Re: Lazy Blob

2012-08-02 Thread Florian Bösch
On Wed, Aug 1, 2012 at 9:50 PM, Glenn Adams gl...@skynav.com wrote: Further, a default behavior in the absence of such an injection might be defined simply to read data from the WS and stuff into the blob. Which kind of defeats the purpose because you wanted to read ranges, so not a whole

Re: Lazy Blob

2012-08-02 Thread Florian Bösch
On Wed, Aug 1, 2012 at 6:51 PM, Glenn Adams gl...@skynav.com wrote: I'm questioning defining a LazyBlob that is solely usable with XHR. It would be better to have a more generic version IMO. Websockets have no content semantics, therefore any lazy content negotiating reader cannot deal with

Re: Lazy Blob

2012-08-02 Thread Florian Bösch
On Wed, Aug 1, 2012 at 6:40 PM, Glenn Adams gl...@skynav.com wrote: Why restrict to XHR? How about WebSocket as data source? Websockets support array buffers and therefore by extension any blob/file object. However as a stream oriented API websockets have no content aquisition, negotation,

Re: Lazy Blob

2012-08-02 Thread Florian Bösch
On Thu, Aug 2, 2012 at 5:45 PM, Glenn Adams gl...@skynav.com wrote: No it hasn't. If you want a real world use case it is this: my architectural constraints as an author for some particular usage requires that I use WS rather than XHR. I wish to have support for the construct being discussed

Re: Lazy Blob

2012-08-02 Thread Florian Bösch
On Thu, Aug 2, 2012 at 6:37 PM, Glenn Adams gl...@skynav.com wrote: I am not proposing a particular browser supported semantic for a specific implementation on the server. I have suggested, by way of example, two particular patterns be supported independently of any such implementation. I did

Drawing Tablets

2012-08-02 Thread Florian Bösch
I'm interested in drawing tablets and I wonder how that might appear in browsers. Typically drawing tablets have these properties: - PenID: The current pen ID being used - Tool type: the classification of the pen - Proximity: in range of the magnet-resonance sensors - Distance: distance over the

Re: Lazy Blob

2012-08-02 Thread Florian Bösch
On Wed, Aug 1, 2012 at 9:26 PM, Glenn Adams gl...@skynav.com wrote: So? Why should lazy blob be specific to HTTP specific semantics when an arbitrary URL is not specific to HTTP? Reading a resource at arbitrary locations requires two things: 1) That a resource is understood as a container of

Re: Lazy Blob

2012-08-02 Thread Florian Bösch
On Thu, Aug 2, 2012 at 5:58 PM, Glenn Adams gl...@skynav.com wrote: All WS usage requires a particular (application specific) implementation on the server, does it not? Notwithstanding that fact, such usage will fall into certain messaging patterns. I happened to give an example of two

Re: Lazy Blob

2012-08-02 Thread Florian Bösch
On Wed, Aug 1, 2012 at 10:13 PM, Glenn Adams gl...@skynav.com wrote: The subject line says Lazy Blob, not Lazy Blob and XHR. For the record, I will object to a LazyBlob solution that is tied solely to XHR, so deal with it now rather than later. Then you better get onto specifying a

Re: Lazy Blob

2012-08-02 Thread Florian Bösch
On Wed, Aug 1, 2012 at 7:57 PM, Glenn Adams gl...@skynav.com wrote: blob = bb.getBlobFromURL(ws://specifiction.com/image/kitten.pnghttp://specifiction.com/kitten.png ) There is no application layer transfer protocol inherent in websockets. Requesting a resource does not have any inherent

Drawing Tablets

2012-08-02 Thread Florian Bösch
I'm interested in drawing tablets and I wonder how that might appear in browsers. Typically drawing tablets have these properties: - PenID: The current pen ID being used - Tool type: the classification of the pen - Proximity: in range of the magnet-resonance sensors - Distance: distance over the

Re: Drawing Tablets

2012-08-03 Thread Florian Bösch
On Fri, Aug 3, 2012 at 8:09 AM, Charles Pritchard ch...@jumis.com wrote: Touch events v2 has some properties, such as pressure Although lacking most other properties (Z, tilt, rotation etc.) InkML covers the full serialization of captured data. It looked fairly complete, though I was

Re: Drawing Tablets

2012-08-03 Thread Florian Bösch
On Fri, Aug 3, 2012 at 6:12 PM, Charles Pritchard ch...@jumis.com wrote: WebGL vectors map well to brush traces. One would process a trace group into an int or float array then upload that to webgl for rendering. Or, one might use that array to render via Canvas 2d. It's a little more

Re: Drawing Tablets

2012-08-03 Thread Florian Bösch
On Fri, Aug 3, 2012 at 6:54 PM, Charles Pritchard ch...@jumis.com wrote: As I understand it, the browsers have mature event queues; and everything comes with a timestamp. We've got requestAnimationFrame as our primary loop for processing the queue. To clear a queue (so to speak), I believe

