Re: ANN: Default bug view for BMO changed today!

On 02/03/17 17:11, Byron Jones wrote: > set "Use absolute format instead of relative time when viewing a bug" Or if you just want to see it, mouse over and read the tooltip. Gerv ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists

Re: Better download security through browsers

On 24/03/17 17:12, Gregory Szorc wrote: > This got me thinking: why doesn't the user agent get involved to help > provide better download security? What my (not a web standard spec author) > brain came up with is standardized metadata in the HTML for the download > link (probably an ) that defines

Re: Ambient Light Sensor API

On 25/04/17 16:46, Eric Rescorla wrote: > This suggests that maybe we could just turn it off It would be sad to remove a capability from the web platform which native apps have. Surely we can avoid this problem without being so drastic? Is it right that one key use of this sensor is to see if the

Re: IDNA processing

On 12/05/17 08:46, Anne van Kesteren wrote: > For about five years I've been trying to figure out the IDNA algorithm > that a) browsers follow and b) browsers want to follow, but I've not > had much luck thus far getting folks to reply. E.g., > https://lists.w3.org/Archives/Public/www-archive/2017F

Re: IDNA processing

On 18/05/17 14:14, Anne van Kesteren wrote: > That's fairly non-specific, unless you really mean that you don't want > "A" lowercased. Well, yes, as you note, with UTS#46 or whatever it is. > I don't think it's that big, there's plenty of other things disallowed > that we should always be able to

Stylesheet wait timeout?

___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform

Re: Stylesheet wait timeout?

On 18/08/17 12:11, Gervase Markham wrote: Whereas what I meant to say was: Have we changed the timeout recently regarding how long Firefox waits for a stylesheet before rendering the page? In the past few weeks I've seen many more instances of a page loading unstyled, then re-laying

Re: Stylesheet wait timeout?

On 31/08/17 18:45, Chris Peterson wrote: > Gerv, do you have Stylo enabled? Even if you did not flip the pref > (layout.css.servo.enabled), you might be in the Stylo experiment for > Nightly users. Check about:support for "Stylo". about:support says "Stylo: true (enabled by default)". Gerv _

Re: Stylesheet wait timeout?

On 31/08/17 20:00, Michael Froman wrote: > I’ve seen this behavior too on OSX. I did a restart with all add-ons > disabled and could not reproduce. Restarted with all add-ons on, and > can reproduce. I narrowed it down to Ghostery. If I disable > Ghostery, it no long appears to happen for me.

Re: Stylesheet wait timeout?

On 31/08/17 19:08, Boris Zbarsky wrote: > The symptoms you observe sound like (A) is happening, possible from an > extension or our browser UI...  If you have a link to a specific url > that reproduces for you, especially in a clean profile, that would be > pretty useful.  This is usually pretty si

Re: Intent to remove Ambient Light and Proximity sensor APIs

On 17/12/17 15:29, Jonathan Kingston wrote: > I am suggesting the removal of both Ambient Light and Proximity Sensor APIs > via a preference so we can ensure there is no adverse impact to the web > with a quick mitigation if needed. Is it fair to say that after removal of the Proximity Sensor API,

Re: Intent to remove Ambient Light and Proximity sensor APIs

On 18/12/17 18:25, Tantek Çelik wrote: > Do you know of a specific (URL?) mobile-device-capable (which > device(s)?) WebRTC-based audio-calling webapp that works today? I > would be very interested in testing it out. appear.in, which supports both audio and video calling via WebRTC, works in Firef

Re: Intent to unship: navigator.registerContentHandler()

On 03/01/18 15:15, Jonathan Kingston wrote: > I am suggesting the removal of navigator.registerContentHandler > > API used to register a web page to handle content types. I'm sure unshipping it is the right thing t

Re: Password autofilling

On 01/01/18 20:08, Jonathan Kingston wrote: > A recent research post[1] have highlighted the need for Firefox to disable > autofilling of credentials. The research post suggests web trackers are > using autofilling to track users around the web. Autofill is restricted to same-domain (roughly) so h

Re: Intent to Implement: canvas-imagedata permission

On 10/01/18 18:40, Tom Ritter wrote: > This proposal is that. Add a permission 'canvas-imagedata' that will > return 'granted' when Resist Fingerprinting mode is disabled, and > 'prompt' when RP is enabled and appropriate. As this is basically a "is RF turned on?" flag, why not just call it that?

