Re: Google announces Chrome builds for Win64

On Thu, Jun 5, 2014 at 8:34 AM, J. Ryan Stinnett jry...@gmail.com wrote: On Thu, Jun 5, 2014 at 10:03 AM, Robert Kaiser ka...@kairo.at wrote: It's also security boost for 64 bit users. Could someone please explain why you and Google claim 64bit to be more secure? This is a new argument

Re: Intent to implement: webserial api

What are you assuming about access to actual USB devices? -Ekr On Sun, Jul 13, 2014 at 11:16 AM, Andrew McCreight amccrei...@mozilla.com wrote: - Original Message - Jonas, I would be really interested in your thoughts. Try as we might (in the WebSerial API docs, at least), noone

Re: Intent to implement: webserial api

On Mon, Jul 14, 2014 at 4:22 AM, tzi...@gmail.com wrote: On Monday, July 14, 2014 2:00:47 PM UTC+3, Gervase Markham wrote: On 13/07/14 18:35, Vasilis wrote: Jonas, I would be really interested in your thoughts. Try as we might (in the WebSerial API docs, at least), noone could

Re: Intent to implement: Disabling auto-play videos on mobile networks/devices?

On Fri, Aug 22, 2014 at 9:12 PM, Robert O'Callahan rob...@ocallahan.org wrote: On Sat, Aug 23, 2014 at 5:59 AM, Jared Hirsch 6...@mozilla.com wrote: FWIW, Safari on iOS doesn't allow autoplay or preload, and also only initiates play/load on a user-triggered event (so, pages can't use JS to

Re: Intent to implement: Disabling auto-play videos on mobile networks/devices?

On Mon, Aug 25, 2014 at 11:51 AM, Daniel Veditz dved...@mozilla.com wrote: On 8/24/2014 6:21 PM, Eric Rescorla wrote: FWIW, to the best of my knowledge WebRTC calls do not require a click. But you have to click on the door-hanger to share camera/mic (or be on a site you have already trusted

Re: PSA: ./mach build subdirectory doesn't work reliably any longer

On Mon, Aug 25, 2014 at 8:37 AM, Gregory Szorc g...@mozilla.com wrote: On 8/22/14 9:08 AM, Ehsan Akhgari wrote: Unfortunately I don't really understand the reasons behind this, but if you use this command, please know that it doesn't work properly any more, even if it seems to work in some

Re: PSA: ./mach build subdirectory doesn't work reliably any longer

On Mon, Aug 25, 2014 at 3:18 PM, Mike Hommey m...@glandium.org wrote: On Mon, Aug 25, 2014 at 12:24:53PM -0700, Eric Rescorla wrote: On Mon, Aug 25, 2014 at 8:37 AM, Gregory Szorc g...@mozilla.com wrote: On 8/22/14 9:08 AM, Ehsan Akhgari wrote: Unfortunately I don't really

Re: Restricting gUM to authenticated origins only (was: Re: Intent to implement and ship: ImageCapture)

On Fri, Sep 5, 2014 at 3:34 AM, Henri Sivonen hsivo...@hsivonen.fi wrote: On Fri, Sep 5, 2014 at 1:25 PM, Robert O'Callahan rob...@ocallahan.org wrote: On Fri, Sep 5, 2014 at 10:19 PM, Henri Sivonen hsivo...@hsivonen.fi wrote: Is current gUM restricted to authenticated origins? If it

Re: Restricting gUM to authenticated origins only

On Wed, Sep 10, 2014 at 2:09 AM, Henri Sivonen hsivo...@hsivonen.fi wrote: On Tue, Sep 9, 2014 at 8:13 PM, Eric Rescorla e...@rtfm.com wrote: Sure, I think there are some reasonable cases. Say that a site asks to take your picture for the purpose of displaying an avatar. So you give

Re: Per-origin versus per-domain restrictions (Re: Restricting gUM to authenticated origins only)

On Sat, Sep 13, 2014 at 12:38 AM, Anne van Kesteren ann...@annevk.nl wrote: On Sat, Sep 13, 2014 at 12:07 AM, Martin Thomson m...@mozilla.com wrote An iframe embed is different, but in that context, the framed site retains complete control over its content and is arguably competent to

Re: http-schemed URLs and HTTP/2 over unauthenticated TLS (was: Re: WebCrypto for http:// origins)

On Mon, Sep 15, 2014 at 9:08 AM, Anne van Kesteren ann...@annevk.nl wrote: On Mon, Sep 15, 2014 at 5:59 PM, Richard Barnes rbar...@mozilla.com wrote: On Sep 15, 2014, at 5:11 AM, Henri Sivonen hsivo...@hsivonen.fi wrote: I think the primary way for making the experience better for users

Re: Deprecate geolocation and getUserMedia() for unauthenticated origins

On Fri, Sep 26, 2014 at 12:58 PM, Anne van Kesteren ann...@annevk.nl wrote: Exposing geolocation on unauthenticated origins was a mistake. Copying that for getUserMedia() is too. I suggest that to protect our users we make some noise about deprecating this practice. And that in that message

Re: Deprecate geolocation and getUserMedia() for unauthenticated origins

On Mon, Sep 29, 2014 at 3:44 AM, Anne van Kesteren ann...@annevk.nl wrote: On Mon, Sep 29, 2014 at 12:19 PM, Dale Harvey d...@arandomurl.com wrote: There's a host of problems when you're using file URLs. pun intended? :) Heh. (Note that file URLs apparently count as authenticated

Re: Using c++11 right angle bracket in template code?