Re: Drawing Tablets

2012-08-03 Thread Florian Bösch
On Fri, Aug 3, 2012 at 7:21 PM, Charles Pritchard ch...@jumis.com wrote: What kind of correlated events are you thinking of? For instance most tablet drivers deliver X/Y events separately. If you processed those individually, fast brushstrokes would become staircases. To avoid that, developers

Re: GamepadObserver (ie. MutationObserver + Gamepad)

2012-08-03 Thread Florian Bösch
On Sat, Aug 4, 2012 at 12:52 AM, Glenn Maynard gl...@zewt.org wrote: On Mon, May 7, 2012 at 2:33 PM, Scott Graham scot...@chromium.org wrote: - As you point out, the 360 controller is by far the most common PC gamepad, and on its native platforms its standard API XInput is exclusively

Re: GamepadObserver (ie. MutationObserver + Gamepad)

2012-08-04 Thread Florian Bösch
On Sat, Aug 4, 2012 at 3:11 AM, Glenn Maynard gl...@zewt.org wrote: On a quick test, Firefox is firing mousemove events at 120Hz; this is about the same magnitude of data. We don't currently have any infrastructure for using ArrayBuffers for complex data, so it'd either need to be something

Re: GamepadObserver (ie. MutationObserver + Gamepad)

2012-08-04 Thread Florian Bösch
On Sat, Aug 4, 2012 at 11:07 AM, b...@pettay.fi b...@pettay.fi wrote: The update rate depends on the device. Tablet updates reach way beyond 120HZ and even my 3D mouse clocks in at about 500 events/s. And a major obstacle for a realtime input device is when the realtime app trying to use it

Re: GamepadObserver (ie. MutationObserver + Gamepad)

2012-08-04 Thread Florian Bösch
On Sat, Aug 4, 2012 at 11:24 AM, Olli Pettay olli.pet...@helsinki.fiwrote: It doesn't matter if they're bugs (I often see them in conjunction to array buffer allocation). Of course it matters. APIs shouldn't be designed based on implementation bugs It doesn't because those bugs have not

Re: GamepadObserver (ie. MutationObserver + Gamepad)

2012-08-04 Thread Florian Bösch
On Sat, Aug 4, 2012 at 11:31 AM, Florian Bösch pya...@gmail.com wrote: On Sat, Aug 4, 2012 at 11:24 AM, Olli Pettay olli.pet...@helsinki.fiwrote: It doesn't matter if they're bugs (I often see them in conjunction to array buffer allocation). Of course it matters. APIs shouldn't be designed

Re: GamepadObserver (ie. MutationObserver + Gamepad)

2012-08-04 Thread Florian Bösch
On Sat, Aug 4, 2012 at 11:46 AM, Florian Bösch pya...@gmail.com wrote: It's OK because the other half these projects owe it to array buffers to make things run blazing fast, since the JIT in V8 enthusiastically optimizes JS, the reduced pointer indirection speeds things up and the better

Re: GamepadObserver (ie. MutationObserver + Gamepad)

2012-08-04 Thread Florian Bösch
On Sat, Aug 4, 2012 at 7:03 PM, Glenn Maynard gl...@zewt.org wrote: Here's a rough sketch of an API that provides clean forwards-compatibility for devices. I think this also avoids all of the issues I talked about earlier: it gives a clean, easy to use event-based API that preserves ordering

Re: GamepadObserver (ie. MutationObserver + Gamepad)

2012-08-04 Thread Florian Bösch
On Sat, Aug 4, 2012 at 7:10 PM, Florian Bösch pya...@gmail.com wrote: What happens if there is no supported profile? Oh nm, then it's raw, stupid question.

Re: GamepadObserver (ie. MutationObserver + Gamepad)

2012-08-04 Thread Florian Bösch
On Sat, Aug 4, 2012 at 7:03 PM, Glenn Maynard gl...@zewt.org wrote: I haven't tried to incorporate Florian's suggestion of using something like ArrayBuffer. That could be supported later, eg. by providing a readIntoBuffer(buffer) next to read(). That's too complex to try to tackle all at

Re: Lazy Blob

2012-08-06 Thread Florian Bösch
On Mon, Aug 6, 2012 at 8:39 PM, Glenn Adams gl...@skynav.com wrote: I'll leave the translation of IM protocol to user facing use case as homework for the reader. It is trivial. My intent is to show a use case where one would use a persistent connection and a series of send/response messages

Re: Lazy Blob

2012-08-06 Thread Florian Bösch
On Mon, Aug 6, 2012 at 9:33 PM, Glenn Adams gl...@skynav.com wrote: The same reason that a remote blob would be useful with XHR. Since you're steadfastly refusing to detail your use case, that'll just mean none to me.