Re: Proposed W3C Charters: Web Platform and Timed Media Working Groups

On 09/08/15 19:59, L. David Baron wrote: > The Timed Media WG splits some of the media work that was happening > in HTML (MSE, EME) into a separate group. Do we see a risk here that this group will become captured by the promoters of DRM, more than was possible when it was done in the HTML WG? Ge

Re: Web API equivalent of nsIEffectiveTLDService / publicsuffix.org database?

On 09/08/15 10:51, Anne van Kesteren wrote: > There is https://www.w3.org/Bugs/Public/show_bug.cgi?id=25865 which is > about more formally defining eTLDs and perhaps even exposing an API. > However, it's unclear whether exposing an API is a good thing. eTLDs > are used for cookies, storage boundari

Re: Web API equivalent of nsIEffectiveTLDService / publicsuffix.org database?

On 09/08/15 03:10, Andrew Sutherland wrote: > On 08/08/2015 10:00 PM, Andrew Sutherland wrote: >> Are there any plans to surface the contents of >> https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDService >> from https://publicsuffix.org/ via a web-faci

Re: Web API equivalent of nsIEffectiveTLDService / publicsuffix.org database?

On 10/08/15 08:22, Tim Guan-tin Chien wrote: > The list "... changes a few times per month" [1]. What's the > consequence of using an outdated list in the app? It depends very much on what you are using the list for, and what changes your copy doesn't have. If you were using the list for setting

Re: Changes in chrome JS code due to ES6 global lexical scope

On 17/09/15 19:59, Shu-yu Guo wrote: > ​Because ​until now, our global 'let' semantics have been identical to > those of 'var', I have already landed a patch that mass replaces global > 'let' with 'var' as part of bug 1202902. I think someone should make you a "var is the new let" t-shirt... Gerv

Re: Intent to ship: WebVR

On 26/10/15 19:19, Kearwood "Kip" Gilbert wrote: > As of Oct 29, 2015 I intend to turn WebVR on by default for all > platforms. It has been developed behind the dom.vr.enabled preference. > A compatible API has been implemented (but not yet shipped) in Chromium > and Blink. At one point, integrat

Re: Intent to ship: WebVR

On 29/10/15 17:07, vladi...@mozilla.com wrote: >> At one point, integrating with available hardware required us to use >> proprietary code. Is shipping proprietary code in Firefox any part of >> this plan, or not? > > No. Awesome! :-) Gerv ___ dev-pl

Re: Fido U2F, two-factor authentication support

On 18/11/15 19:26, phow...@ccvschools.com wrote: > This is definitely an important feature, but I'm not holding my > breath. I have had a lot of experience with Mozilla over the years > and I really doubt anything will materialize in the near future. Feeling particularly entitled today, are we?

Re: Dan Stillman's concerns about Extension Signing

On 26/11/15 17:13, Mike Hoye wrote: > Stillman wrote some new code and put it through a process meant to catch > problems in old code, and it passed. That's unfortunate, but does it > really surprise anyone that security is an evolving process? That it > might be be full of hard tradeoffs? There is

Re: Dan Stillman's concerns about Extension Signing

On 27/11/15 15:50, Gavin Sharp wrote: > No, that's not right. There's an important distinction between > "finding malicious JS code" and "finding _all_ malicious JS code". The > latter is impossible, but the former isn't. > > Proving "the validator won't catch everything" isn't particularly > rele

Re: Bug Program Next Steps

On 30/01/16 00:45, Emma Humphries wrote: > This is a terminal state for a NEW bug. We acknowledge the bug exists, it > affects people, but it is not important enough to warrant working on it. > The team will review and accept patches from the community for this bug > report. Without wanting to pil