On Wed, Oct 1, 2014 at 3:45 PM, Mike Hommey m...@glandium.org wrote: On Wed, Oct 01, 2014 at 06:34:19PM -0400, Ehsan Akhgari wrote: On 2014-10-01, 6:26 PM, Mike Hommey wrote: On Wed, Oct 01, 2014 at 11:00:28AM -0400, Ehsan Akhgari wrote: On 2014-10-01, 9:01 AM, Joshua Cranmer  wrote: On

Re: Using c++11 right angle bracket in template code?

On Wed, Oct 1, 2014 at 4:16 PM, Mike Hommey m...@glandium.org wrote: On Wed, Oct 01, 2014 at 04:02:46PM -0700, Eric Rescorla wrote: On Wed, Oct 1, 2014 at 3:45 PM, Mike Hommey m...@glandium.org wrote: On Wed, Oct 01, 2014 at 06:34:19PM -0400, Ehsan Akhgari wrote: On 2014-10-01, 6:26

Re: Using c++11 right angle bracket in template code?

On Wed, Oct 1, 2014 at 4:42 PM, L. David Baron dba...@dbaron.org wrote: On Wednesday 2014-10-01 16:24 -0700, Eric Rescorla wrote: Obviously, if you have some argument that auto is bad programming practice or a hazard and should thus be forbidden, that's something you could make and see

Re: c++ unit test in content process

Sadly, the WebRTC gtest-based ones (e.g., media/webrtc/signaling/test) do. On Fri, Oct 3, 2014 at 6:04 AM, Kyle Huey m...@kylehuey.com wrote: On Fri, Oct 3, 2014 at 5:44 AM, Benjamin Smedberg benja...@smedbergs.us wrote: On 10/3/2014 4:59 AM, Patrick Wang wrote: Hi, I am trying

Re: gtests that start XPCOM

On Wed, Oct 22, 2014 at 4:05 PM, Ted Mielczarek t...@mielczarek.org wrote: On 10/22/2014 9:29 AM, Benjamin Smedberg wrote: Is there a mechanism for running single gtests that start XPCOM? Not that I know of currently. The gtest runner explicitly starts XPCOM before running tests[1]. With

Re: Screen Capture

Here is my writeup of the security issues with this from a while ago: http://lists.w3.org/Archives/Public/public-webrtc/2013Mar/0024.html As MT says, we already are shipping screen sharing in FF 33. It's currently whitelisted, but otherwise it's fairly complete. -Ekr On Fri, Oct 24, 2014 at

Re: Screen Capture

24, 2014, at 11:44 , Eric Rescorla e...@rtfm.com wrote: Here is my writeup of the security issues with this from a while ago: http://lists.w3.org/Archives/Public/public-webrtc/2013Mar/0024.html As MT says, we already are shipping screen sharing in FF 33. It's currently whitelisted

Re: Screen Capture

On Fri, Oct 24, 2014 at 3:56 PM, Robert O'Callahan rob...@ocallahan.org wrote: On Sat, Oct 25, 2014 at 6:17 AM, Ehsan Akhgari ehsan.akhg...@gmail.com wrote: Can we keep track of where the stream comes from, and make sure to taint the images that can come out of them similar to the way that

Re: Screen Capture

On Fri, Oct 24, 2014 at 10:56 PM, Jonas Sicking jo...@sicking.cc wrote: On Fri, Oct 24, 2014 at 9:25 PM, Eric Rescorla e...@rtfm.com wrote: On Fri, Oct 24, 2014 at 3:56 PM, Robert O'Callahan rob...@ocallahan.org wrote: On Sat, Oct 25, 2014 at 6:17 AM, Ehsan Akhgari ehsan.akhg

Re: Screen Capture

On Sat, Oct 25, 2014 at 3:24 PM, Jonas Sicking jo...@sicking.cc wrote: On Sat, Oct 25, 2014 at 7:51 AM, Eric Rescorla e...@rtfm.com wrote: Unfortunately, for the reasons I mentioned in the post I linked to above, it's hard for the user to give informed consent here, as they don't

Re: Git - Hg workflows?

