於 2014/9/11 下午4:26,"Ms2ger" 寫道:
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA1
>
>On 09/11/2014 08:18 AM, Kershaw Chang wrote:
>
>First of all, you neglected to explain the standardization situation
>here. Is this feature be
On 9/11/2014 7:58 AM, Armen Zambrano G. wrote:
What would people want to see in the long term to make mozharness easier
for you?
A Dockerfile (or a container image) that produces a Ubuntu64 test slave.
--
Joshua Cranmer
Thunderbird and DXR developer
Source code archæologist
__
Hello all,
It is now less hard to run mozharness locally by appending --cfg
developer_config.py to production commands.
Appending the config will activate a developer mode which does the
following:
* Remove hard coded paths for binaries
* Substitute internal URLs to point to externally reachable U
On Thu, 11 Sep 2014, at 18:26, Ms2ger wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 09/11/2014 08:18 AM, Kershaw Chang wrote:
>
> First of all, you neglected to explain the standardization situation
> here. Is this feature being standardized? If not, why not? How do
> other brow
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/11/2014 08:18 AM, Kershaw Chang wrote:
First of all, you neglected to explain the standardization situation
here. Is this feature being standardized? If not, why not? How do
other browser vendors feel about it?
> +interface TouchPadEvent : UIEv
On Thu, Sep 11, 2014 at 1:50 AM, Martin Thomson wrote:
> That is devious. I suspect that there is a banal reason relating to the use
> of the Google Front End that motivates the change, but the side effect of
> having all Google properties have access to user permissions from all other
> prope
27 matches
Mail list logo