Re: GamepadObserver (ie. MutationObserver + Gamepad)

2012-08-07 Thread Florian Bösch
On Tue, Aug 7, 2012 at 2:29 AM, Glenn Maynard gl...@zewt.org wrote: 5ms is an *eternity* when you're aiming for 60 FPS, where you only have 16.6ms per frame to play with. That's 30% of your CPU budget just for memory management. It doesn't matter if it's 5ms every 100 frames, since it's the

Re: Web Components Suggestion

2012-08-12 Thread Florian Bösch
It's my understanding that if you want to define a strict parser using a DTD that describes the markup, it's impossible to introduce arbitrary tage names (as in there are not tag wildcards in a DTD). A document that used arbitrary tags could not be validated. On Sun, Aug 12, 2012 at 8:05 AM, Dave

Re: Web Components Suggestion

2012-08-13 Thread Florian Bösch
On Mon, Aug 13, 2012 at 3:12 AM, Michael[tm] Smith m...@w3.org wrote: There is no conceivable conformance checker that's going to allow the use of completely arbitrary tag names. It doesn't matter what formalism it uses. To allow custom tag names and still be able to check the conformance of

Re: Web Components Suggestion

2012-08-13 Thread Florian Bösch
On Mon, Aug 13, 2012 at 12:38 PM, Chaals McCathieNevile w...@chaals.comwrote: On Mon, 13 Aug 2012 10:47:22 +0200, Florian Bösch pya...@gmail.com wrote: On Mon, Aug 13, 2012 at 3:12 AM, Michael[tm] Smith m...@w3.org wrote: There is no conceivable conformance checker that's going to allow

Re: Sandbox

2012-09-17 Thread Florian Bösch
On Mon, Sep 17, 2012 at 3:06 PM, Joran Greef jo...@ronomon.com wrote: You are conflating web apps (trusted, installed) with web pages (single link click). You should clarify that when you say web-apps you mean the other kind. No, WebSockets are not plain old TCP. After handshake the pipe

Re: [pointerlock] Is Pointer Lock feature complete i.e. LC ready? [Was: Re: [admin] Publishing specs before TPAC: CfC start deadline is Oct 15]

2012-10-02 Thread Florian Bösch
I'd like to point out that vendors are using additional failure criteria to determine if pointerlock succeeds that are not outlined in the specification. Firefox uses the fullscreen change event to determine failure and chrome requires the pointer lock request to fail if not resulting from a user

Re: [pointerlock] Is Pointer Lock feature complete i.e. LC ready? [Was: Re: [admin] Publishing specs before TPAC: CfC start deadline is Oct 15]

2012-10-02 Thread Florian Bösch
On Tue, Oct 2, 2012 at 11:52 PM, Olli Pettay olli.pet...@helsinki.fiwrote: On 10/02/2012 11:55 PM, Florian Bösch wrote: I'd like to point out that vendors are using additional failure criteria to determine if pointerlock succeeds that are not outlined in the specification. Firefox uses

Re: [pointerlock] Is Pointer Lock feature complete i.e. LC ready? [Was: Re: [admin] Publishing specs before TPAC: CfC start deadline is Oct 15]

2012-10-02 Thread Florian Bösch
without any user gesture if requested when in fullscreen. Out of fullscreen a user gesture (click, key press) is required. See http://www.chromium.org/developers/design-documents/mouse-lock On Tue, Oct 2, 2012 at 2:59 PM, Florian Bösch pya...@gmail.com wrote: On Tue, Oct 2, 2012 at 11:52 PM, Olli

Re: [Bug 19297] New: May user agents apply additional restrictions on entering pointer lock?

2012-10-09 Thread Florian Bösch
Cheer up everyone, we've got somebody dedicated to writing fullscreen exploits now :) http://feross.org/html5-fullscreen-api-attack/ Summary: Change blindness may make phishing attacks feasible (displaying a mock browser/page in fullscreen) Cause: Switch to fullscreen before user consent. Fix:

Re: [Bug 19297] New: May user agents apply additional restrictions on entering pointer lock?

2012-10-09 Thread Florian Bösch
On Tue, Oct 9, 2012 at 11:41 AM, Charles McCathie Nevile cha...@yandex-team.ru wrote: On Tue, 09 Oct 2012 08:43:13 +0200, Florian Bösch pya...@gmail.com wrote: Cheer up everyone, we've got somebody dedicated to writing fullscreen exploits now :) http://feross.org/html5-**fullscreen-api

Re: [Bug 19297] New: May user agents apply additional restrictions on entering pointer lock?