Let me try to answer at a high level first. I use git for all of my workflows and when I collaborate with other people on my team, we use git and github. See, for instance: https://github.com/unicorn-wg/gecko-dev/tree/multistream_rebase So, I primarily need to engage with hg for the following

Re: Proposal: Change the coding style guide to allow an 'o' prefix to indicate out-params

On Thu, Dec 4, 2014 at 10:35 AM, Seth Fowler s...@mozilla.com wrote: I’d like to change the coding style guide to let us make out-params more obvious by using an ‘o’ prefix for their name instead of an ‘a’. For example, nsresult Modify(int aCount, size_t aSize, char* oResult); This will

Re: Proposal: Change the coding style guide to allow an 'o' prefix to indicate out-params

On Thu, Dec 4, 2014 at 10:51 AM, Nicholas Nethercote n.netherc...@gmail.com wrote: On Fri, Dec 5, 2014 at 5:41 AM, Eric Rescorla e...@rtfm.com wrote: I’d like to change the coding style guide to let us make out-params more obvious by using an ‘o’ prefix for their name instead

Re: Getting rid of already_AddRefed?

On Mon, Dec 22, 2014 at 1:12 PM, Ehsan Akhgari ehsan.akhg...@gmail.com wrote: On 2014-12-22 4:10 PM, Jeff Muizelaar wrote: We were talking about this problem and it was a bunch of work to figure out the conclusion so I decided to write a summary: Replacing already_AddRefed with nsRefPtr

Re: Getting rid of already_AddRefed?

On Mon, Dec 22, 2014 at 3:35 PM, L. David Baron dba...@dbaron.org wrote: On Monday 2014-12-22 18:21 -0500, Ehsan Akhgari wrote: On 2014-12-22 6:07 PM, L. David Baron wrote: On Monday 2014-12-22 17:54 -0500, Ehsan Akhgari wrote: On 2014-12-22 4:56 PM, L. David Baron wrote: I think

Re: Getting rid of already_AddRefed?

On Tue, Dec 23, 2014 at 6:48 AM, Ehsan Akhgari ehsan.akhg...@gmail.com wrote: On 2014-12-22 6:52 PM, Eric Rescorla wrote: On Mon, Dec 22, 2014 at 3:35 PM, L. David Baron dba...@dbaron.org mailto:dba...@dbaron.org wrote: On Monday 2014-12-22 18:21 -0500, Ehsan Akhgari wrote

Re: Getting rid of already_AddRefed?

On Tue, Dec 23, 2014 at 8:48 AM, L. David Baron dba...@dbaron.org wrote: On Tuesday 2014-12-23 08:36 -0800, Eric Rescorla wrote: Why not pass the raw pointer to the function? My general theory is that smart pointers, once boxed, should never be unboxed. The major arguments I see

Re: Getting rid of already_AddRefed?

On Tue, Dec 23, 2014 at 8:53 AM, Ehsan Akhgari ehsan.akhg...@gmail.com wrote: On 2014-12-23 11:36 AM, Eric Rescorla wrote: On Tue, Dec 23, 2014 at 8:32 AM, Ehsan Akhgari ehsan.akhg...@gmail.com mailto:ehsan.akhg...@gmail.com wrote: On 2014-12-23 10:38 AM, Eric Rescorla wrote

Re: Getting rid of already_AddRefed?

On Tue, Dec 23, 2014 at 10:14 AM, L. David Baron dba...@dbaron.org wrote: On Tuesday 2014-12-23 09:59 -0800, Martin Thomson wrote: On Tue, Dec 23, 2014 at 9:55 AM, L. David Baron dba...@dbaron.org wrote: But that's an implicit constructor that's causing extra refcount traffic, which

Re: Getting rid of already_AddRefed?

On Tue, Dec 23, 2014 at 1:51 PM, L. David Baron dba...@dbaron.org wrote: On Tuesday 2014-12-23 13:14 -0800, Eric Rescorla wrote: Just to be clear, is your problem the implicit conversion itself or the reference count increment/decrement? The latter -- the problem is that there's

Re: Getting rid of already_AddRefed?

On Tue, Dec 23, 2014 at 2:07 PM, L. David Baron dba...@dbaron.org wrote: On Tuesday 2014-12-23 14:03 -0800, Eric Rescorla wrote: This may be a much longer argument, but I'm not convinced that sacrificing what would otherwise be good programming practice (never unboxing your pointers

Re: [blink-dev] Intent to Ship: Plugin Power Saver Poster Images

Well, the first step would be to do plugin power saving at all. -Ekr On Sat, Feb 7, 2015 at 8:38 PM, Jet Villegas jville...@mozilla.com wrote: We should pick this up too. --Jet -- Forwarded message -- From: Jet Villegas W3C w...@junglecode.net Date: Sat, Feb 7, 2015 at

Re: Content Vault Feasibility RFC

This kind of feature comes up frequently, but to the best of my knowledge (which I believe is fairly up to date) it is not known how to build a robust version of this. To generalize the problem a bit, we have two pieces of software running on the user's computer: A: A confined process running in

