I hope I didn't suggest that people should stop discussing it; all I wanted
to do was to lay out the background for the debate and the evidence that
has been presented so far, in particular given Richard's strong assertions
about what this attack is able to do in JS, in a browser - which in truth
On Thu, Mar 3, 2016 at 11:39 PM, Lars Hansen wrote:
> On Fri, Mar 4, 2016 at 1:41 AM, Richard Barnes
> wrote:
>
> > Another good reason for blocking this for now is that it lets Javascript
> > circumvent the 5usec granularity of performance.now() and do
On Fri, Mar 4, 2016 at 1:41 AM, Richard Barnes wrote:
> Another good reason for blocking this for now is that it lets Javascript
> circumvent the 5usec granularity of performance.now() and do things like
> stealing private keys.
>
>
Another good reason for blocking this for now is that it lets Javascript
circumvent the 5usec granularity of performance.now() and do things like
stealing private keys.
https://www.w3.org/TR/hr-time/#privacy-security
http://iss.oy.ne.ro/SpyInTheSandbox.pdf
It's not enabled by default because the API is probably not fully baked
yet; until the spec reaches Stage 3 at TC39 we should expect things to be
fluid. I don't expect that milestone to be reached until this summer.
We've discussed enabling by default on Aurora, DevEd, and Beta once we
reach
Until now the new SharedArrayBuffer constructor and the new Atomics global
object [1] have been enabled on Nightly only. Starting with Firefox 46,
those bindings will still be enabled by default on Nightly but they will
also be available on Aurora, DevEd, Beta, and Release by flipping the value
Hi,
I saw the lightning talk you gave in Orlando in this topic. I was
wondering if you considered implementing Transactional Memory for
SharedArrayBuffer. JS seems like the perfect environment for TM. Are
there reasons for 'only' providing atomic ops? Just asking out of
curiosity...
Best regards
Thanks!
Am 14.01.2016 um 15:08 schrieb Lars Hansen:
> On Thu, Jan 14, 2016 at 2:49 PM, Thomas Zimmermann
> wrote:
>
>> Hi,
>>
>> I saw the lightning talk you gave in Orlando in this topic. I was
>> wondering if you considered implementing Transactional Memory for
>>
On Thu, Jan 14, 2016 at 2:49 PM, Thomas Zimmermann
wrote:
> Hi,
>
> I saw the lightning talk you gave in Orlando in this topic. I was
> wondering if you considered implementing Transactional Memory for
> SharedArrayBuffer.
I have not (or, not in earnest).
> JS
Yes, disabled by default on all branches, enabled by default on Nightly.
(It's also supported on ARM, so it should be possible to test it on
Android, again by flipping the pref.)
--lars
On Thu, Jan 14, 2016 at 9:14 PM, Jonas Sicking wrote:
> Hi Lars,
>
> So if I understand
Sounds good to me too. What's blocking us from enabling by default?
Rob
--
lbir ye,ea yer.tnietoehr rdn rdsme,anea lurpr edna e hnysnenh hhe uresyf
toD
selthor stor edna siewaoeodm or v sstvr esBa kbvted,t
rdsme,aoreseoouoto
o l euetiuruewFa kbn e hnystoivateweh uresyf tulsa rehr rdm
Hi Lars,
So if I understand correctly, this will still remain disabled by
default on all branches. However it will now be possible to test out
on all branches by flipping a pref?
If so that sounds great to me.
/ Jonas
On Thu, Jan 14, 2016 at 5:16 AM, Lars Hansen wrote:
>
For additional rationale, you might be interested to read:
https://blog.mozilla.org/javascript/2015/02/26/the-path-to-parallel-javascript/
On Thu, Jan 14, 2016 at 8:11 AM, Thomas Zimmermann
wrote:
> Thanks!
>
> Am 14.01.2016 um 15:08 schrieb Lars Hansen:
>> On Thu,
13 matches
Mail list logo