2012-10-09 Thread Florian Bösch
On Tue, Oct 9, 2012 at 1:45 PM, Anne van Kesteren ann...@annevk.nl wrote: On Tue, Oct 9, 2012 at 12:51 PM, Florian Bösch pya...@gmail.com wrote: TL;DR I don't think you lose anything of value if you move the confirmation to before the fullscreen change and you might just inadvertedly

Re: [admin] Publishing specs before TPAC: CfC start deadline is Oct 15

2012-10-09 Thread Florian Bösch
I've been toying a bit with the current chrome implementation of gamepads, and been trying to make sense of how it would work for firefox. There's a few observations I'd like to share: - Being able to enumerate devices is very convenient. I don't think Firefoxes implementation went that way

Re: full screen api

2012-10-12 Thread Florian Bösch
There was a limited discussion on that a few days ago with the limited consensus (?) being that requiring user-consent up front before switching to fullscreen is desired, should be in the standard and isn't sacrificing UX. On Fri, Oct 12, 2012 at 8:20 PM, Carr, Wayne wayne.c...@intel.com wrote:

Re: Defenses against phishing via the fullscreen api (was Re: full screen api)

2012-10-13 Thread Florian Bösch
On Sat, Oct 13, 2012 at 1:49 PM, Maciej Stachowiak m...@apple.com wrote: I think the most effective defense against phishing via fullscreen is to prevent keyboard access. The original design for requestFullscreen had an optional argument for requesting keyboard access, which led to a warning

Re: Defenses against phishing via the fullscreen api (was Re: full screen api)

2012-10-13 Thread Florian Bösch
You're making fullscreen useless for games. On Sat, Oct 13, 2012 at 9:56 PM, Maciej Stachowiak m...@apple.com wrote: On Oct 13, 2012, at 4:58 AM, Florian Bösch pya...@gmail.com wrote: On Sat, Oct 13, 2012 at 1:49 PM, Maciej Stachowiak m...@apple.com wrote: I think the most effective

Re: Defenses against phishing via the fullscreen api (was Re: full screen api)

2012-10-13 Thread Florian Bösch
WebGL FPSes with fullscreen support - http://media.tojicode.com/q3bsp/ - https://developer.mozilla.org/en-US/demos/detail/bananabread - http://dl.dropbox.com/u/6873971/data/cube2/index.html On Sat, Oct 13, 2012 at 9:58 PM, Florian Bösch pya...@gmail.com wrote: You're making fullscreen useless

Re: Defenses against phishing via the fullscreen api (was Re: full screen api)

2012-10-15 Thread Florian Bösch
Ok, so here's my question. You have a webapp (that oh, happens to be a game, or a slideshow app, or a video player with controls, etc.) which needs keyboard/UI events access to work (come to think of it, can you honestly think of any sort of usecase that does work entirely without user

Re: Defenses against phishing via the fullscreen api (was Re: full screen api)

2012-10-15 Thread Florian Bösch
. Regards, Maciej On Oct 15, 2012, at 3:45 AM, Florian Bösch pya...@gmail.com wrote: Ok, so here's my question. You have a webapp (that oh, happens to be a game, or a slideshow app, or a video player with controls, etc.) which needs keyboard/UI events access to work (come to think of it, can you

Re: Defenses against phishing via the fullscreen api (was Re: full screen api)

2012-10-16 Thread Florian Bösch
On Tue, Oct 16, 2012 at 10:56 PM, Vincent Scheib sch...@google.com wrote: However, if other browsers only implement fullscreen without keyboard support then clearly it would be best if developers could detect this when composing their application interface, avoiding prompting users to enter

Re: Defenses against phishing via the fullscreen api (was Re: full screen api)

2012-10-18 Thread Florian Bösch
it going full screen. -Original Message- From: Jonas Sicking [mailto:jo...@sicking.cc] Sent: Wednesday, October 17, 2012 1:44 AM To: Carr, Wayne Cc: Vincent Scheib; Maciej Stachowiak; public-webapps@w3.org; Chris Pearce; Florian Bösch; Anne van Kesteren Subject: Re: Defenses against

Re: Defenses against phishing via the fullscreen api (was Re: full screen api)

2012-10-18 Thread Florian Bösch
, but touch events would be restricted. On Fri, Oct 19, 2012 at 4:01 AM, Florian Bösch pya...@gmail.com wrote: There are two problems with your proposal: 1) Apple has indicated of not being comfortable with keyboard (and/or UI?) events in fullscreen at all. 2) Apple has also indicated of not liking

Re: Defenses against phishing via the fullscreen api (was Re: full screen api)

2012-10-19 Thread Florian Bösch
On Fri, Oct 19, 2012 at 4:50 AM, Carr, Wayne wayne.c...@intel.com wrote: If touch events are restricted, how does the user pause the video? If you do not disable click/touch on devices with an onscreen keyboard, how do you defend against phishing?