Re: Proposed W3C Charter: Web Application Security (WebAppSec) Working Group

On Fri, Jan 16, 2015 at 9:31 AM, Martin Thomson m...@mozilla.com wrote: On Fri, Jan 16, 2015 at 12:58 AM, Anne van Kesteren ann...@annevk.nl wrote: * Permissions API this has been tried several times before. Given that there's hardly any involvement from UX in standards, it's not clear

Re: Proposed W3C Charter: Web Application Security (WebAppSec) Working Group

On Fri, Jan 30, 2015 at 2:14 AM, Anne van Kesteren ann...@annevk.nl wrote: Thanks David! On Fri, Jan 30, 2015 at 7:32 AM, L. David Baron dba...@dbaron.org wrote: I'm particularly interested in review of point (3) in what I've written; I feel that the argument I've written so far is weak, I

Re: Proposed W3C Charter: Web Application Security (WebAppSec) Working Group

This seems satisfactory to me. On Thu, Jan 29, 2015 at 10:32 PM, L. David Baron dba...@dbaron.org wrote: Here are the comments I have so far on this charter, based on the thread. I'd note that this is a relatively large set of demands to make in the charter review stage at the AC, especially

Re: HEADS-UP: Disabling Gecko Media Plugins on older Linux kernels (bug 1120045)

On Fri, Jan 30, 2015 at 5:51 PM, Bobby Holley bobbyhol...@gmail.com wrote: I think the point here is that we want to free ourselves from needing the chemspill over OpenH264 memory hazards if we find them (since the code is relatively new). Note that with OpenH264 memory issues, we actually

Re: Proposed W3C Charter: Web Application Security (WebAppSec) Working Group

On Fri, Jan 30, 2015 at 3:15 PM, L. David Baron dba...@dbaron.org wrote: On Friday 2015-01-30 11:14 +0100, Anne van Kesteren wrote: On Fri, Jan 30, 2015 at 7:32 AM, L. David Baron dba...@dbaron.org wrote: I'm particularly interested in review of point (3) in what I've written; I feel

Re: Proposed W3C Charter: Web Application Security (WebAppSec) Working Group

This seems good to me. On Fri, Jan 30, 2015 at 3:20 PM, L. David Baron dba...@dbaron.org wrote: Here's a revised set of comments, mainly changing: - describes the objection to powerfulfeatures (part of objection (3)) more clearly, but also, I think, scopes the objection a bit more

Re: PSA: mozilla::Pair is now a little more flexible

On Mon, Mar 16, 2015 at 5:44 AM, Ehsan Akhgari ehsan.akhg...@gmail.com wrote: On 2015-03-15 11:26 PM, Seth Fowler wrote: On Mar 15, 2015, at 6:26 PM, Joshua Cranmer [image: ] pidgeo...@gmail.com wrote: In general, std::pair should be preferred over mozilla::Pair unless you need the

Re: PSA: mozilla::Pair is now a little more flexible

On Sun, Mar 15, 2015 at 12:33 PM, Seth Fowler s...@mozilla.com wrote: On Mar 15, 2015, at 12:01 PM, Eric Rescorla e...@rtfm.com wrote: I'm not sure I want to get in a long argument about this, but I'm not convinced this is good advice. I don’t really care what we do - keep in mind, I

Re: PSA: mozilla::Pair is now a little more flexible

On Fri, Mar 13, 2015 at 10:54 AM, Seth Fowler s...@mozilla.com wrote: On Mar 13, 2015, at 6:14 AM, Eric Rescorla e...@rtfm.com wrote: Sorry if this is a dumb question, but it seems like std::pair is fairly widely used in our code base. Can you explain the circumstances in which you

Re: Proposed W3C Charter: WebRTC Working Group

+1 On Fri, Mar 6, 2015 at 3:13 PM, Adam Roach a...@mozilla.com wrote: On 3/2/15 12:53, L. David Baron wrote: The W3C is proposing a revised charter for: Web Real-Time Communications Working Group http://www.w3.org/2015/02/webrtc-charter.html

Re: Intent to deprecate: persistent permissions over HTTP

On Sat, Mar 7, 2015 at 11:48 AM, Aryeh Gregor a...@aryeh.name wrote: On Fri, Mar 6, 2015 at 7:27 PM, Anne van Kesteren ann...@annevk.nl wrote: A large number of permissions we currently allow users to store persistently for a given origin. I suggest we stop offering that functionality

Re: PSA: mozilla::Pair is now a little more flexible

Sorry if this is a dumb question, but it seems like std::pair is fairly widely used in our code base. Can you explain the circumstances in which you think we should be using mozilla::Pair instead? Ekr On Thu, Mar 12, 2015 at 5:53 PM, Seth Fowler s...@mozilla.com wrote: I thought I’d let

Re: Intent to deprecate: persistent permissions over HTTP

On Thu, Mar 12, 2015 at 12:31 PM, Aryeh Gregor a...@aryeh.name wrote: On Thu, Mar 12, 2015 at 4:34 PM, Ehsan Akhgari ehsan.akhg...@gmail.com wrote: 2) If the only common real-world MITM threat is via a compromise adjacent to the client (e.g., wireless), there's no reason to restrict

