Re: SharedArrayBuffer and Atomics will ride the trains behind a pref

I hope I didn't suggest that people should stop discussing it; all I wanted to do was to lay out the background for the debate and the evidence that has been presented so far, in particular given Richard's strong assertions about what this attack is able to do in JS, in a browser - which in truth

Re: SharedArrayBuffer and Atomics will ride the trains behind a pref

On Thu, Mar 3, 2016 at 11:39 PM, Lars Hansen wrote: > On Fri, Mar 4, 2016 at 1:41 AM, Richard Barnes > wrote: > > > Another good reason for blocking this for now is that it lets Javascript > > circumvent the 5usec granularity of performance.now() and do

Re: SharedArrayBuffer and Atomics will ride the trains behind a pref

On Fri, Mar 4, 2016 at 1:41 AM, Richard Barnes wrote: > Another good reason for blocking this for now is that it lets Javascript > circumvent the 5usec granularity of performance.now() and do things like > stealing private keys. > >

Re: SharedArrayBuffer and Atomics will ride the trains behind a pref

Another good reason for blocking this for now is that it lets Javascript circumvent the 5usec granularity of performance.now() and do things like stealing private keys. https://www.w3.org/TR/hr-time/#privacy-security http://iss.oy.ne.ro/SpyInTheSandbox.pdf

Re: SharedArrayBuffer and Atomics will ride the trains behind a pref

It's not enabled by default because the API is probably not fully baked yet; until the spec reaches Stage 3 at TC39 we should expect things to be fluid. I don't expect that milestone to be reached until this summer. We've discussed enabling by default on Aurora, DevEd, and Beta once we reach

SharedArrayBuffer and Atomics will ride the trains behind a pref

Until now the new SharedArrayBuffer constructor and the new Atomics global object [1] have been enabled on Nightly only. Starting with Firefox 46, those bindings will still be enabled by default on Nightly but they will also be available on Aurora, DevEd, Beta, and Release by flipping the value

Re: SharedArrayBuffer and Atomics will ride the trains behind a pref

Hi, I saw the lightning talk you gave in Orlando in this topic. I was wondering if you considered implementing Transactional Memory for SharedArrayBuffer. JS seems like the perfect environment for TM. Are there reasons for 'only' providing atomic ops? Just asking out of curiosity... Best regards

Re: SharedArrayBuffer and Atomics will ride the trains behind a pref

Thanks! Am 14.01.2016 um 15:08 schrieb Lars Hansen: > On Thu, Jan 14, 2016 at 2:49 PM, Thomas Zimmermann > wrote: > >> Hi, >> >> I saw the lightning talk you gave in Orlando in this topic. I was >> wondering if you considered implementing Transactional Memory for >>

Re: SharedArrayBuffer and Atomics will ride the trains behind a pref

On Thu, Jan 14, 2016 at 2:49 PM, Thomas Zimmermann wrote: > Hi, > > I saw the lightning talk you gave in Orlando in this topic. I was > wondering if you considered implementing Transactional Memory for > SharedArrayBuffer. ​I have not (or, not in earnest). ​ > JS

Re: SharedArrayBuffer and Atomics will ride the trains behind a pref

Yes, disabled by default on all branches, enabled by default on Nightly. (It's also supported on ARM, so it should be possible to test it on Android, again by flipping the pref.) --lars On Thu, Jan 14, 2016 at 9:14 PM, Jonas Sicking wrote: > Hi Lars, > > So if I understand

Re: SharedArrayBuffer and Atomics will ride the trains behind a pref

Sounds good to me too. What's blocking us from enabling by default? Rob -- lbir ye,ea yer.tnietoehr rdn rdsme,anea lurpr edna e hnysnenh hhe uresyf toD selthor stor edna siewaoeodm or v sstvr esBa kbvted,t rdsme,aoreseoouoto o l euetiuruewFa kbn e hnystoivateweh uresyf tulsa rehr rdm

Re: SharedArrayBuffer and Atomics will ride the trains behind a pref

Hi Lars, So if I understand correctly, this will still remain disabled by default on all branches. However it will now be possible to test out on all branches by flipping a pref? If so that sounds great to me. / Jonas On Thu, Jan 14, 2016 at 5:16 AM, Lars Hansen wrote: >

Re: SharedArrayBuffer and Atomics will ride the trains behind a pref

For additional rationale, you might be interested to read: https://blog.mozilla.org/javascript/2015/02/26/the-path-to-parallel-javascript/ On Thu, Jan 14, 2016 at 8:11 AM, Thomas Zimmermann wrote: > Thanks! > > Am 14.01.2016 um 15:08 schrieb Lars Hansen: >> On Thu,