Re: Defenses against phishing via the fullscreen api (was Re: full screen api)

2012-10-19 Thread Florian Bösch
On Fri, Oct 19, 2012 at 9:08 AM, Feross Aboukhadijeh fer...@feross.orgwrote: Apple has also indicated of not liking confirm prompts of any kind whatsoever To reiterate: for 90% (probably more) of fullscreen use cases, there would be no confirmation prompt at all. Only when the developer

Re: Defenses against phishing via the fullscreen api (was Re: full screen api)

2012-10-22 Thread Florian Bösch
FYI Flickr slideshows and Google street view are now fullscreen users. On Tue, Oct 23, 2012 at 12:04 AM, Chris Pearce cpea...@mozilla.com wrote: On 16/10/12 18:48, Maciej Stachowiak wrote: Many games could work with only non-alphanumeric keys or in some cases only the mouse. As could

Re: Defenses against phishing via the fullscreen api (was Re: full screen api)

2012-10-22 Thread Florian Bösch
On Tue, Oct 23, 2012 at 12:50 AM, Maciej Stachowiak m...@apple.com wrote: Based on all this, I continue to think that requesting keyboard access should involve separate API, so that it can be feature-detected and given different security treatment by vendors as desired. This is what Flash

Re: Pre-fetch rough draft

2012-10-30 Thread Florian Bösch
The specification states that Prefetch requests must not include cookies. which is not an effective measure to prevent user profiling. For instance somebody could auto generate the prefetch.txt tailored to the user to fetch URLs like to

Re: Two years on and still no sensible web storage solutions exist

2012-11-12 Thread Florian Bösch
I'd like to propose as a constructive strategy not to flame/offend everybody right off the bat. I'm sure there's reasons, I'd like to hear them, too. On Fri, Nov 9, 2012 at 7:24 PM, Todd Blanchard toddvblanch...@gmail.comwrote: It has been two years since the following little note was attached

Re: Two years on and still no sensible web storage solutions exist

2012-11-12 Thread Florian Bösch
On Mon, Nov 12, 2012 at 1:12 PM, Charles McCathie Nevile cha...@yandex-team.ru wrote: The Webapps group will continue to try and reach industry agreement on ways to handle data storage for offline applications. Help is appreciated. Trying to help is generally appreciated too. A slight

Re: Two years on and still no sensible web storage solutions exist

2012-11-12 Thread Florian Bösch
On Mon, Nov 12, 2012 at 1:36 PM, Todd Blanchard toddvblanch...@gmail.comwrote: Wondering what is wrong with the blob type in SQLite? A couple of things 1) Array buffers can't be passed to websql 2) websql is subject to the hard quota (5mb) and I'm talking about gigabytes of data 3)

Re: Two years on and still no sensible web storage solutions exist

2012-11-12 Thread Florian Bösch
On Mon, Nov 12, 2012 at 3:49 PM, Kyle Huey m...@kylehuey.com wrote: Er, IndexedDB should handle ArrayBuffers just fine. If you're seeing problems with that that's an implementation bug, not a case that the spec failed to handle. You're right it does, I just checked. Nevertheless there are

Re: Two years on and still no sensible web storage solutions exist

2012-11-12 Thread Florian Bösch
On Mon, Nov 12, 2012 at 7:19 PM, Todd Blanchard toddvblanch...@gmail.comwrote: Gigabytes of data? Why would one subject WebSQL to a hard quote of 5M and think using gigabytes of user disk space in a different scenario is OK? Something seems out of balance here. Why limit one but not the

Re: Two years on and still no sensible web storage solutions exist

2012-11-12 Thread Florian Bösch
On Mon, Nov 12, 2012 at 7:42 PM, João Eiras jo...@opera.com wrote: You're again confusing implementation details with the specification. User agents are free to implement whatever quota management they want, as long as it's transparent and respects the visible effects on the webpage side.

Re: Two years on and still no sensible web storage solutions exist

2012-11-12 Thread Florian Bösch
Similarly the vendors deciding not wanting to support WebSQL isn't a spec issue and it should be filed in the bug tracker of your favorite vendor. On Mon, Nov 12, 2012 at 8:02 PM, João Eiras jo...@opera.com wrote: On Mon, 12 Nov 2012 19:50:20 +0100, Florian Bösch pya...@gmail.com wrote

Re: Two years on and still no sensible web storage solutions exist

2012-11-12 Thread Florian Bösch
Care to paste that one? I'll test it in firefox. On Mon, Nov 12, 2012 at 9:25 PM, Boris Zbarsky bzbar...@mit.edu wrote: On 11/12/12 8:17 AM, Florian Bösch wrote: This testsite: http://codeflow.org/issues/**indexeddb.htmlhttp://codeflow.org/issues/indexeddb.html Putting 50mb takes between

Re: Two years on and still no sensible web storage solutions exist

2012-11-12 Thread Florian Bösch
In FF 16.0.2 on linux, 50mb put takes about 100ms and get takes about 500ms. On Mon, Nov 12, 2012 at 10:50 PM, Boris Zbarsky bzbar...@mit.edu wrote: On 11/12/12 12:31 PM, Florian Bösch wrote: Care to paste that one? I'll test it in firefox. http://pastebin.mozilla.org/**1937689http