Re: Permission UI

On Tue, Mar 3, 2015 at 5:55 AM, Anne van Kesteren ann...@annevk.nl wrote: On Tue, Mar 3, 2015 at 2:17 PM, Frederik Braun fbr...@mozilla.com wrote: The good news is that most of the complicated bits are already implemented. See about:permissions. That seems like a good start, although it

Re: gecko-dev and Git replication will be broken for a little while

Thanks. Hopefully all will be back to normal soon. Best, -Ekr On Thu, Jan 29, 2015 at 1:27 PM, Gregory Szorc g...@mozilla.com wrote: On Thu, Jan 29, 2015 at 1:07 PM, Eric Rescorla e...@rtfm.com wrote: On Thu, Jan 29, 2015 at 12:31 PM, Gregory Szorc g...@mozilla.com wrote: The steps within

Re: Proposed W3C Charter: Web Application Security (WebAppSec) Working Group

On Thu, Jan 29, 2015 at 12:56 PM, L. David Baron dba...@dbaron.org wrote: On Friday 2015-01-16 09:58 +0100, Anne van Kesteren wrote: On Fri, Jan 16, 2015 at 12:53 AM, L. David Baron dba...@dbaron.org wrote: Please reply to this thread if you think there's something else we should say,

Re: gecko-dev and Git replication will be broken for a little while

On Thu, Jan 29, 2015 at 12:31 PM, Gregory Szorc g...@mozilla.com wrote: The steps within my control to potentially fix this issue have been postponed until at least tomorrow due to the Firefox Beta build today. tl;dr is people don't want to take on additional risk changing repositories. I

Re: Intent to deprecate: Insecure HTTP

On Mon, Apr 13, 2015 at 10:40 AM, DDD david.a.p.ll...@gmail.com wrote: I think that you'll need to define a number of levels of security, and decide how to distinguish them in the Firefox GUI: - Unauthenticated/Unencrypted [http] - Unauthenticated/Encrypted [https ignoring untrusted cert

Re: Excessive inbound bustage

I think perhaps part of the question is what the purpose of m-i versus try is. My general algorithm is that you should get your patch to the point where you have tested it locally and have reasonable confidence that there are no portability issues and then it's fine to land it on m-i without try.

Re: Tiles Design Questions (was Re: Improving trust and transparency for Suggested Tiles)

On Thu, Apr 23, 2015 at 3:18 PM, Robert Kaiser ka...@kairo.at wrote: Martin Thomson schrieb: On Thu, Apr 23, 2015 at 12:33 PM, e...@mozilla.com wrote: Do you have suggestions on where each of the 4 topics I posted should be discussed? In a meeting, where a small number of participants

Re: Excessive inbound bustage

On Tue, Apr 21, 2015 at 8:39 AM, jmath...@mozilla.com wrote: On Tuesday, April 21, 2015 at 3:03:37 AM UTC-5, Gabriele Svelto wrote: On 21/04/2015 08:25, Gabor Krizsanits wrote: Maybe because I usually work on core, and such confidence is hard to reach there, but I'd like to think at

Re: Tiles Design Questions (was Re: Improving trust and transparency for Suggested Tiles)

On Fri, Apr 24, 2015 at 7:05 AM, Mike Hoye mh...@mozilla.com wrote: On 2015-04-24 12:07 AM, Eric Rescorla wrote: Who said anything about excluded? It's simply much easier to discuss detailed topics in a small real-time setting. If there are community members who are well-prepared

Re: Excessive inbound bustage

On Tue, Apr 21, 2015 at 12:14 PM, Ms2ger ms2...@gmail.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/21/2015 06:07 PM, Eric Rescorla wrote: On Tue, Apr 21, 2015 at 8:39 AM, jmath...@mozilla.com wrote: On Tuesday, April 21, 2015 at 3:03:37 AM UTC-5, Gabriele Svelto

Re: Intent to deprecate: Insecure HTTP

On Mon, May 4, 2015 at 9:39 AM, Florian Bösch pya...@gmail.com wrote: On Mon, May 4, 2015 at 6:33 PM, Adam Roach a...@mozilla.com wrote: You have made some well-thought-out contributions to conversations at Mozilla in the past. I'm a little sad that you're choosing not to participate in

Re: Intent to deprecate: Insecure HTTP

On Mon, May 4, 2015 at 10:52 AM, Florian Bösch pya...@gmail.com wrote: On Mon, May 4, 2015 at 7:43 PM, Eric Rescorla e...@rtfm.com wrote: This would be more useful if you explained what they considered the cost of converting to HTTPS so, so we could discuss ways to ameliorate that cost. I

Re: What's the plan to implement UDP sockets in Worker?

the confusion -Ekr Cheers, Josh On 2015-05-03 2:26 PM, Eric Rescorla wrote: The difficulty is that this is not a safe piece of functionality to expose to unprivileged code. -Ekr On Sat, May 2, 2015 at 8:03 PM, Josh Matthews j...@joshmatthews.net wrote: On 2015-05-02 10:33 AM, Yonggang Luo

Re: Intent to deprecate: Insecure HTTP

On Thu, Apr 30, 2015 at 5:57 PM, diaf...@gmail.com wrote: Here's two relevant Bugzilla bugs: Self-signed certificates are treated as errors: https://bugzilla.mozilla.org/show_bug.cgi?id=431386 Switch generic icon to negative feedback for non-https sites:

Re: Intent to deprecate: Insecure HTTP

On Mon, May 4, 2015 at 12:59 PM, Florian Bösch pya...@gmail.com wrote: On Mon, May 4, 2015 at 8:06 PM, Eric Rescorla e...@rtfm.com wrote: I'm going to refer you at this point to the W3C HTML design principles of priority of constituencies (http://www.w3.org/TR/html-design-principles

Re: What's the plan to implement UDP sockets in Worker?

The difficulty is that this is not a safe piece of functionality to expose to unprivileged code. -Ekr On Sat, May 2, 2015 at 8:03 PM, Josh Matthews j...@joshmatthews.net wrote: On 2015-05-02 10:33 AM, Yonggang Luo wrote: I am looking into it. I have not been able to find any prior art on

Re: Intent to deprecate: Insecure HTTP

On Mon, May 4, 2015 at 1:57 PM, Xidorn Quan quanxunz...@gmail.com wrote: On Tue, May 5, 2015 at 6:04 AM, Martin Thomson m...@mozilla.com wrote: On Mon, May 4, 2015 at 11:00 AM, Daniel Holbert dholb...@mozilla.com wrote: (I think there's a strong case for disabling *persistent* fullscreen

Re: Changing the style guide's preference for loose over strict equality checks in non-test code (was: Re: PSA: The mochitest ise() function is dead, please use is() instead)

On Thu, May 14, 2015 at 9:14 AM, Martin Thomson m...@mozilla.com wrote: On Thu, May 14, 2015 at 5:17 AM, Gijs Kruitbosch gijskruitbo...@gmail.com wrote: On 14/05/2015 01:21, Martin Thomson wrote: On Wed, May 13, 2015 at 4:54 PM, Matthew N. mattn+firefox-...@mozilla.com wrote: In

Re: Intent to deprecate: Insecure HTTP

On Tue, Apr 14, 2015 at 7:01 AM, Aryeh Gregor a...@aryeh.name wrote: On Tue, Apr 14, 2015 at 3:36 PM, Gervase Markham g...@mozilla.org wrote: Yep. That's the system working. CA does something they shouldn't, we find out, CA is no longer trusted (perhaps for a time). Or do you have an

Re: changing the default platform and operating-system on bugzilla.mozilla.org to all / all

+1 On Tue, Apr 14, 2015 at 3:59 PM, Justin Dolske dol...@mozilla.com wrote: On 4/14/15 8:40 AM, Dave Townsend wrote: I've gotten used to just ignoring these fields and reading the bugs instead. I wouldn't feel any loss if they were just removed from display entirely. +1. The fields are

Re: Proposed W3C Charter: WebRTC Working Group

FWIW, this is a consensus charter that came out of a long discussion that we were in. It's not perfect, but I believe it's generally sound... -Ekr On Fri, Jun 12, 2015 at 2:27 PM, L. David Baron dba...@dbaron.org wrote: The W3C is proposing a revised charter for: Web Performance Working

Re: Replacing PR_LOG levels

As I said earlier, I agree with Jesup. If people insist on not adding above debug, at least please allow individual modules to use a number that is DEBUG+1 on their own this is relevant for a lot of the media stuff which actually has its own logging and just shims to PR_LOG anyway). -Ekr On

Re: Secure contexts required for new web platform features

On Wed, Jul 1, 2015 at 11:35 AM, L. David Baron dba...@mozilla.com wrote: On Tuesday 2015-06-30 17:00 -0400, Richard Barnes wrote: Second, when we implement new web platform features, they will be enabled only on secure contexts. Exceptions can be granted, but will need to be justified as

Re: Proposal to remove `aFoo` prescription from the Mozilla style guide for C and C++

I am in favor of getting rid of aFoo. -Ekr P.S. At the risk of convincing people I am crazy and thus discounting my opinion above, I rather prefer foo_ to mFoo, but this seems like more a matter of taste. On Mon, Jul 6, 2015 at 8:55 PM, Robert O'Callahan rob...@ocallahan.org wrote: On Tue,

Re: Linked Data must die. (was: Linked Data and a new Browser API event)

On Thu, Jul 2, 2015 at 11:47 AM, Gordon Brander gbran...@mozilla.com wrote: This thread has been fun to follow. There are only 2 hard problems in Comp Sci and naming things is one of them ;). Just wanted to quickly chip in: during our lively discussion about naming, let’s not forget Postel’s