Re: Two years on and still no sensible web storage solutions exist

2012-11-12 Thread Florian Bösch
A-ha. Filled payload with random. Now it's FF 4.4s put, 5.5s get. In line with chromes perf. On Mon, Nov 12, 2012 at 11:46 PM, Boris Zbarsky bzbar...@mit.edu wrote: On 11/12/12 1:56 PM, Florian Bösch wrote: In FF 16.0.2 on linux, 50mb put takes about 100ms and get takes about 500ms

random numbers API

2012-11-16 Thread Florian Bösch
Motivation: Web Applications enter the arena of interactive content creation/consumption (games, productivity software, etc.). A good PRNG would be desirable in many situations. Web Applications that desire to use random numbers have a 4 problems with the existing Math.random function. 1) The

Re: random numbers API

2012-11-16 Thread Florian Bösch
On Fri, Nov 16, 2012 at 4:22 PM, Anne van Kesteren ann...@annevk.nl wrote: Did you discuss this with TC39? I did not, sorry if this is the wrong place for it.

Re: random numbers API

2012-11-16 Thread Florian Bösch
On Fri, Nov 16, 2012 at 4:24 PM, frederick.hir...@nokia.com wrote: The W3C Web Cryptography working group [1] has a draft that seems to include a method to generate cryptographically random values [2]. It does include a random number generator. However it does not include seeding and

Re: random numbers API

2012-11-16 Thread Florian Bösch
On Fri, Nov 16, 2012 at 5:20 PM, David Bruant bruan...@gmail.com wrote: That'd be a nonsense to add seeding in my opinion. If you want security, you don't want to take the risk of people seeding and loose all security property. If it's for debugging purposes, the seeding should be part of a

Re: random numbers API

2012-11-16 Thread Florian Bösch
I'll see that I can come up with a test suite that verifies statistical and runtime behavior of an array of algorithms implemented in JS, it'll probably take a while. On Fri, Nov 16, 2012 at 6:02 PM, David Bruant bruan...@gmail.com wrote: Le 16/11/2012 17:35, Florian Bösch a écrit : On Fri

Re: Defenses against phishing via the fullscreen api (was Re: full screen api)

2012-12-19 Thread Florian Bösch
On Thu, Dec 20, 2012 at 8:08 AM, Maciej Stachowiak m...@apple.com wrote: And given this difference in UA behavior, it seems useful to let web developers feature-detect the difference in behavior somehow. It would be useful to be able to detect it. But it's in no way cruical, we can just do

pointerLock vendor prefixes, shims and usability

2012-12-24 Thread Florian Bösch
The pointerlock API is currently prefixed with vendor prefixes. This is fine in principle since it is an experimental API that lacks consistency and consensus and that's what vendor prefixes are for. A vendor prefix should serve to inform a developer that he's using non-standard functionality

Re: pointerLock vendor prefixes, shims and usability

2012-12-24 Thread Florian Bösch
On Mon, Dec 24, 2012 at 9:31 PM, Boris Zbarsky bzbar...@mit.edu wrote: That's fixed as of 3 days ago in Firefox nightlies, for what it's worth. That's good to hear that more of this becomes shimable. Events already allocate a new object or ten, for what it's worth. -

Re: Pointer Lock status. Was: pointerLock vendor prefixes, shims and usability

2013-01-04 Thread Florian Bösch
I should note that I do have an application in the oven that could serve as a usecase study for non fullscreen pointerlock UX/issues (it uses pointerlock in different portions of its functionality to improve usability). It's currently not ready for release, but upon request I can arrange for a

File Save As

2013-01-05 Thread Florian Bösch
I'm currently working on an Application that requires to save and open files from a users computer with a selection dialog. Opening files works fine by creating an input type=file upon user interaction, listening to the change event, triggering a click and grabbing the file. Saving files does

Re: File Save As

2013-01-05 Thread Florian Bösch
On Sat, Jan 5, 2013 at 7:42 PM, Glenn Maynard gl...@zewt.org wrote: Note that for saving dynamically-generated content to disk, you probably want FileSaver rather than @download. With @download you have to put the whole file in a data: URL, which doesn't scale to larger files--you wouldn't

Re: File Save As

2013-01-05 Thread Florian Bösch
On Sun, Jan 6, 2013 at 1:33 AM, Boris Zbarsky bzbar...@mit.edu wrote: This, I agree is a problem. The semantic used by countless applications and which is an extremely well established UX pattern is: - First Save - Open Save As dialog - Subsequent Save - overwrite previous location - Any Save

Reading image bytes to a PNG in a typed array

2013-01-14 Thread Florian Bösch
Having a texture in WebGL and wanting to encode it into a typed array as PNG, I have found that the only way to do it is the following convoluted method. 1) Create canvas, set to desired size 2) Create 2D context 3) Create imageData object 4) Create a WebGL framebuffer object 5) Attach texture as

Re: Reading image bytes to a PNG in a typed array

2013-01-14 Thread Florian Bösch
14, 2013 at 1:46 PM, Anne van Kesteren ann...@annevk.nl wrote: On Mon, Jan 14, 2013 at 1:20 PM, Florian Bösch pya...@gmail.com wrote: Having a texture in WebGL and wanting to encode it into a typed array as PNG, I have found that the only way to do it is the following convoluted method

Re: Reading image bytes to a PNG in a typed array

2013-01-14 Thread Florian Bösch
On Mon, Jan 14, 2013 at 4:00 PM, Glenn Maynard gl...@zewt.org wrote: You want toBlob, not toDataURL. So how would I stick a blob into an arraybuffer?