Re: Replacing PR_LOG levels

On Fri, May 22, 2015 at 11:46 AM, Randell Jesup rjesup.n...@jesup.org wrote: As part of the effort to improve logging in gecko we'd like to introduce a new set of unified log levels. *PR_LOG_DEBUG + 1 aka log level 5* Various bits of code invented a log level that was less important than

Re: Replacing PR_LOG levels

On Fri, May 22, 2015 at 3:36 PM, Eric Rahm er...@mozilla.com wrote: The above will also be surprising since it will work differently than other modules, making the same sorts of debugs appear at different levels. This would be expecially confusing to people not frequently working in the

Re: Replacing PR_LOG levels

On Fri, May 22, 2015 at 1:02 PM, Nicholas Nethercote n.netherc...@gmail.com wrote: On Sat, May 23, 2015 at 4:46 AM, Randell Jesup rjesup.n...@jesup.org wrote: Various bits of code invented a log level that was less important than debug (I would call this verbose). This was not specified in

Re: Proposal to remove `aFoo` prescription from the Mozilla style guide for C and C++

On Tue, Jul 7, 2015 at 6:03 AM, Kartikaya Gupta kgu...@mozilla.com wrote: I'd be interested to know: of those people who are in favour of removing the prefix, how many regularly have to deal with functions that are longer than two pages (a page is however much code you can see at a time in

Re: Use of 'auto'

On Tue, Aug 4, 2015 at 8:55 PM, Jeff Walden jwalden+...@mit.edu wrote: On 08/02/2015 07:17 AM, smaug wrote: MakeAndAddRef would have the same problem as MakeUnique. Doesn't really tell what type is returned. For the MakeUnique uses I've added (doubtless many more have popped up since),

Re: Collecting web platform features implementation status

On Thu, Jul 16, 2015 at 7:26 PM, Ehsan Akhgari ehsan.akhg...@gmail.com wrote: On 2015-07-16 9:21 PM, Martin Thomson wrote: On Thu, Jul 16, 2015 at 5:44 PM, Benjamin Kelly bke...@mozilla.com wrote: FWIW, I've sent an intent to implement for the Streams API, but I won't be able to

Re: Merging comm-central into mozilla-central

On Fri, Oct 23, 2015 at 3:11 PM, Gregory Szorc wrote: > On Fri, Oct 23, 2015 at 10:08 PM, Mike Hommey wrote: > > > On Fri, Oct 23, 2015 at 01:22:35PM -0400, Benjamin Smedberg wrote: > > > I support going back to a giant monolithic repository if we can

Re: Merging comm-central into mozilla-central

Thanks for clarifying. Based on this, it seems like another way to solve this would be to simply stop worrying about breaking comm-central. Wouldn't that be even easier? -Ekr On Fri, Oct 23, 2015 at 3:38 PM, Gregory Szorc <g...@mozilla.com> wrote: > On Fri, Oct 23, 2015 at 11:13

Re: Merging comm-central into mozilla-central

On Fri, Oct 23, 2015 at 11:45 AM, Bobby Holley wrote: > On Fri, Oct 23, 2015 at 11:17 AM, Joshua Cranmer  > wrote: > > Except that to demand contributors don't care about comm-central would be > > to demand of your employees that they should be jerks

Re: Decommissioning "dumbmake"

On Sun, Oct 18, 2015 at 2:52 PM, Nicholas Alexander wrote: > > > On Thu, Oct 15, 2015 at 5:15 PM, Mike Hommey wrote: > >> Hi, >> >> I started a thread with the same subject almost two years ago. The >> motivation hasn't changed, but the context surely

Re: Decommissioning "dumbmake"

On Sun, Oct 18, 2015 at 3:18 PM, Nicholas Alexander <nalexan...@mozilla.com> wrote: > > > On Sun, Oct 18, 2015 at 3:12 PM, Eric Rescorla <e...@rtfm.com> wrote: > >> >> >> On Sun, Oct 18, 2015 at 2:52 PM, Nicholas Alexander < >> nalexan...@mozi

Re: Decommissioning "dumbmake"

On Sun, Oct 18, 2015 at 4:14 PM, Nicholas Nethercote <n.netherc...@gmail.com > wrote: > On Sun, Oct 18, 2015 at 3:12 PM, Eric Rescorla <e...@rtfm.com> wrote: > > > > What's needed here is a dependency management system that > > simply builds what's ne

Re: PSA: Local static analysis builds on Linux and Mac OS X

On Wed, Oct 14, 2015 at 6:37 PM, Martin Thomson wrote: > On Wed, Oct 14, 2015 at 6:32 PM, Gregory Szorc wrote: > > As you stated, this helps detect errors earlier during development, which > > is a huge win. Is there a good reason configure doesn't enable the

Re: C++ feature proposal: specialize conversions for type of usage (local, member, parameter, etc.)

Note: I'm not taking a position on the language feature, just between your two designs. -Ekr On Sun, Oct 11, 2015 at 5:34 AM, Eric Rescorla <e...@rtfm.com> wrote: > > On Sun, Oct 11, 2015 at 4:28 AM, Aryeh Gregor <a...@aryeh.name> wrote: > >> On Sun, Oct 11, 20

Re: C++ feature proposal: specialize conversions for type of usage (local, member, parameter, etc.)

On Sun, Oct 11, 2015 at 4:28 AM, Aryeh Gregor wrote: > On Sun, Oct 11, 2015 at 2:09 PM, Aryeh Gregor wrote: > > A new language feature could be used to solve this: allow conversion > > operators to behave differently based on how the variable is declared. > >

Re: NPAPI plugin use case: native chipcard reader

On Mon, Oct 12, 2015 at 4:22 AM, Gijs Kruitbosch wrote: > Are you effectively saying that you use crypto for signing financial > transactions, and the PIN is used for authenticating the user but not > involved in the actual signature/crypto algorithm? Therefore, if a

Re: NPAPI plugin use case: native chipcard reader

On Mon, Oct 12, 2015 at 5:01 AM, Gijs Kruitbosch <gijskruitbo...@gmail.com> wrote: > On 12/10/2015 12:34, Eric Rescorla wrote: > >> On Mon, Oct 12, 2015 at 4:22 AM, Gijs Kruitbosch < >> gijskruitbo...@gmail.com> >> wrote: >> >> Are you effectively

Re: You can now freely mix declarations and statements in all Mozilla C code

On Wed, Sep 9, 2015 at 5:41 PM, Nicholas Nethercote wrote: > Hi, > > In C89 you can't mix declarations and statements, i.e. you have to > declare local variables at the top of a block. C99 relaxed this > annoying restriction, but MSVC did not add support for it for a long

Re: NPAPI plug-in use case: live video broadcast

On Tue, Sep 29, 2015 at 3:44 AM, Oliver Lietz wrote: > > > > > > > Firefox WebRTC supports H.264. > Yes but only Baseline profile and not with high quality. > I believe that OpenH264 has started to add some high profile features, but yes, it's not currently HP. Focus is for

Re: Disabling C++ tests by default?

On Thu, Oct 1, 2015 at 10:25 PM, Mike Hommey wrote: > On Thu, Oct 01, 2015 at 10:10:39PM -0700, Gregory Szorc wrote: > > Currently, the Firefox build system builds C++ tests by default. This > adds > > extra time to builds for something that a significant chunk of developers >

Re: Disabling C++ tests by default?

On Fri, Oct 2, 2015 at 9:08 AM, Randell Jesup wrote: > >On Thu, Oct 1, 2015 at 10:25 PM, Mike Hommey wrote: > > > >> On Thu, Oct 01, 2015 at 10:10:39PM -0700, Gregory Szorc wrote: > >> > Currently, the Firefox build system builds C++ tests by > >> > default.

Re: Disabling C++ tests by default?

On Fri, Oct 2, 2015 at 3:31 PM, Mike Hommey <m...@glandium.org> wrote: > On Fri, Oct 02, 2015 at 10:01:45AM -0700, Eric Rescorla wrote: > > > Because the win is small, it shouldn't be a priority, but requiring > > > something like --enable-cpp-tests should

Re: NPAPI plug-in use case: live video broadcast

On Sat, Sep 19, 2015 at 11:09 AM, Oliver Lietz wrote: > Hi, > our nanoStream plugin supports live encoding and streaming with > h264/aac/rtmp from live camera sources and capture devices. > We needed to replace this with a native extension on Chrome. > WebRTC is a possible

Re: Intent to ship: Directory picking and directory drag-and-drop

On Mon, Sep 21, 2015 at 8:48 PM, Eric Shepherd <esheph...@mozilla.com> wrote: > Eric Rescorla wrote: > > I think there are some fairly obvious issues here, including: > > - There are obvious sensitive files you shouldn't upload under > basically any conditions. >

Re: NPAPI plug-in use case: live video broadcast

On Fri, Sep 25, 2015 at 3:20 PM, <li...@nanocosmos.de> wrote: > On Saturday, September 19, 2015 at 8:15:50 PM UTC+2, Eric Rescorla wrote: > > On Sat, Sep 19, 2015 at 11:09 AM, Oliver Lietz <oli...@gmail.com> wrote: > > > > > Hi, > > > our nanoStrea

Re: Intent to ship: Directory picking and directory drag-and-drop

On Mon, Sep 21, 2015 at 3:58 PM, Jonathan Watt <jw...@jwatt.org> wrote: > On 21/09/2015 19:57, Eric Rescorla wrote: > >> On Mon, Sep 21, 2015 at 11:23 AM, Jonas Sicking <jo...@sicking.cc> wrote: >> >> Note that this, similarly to clipboard integration, is al

  1   2   3   >