Re: Reading image bytes to a PNG in a typed array

2013-01-16 Thread Florian Bösch
Perhaps we should think of a better scheme to export data than toFoo(). Maybe toData('url'), toData('arraybuffer') toData('blob') or perhaps toData(URL), toData(ArrayBuffer) or toData(Blob). I tend to think that if you're starting to write toA, toB, toC, toX methods on an object, you've not

Re: Reading image bytes to a PNG in a typed array

2013-01-16 Thread Florian Bösch
, Florian Bösch pya...@gmail.com wrote: Perhaps we should think of a better scheme to export data than toFoo(). Maybe toData('url'), toData('arraybuffer') toData('blob') or perhaps toData(URL), toData(ArrayBuffer) or toData(Blob). I tend to think that if you're starting to write toA, toB, toC

Re: Proposal: moving tests to GitHub

2013-01-22 Thread Florian Bösch
I think it's a good idea. The WebGL specification/tests moved to github which made contributing patches (as pull requests) a lot easier. On Tue, Jan 22, 2013 at 11:53 AM, Odin Hørthe Omdal odi...@opera.comwrote: Hi! We just had a small discussion on webapps-testsuite [1] about the

Re: Proposal: moving tests to GitHub

2013-01-23 Thread Florian Bösch
I can't guess how important the whole attribution thing is. I can however say that having a public repository on github makes it easier for drive-by contributors to contribute something. The traditional process captures almost none of these contributions. I can also tell that I (and probably most

Re: Reading image bytes to a PNG in a typed array

2013-01-27 Thread Florian Bösch
Less steps and it's now async as well. On Wed, Jan 16, 2013 at 8:02 AM, Florian Bösch pya...@gmail.com wrote: Whatever the eventual solution to this problem, it should be the user of the API driving the decision how to get the data. On Wed, Jan 16, 2013 at 4:56 PM, Kyle Huey m

Keyboard events for accessible RIAs and Games

2013-01-30 Thread Florian Bösch
I have written a blog post at length about this issue here: http://codeflow.org/entries/2013/jan/30/keyboard-events-in-javascript-are-broken/ In short the problem is the following: - RIAs (shortcut systems) and Games (shortcut systems and action systems) need to be able to identify each key

Re: Keyboard events for accessible RIAs and Games

2013-01-30 Thread Florian Bösch
) Editor's Draft at: https://dvcs.w3.org/hg/d4e/raw-file/tip/source_respec.htm I believe that it addresses all of your concerns but I'm interested in any comments that you might have. Thanks, -Gary On Wed, Jan 30, 2013 at 6:05 AM, Florian Bösch pya...@gmail.com wrote: I have written a blog post

Re: Keyboard events for accessible RIAs and Games

2013-01-30 Thread Florian Bösch
On Wed, Jan 30, 2013 at 8:20 PM, Wez w...@chromium.org wrote: Would a French user expect such a dialog to say Now press Ctrl+Shift+/+, though? I think that users expect shortcut mappers to show them the unmodified primary symbol of the key. For instance for a swiss guy the shortcut

Re: Keyboard events for accessible RIAs and Games

2013-01-30 Thread Florian Bösch
, unmodified) and then translate that to a localized display. A lot of shortcuts will make sense regardless of locality, but it's important for a user to figure out which shortcuts don't work for them by looking at the shortcut display. On Wed, Jan 30, 2013 at 8:37 PM, Florian Bösch pya

Re: Keyboard events for accessible RIAs and Games

2013-01-30 Thread Florian Bösch
On Wed, Jan 30, 2013 at 9:02 PM, Gary Kacmarcik (Кошмарчик) gary...@chromium.org wrote: Yes, trying to match the current (virtual) keycap was not a direct goal, but adding the 'code' attribute makes it possible (when combined with the current layout) to calculate a keycap value. I think that

Re: Keyboard events for accessible RIAs and Games

2013-01-30 Thread Florian Bösch
What/where would be a good place to put the API for say queryKeyCap(code) ? On Wed, Jan 30, 2013 at 9:38 PM, Florian Bösch pya...@gmail.com wrote: On Wed, Jan 30, 2013 at 9:02 PM, Gary Kacmarcik (Кошмарчик) gary...@chromium.org wrote: Yes, trying to match the current (virtual) keycap

Re: Re: Keyboard events for accessible RIAs and Games

2013-01-31 Thread Florian Bösch
Sounds fine to me, any objections to add it to the Event Level 4 spec? On Thu, Jan 31, 2013 at 11:46 AM, Hallvord Reiar Michaelsen Steen hallv...@opera.com wrote: What/where would be a good place to put the API for say queryKeyCap(code) ? Given that the implementation will have a

Allow ... centralized dialog up front

2013-01-31 Thread Florian Bösch
There is a problem confronting applications desiring to use a variety of APIs such as pointerlock, fullscreen, WebRTC, local storage and so on. The problem is that each instance of attempting to use such an API leads to a new Allow ... popup the user has to click away. By some discussion on the

Re: Re: Keyboard events for accessible RIAs and Games

2013-01-31 Thread Florian Bösch
with A) not doing accessible, localized, user friendly things or B) doing more user unfriendly things like popping allow ... dialogs all over. I have forked issue B in its own thread, hopefully so that neither A or B will be necessary. On Thu, Jan 31, 2013 at 11:57 AM, Florian Bösch pya...@gmail.com

Re: Allow ... centralized dialog up front

2013-02-01 Thread Florian Bösch
You suggest a bulk up front permission dialog doesn't work, whereas pinging the user at random intervals with a popup does? On Fri, Feb 1, 2013 at 10:12 AM, Anne van Kesteren ann...@annevk.nl wrote: On Thu, Jan 31, 2013 at 2:18 PM, Florian Bösch pya...@gmail.com wrote: I would propose

Re: Re: Allow ... centralized dialog up front

2013-02-01 Thread Florian Bösch
On Fri, Feb 1, 2013 at 12:30 PM, Charles McCathie Nevile cha...@yandex-team.ru wrote: That kind of bulk approach does not work. Users don't understand what's going on. That's what research shows. To be fair, we've generally presented the options in ways that are over-technical. This

Re: Allow ... centralized dialog up front

2013-02-01 Thread Florian Bösch
On Fri, Feb 1, 2013 at 12:56 PM, Arthur Barstow art.bars...@nokia.comwrote: Web Security Experience, Indicators and Trust: Scope and Use Cases http://www.w3.org/TR/2008/**NOTE-wsc-usecases-20080306/http://www.w3.org/TR/2008/NOTE-wsc-usecases-20080306/ Yeah, has anybody actually even read

Re: Allow ... centralized dialog up front

2013-02-01 Thread Florian Bösch
on). On Fri, Feb 1, 2013 at 12:59 PM, Florian Bösch pya...@gmail.com wrote: On Fri, Feb 1, 2013 at 12:56 PM, Arthur Barstow art.bars...@nokia.comwrote: Web Security Experience, Indicators and Trust: Scope and Use Cases http://www.w3.org/TR/2008/**NOTE-wsc-usecases-20080306/http://www.w3.org

Re: Allow ... centralized dialog up front

2013-02-01 Thread Florian Bösch
cha...@yandex-team.ru wrote: ** On Fri, 01 Feb 2013 12:59:35 +0100, Florian Bösch pya...@gmail.com wrote: On Fri, Feb 1, 2013 at 12:56 PM, Arthur Barstow art.bars...@nokia.comwrote: Web Security Experience, Indicators and Trust: Scope and Use Cases http://www.w3.org/TR/2008/NOTE-wsc

Re: Allow ... centralized dialog up front

2013-02-01 Thread Florian Bösch
More precedent http://kb.mit.edu/confluence/download/attachments/151094600/android-install.jpg On Fri, Feb 1, 2013 at 1:39 PM, Florian Bösch pya...@gmail.com wrote: The idea is to allow vendors to improve their UX (if they're so inclined) by allowing developers (if they're so inclined) to use

Re: Allow ... centralized dialog up front

2013-02-01 Thread Florian Bösch
On Fri, Feb 1, 2013 at 2:29 PM, Charles McCathie Nevile cha...@yandex-team.ru wrote: ** Right now vendors look at a page and can often heurisitically generate a permission request that is either consolidated, or depends on actual usage. A heuristic is fine but, it only goes so far. First of

Re: Allow ... centralized dialog up front

2013-02-01 Thread Florian Bösch
On Fri, Feb 1, 2013 at 3:02 PM, Adrienne Porter Felt adriennef...@gmail.com wrote: My user research on Android found that people have a hard time connecting upfront permission requests to the application feature that needs the permission. This meant that people have no real basis by which to

Re: Allow ... centralized dialog up front

2013-02-01 Thread Florian Bösch
permission to to either? I think not. Do we want to make him find that out after he's been entering our UI-flow and been pressing buttons 5 minutes later? I think not.) On Fri, Feb 1, 2013 at 3:22 PM, Charles McCathie Nevile cha...@yandex-team.ru wrote: ** On Fri, 01 Feb 2013 15:16:04 +0100, Florian

  1   2   3   >