Re: APNG and Accept-Encoding

On 18/02/16 07:45, Jeff Muizelaar wrote: > Is there a response to the criticism of Accept outlined here: > https://wiki.whatwg.org/wiki/Why_not_conneg#Negotiating_by_format As Guardian of the Accept Header, that would be my question too. Using Accept to detect APNG support will never be reliable

Re: APNG and Accept-Encoding

On 21/02/16 14:30, maxste...@gmail.com wrote: > Here's interesting live example, this website provides lots of > animated cursors to download, and they show them online as APNGs in > Firefox and Safari, and as GIFs in other browsers. Cursor's ANI > format is 32bit and animated, but it's not support

Re: APNG and Accept-Encoding

On 22/02/16 14:58, Xidorn Quan wrote: > But older Firefoxes go away fairly quickly, so I wouldn't consider > this as a valid reason blocking us moving forward. I'm not sure that's as true as we'd like it to be :-| Gerv ___ dev-platform mailing list dev

Re: Are we in favour of implementing the client hints header?

On 08/03/16 06:22, Andrew Overholt wrote: > Implement Client-Hints HTTP header > https://bugzilla.mozilla.org/show_bug.cgi?id=935216 Well, we are in favour of adaptive content, progressive enhancement, responsive images in HTML, and feature detection. The question is whether we think that these t

Re: Triage Plan for Firefox Components

On 01/04/16 15:51, Mike Hommey wrote: > Bug status is currently, IMHO, completely misused and thus useless: > - people with editbug capability file as NEW by default. Why should a bug > I file in a component I'm not working on (because I noticed a bug > in Firefox) be NEW? > - there is a long t

Re: Triage Plan for Firefox Components

On 12/04/16 21:01, Mark Côté wrote: > Meant to reply to this earlier... BMO has a User Story field that sounds > like it does exactly what you want. It's an editable field that keeps > history (admittedly not in an easy-to-read way, but that could be > improved). Despite the name of the field, I'

Re: Owner for Commit Access Policy

On 04/08/16 06:06, Gregory Szorc wrote: > I'm going to say something that might be a bit contentious: I think a > single commit access policy for all of Mozilla reflects the needs of > Mozilla from several years ago, not the needs of Mozilla today. The world > has changed. Mozilla has changed. The

Re: Owner for Commit Access Policy

On 04/08/16 16:22, Hal Wine wrote: > On Thu, Aug 4, 2016 at 1:48 AM, Gervase Markham <mailto:g...@mozilla.org>> wrote: > > I had a few abortive goes at this a few years ago; it's an enormous > effort to get everyone on the same bandwagon, and just lead

Re: Report your development frustrations via `mach rage`

On 09/08/16 08:57, Chris Mills wrote: > mach issue > mach complain > mach complaint > mach feedback? (does it have to be negative, necessarily?) mach itbetter ? mach animprovement ? :-) Gerv ___ dev-platform mailing list dev-platform@lists.mozilla.or

Re: Want to learn TLS certificate verification best practices

Hi Ben, This question might be better off in mozilla.dev.tech.crypto. On 30/09/16 23:00, Ben Cottrell wrote: > I'm working on an (unfortunately closed-source) project that needs > to closely approximate the behavior of an actual web browser, in > the limited scope of making HTTPS connections and

Re: Windows XP and Vista Long Term Support Plan

On 22/10/16 10:16, keithgallis...@gmail.com wrote: > My concern is that by killing digital certificate updates and TLS > updates, still in use machines whose main purpose is Internet access > are essentially bricked. This is a feature, not a bug. If those machines shouldn't be on the Internet, and

Re: Intent to restrict to secure contexts: navigator.geolocation

On 22/10/16 18:12, Ehsan Akhgari wrote: > Have we considered doing something here to help the user when we block > this API? For example, we could check to see whether the site has a TLS > version If there were a reliable way to do this, HTTPS Everywhere would be a whole lot easier to write and

Re: Intent to restrict to secure contexts: navigator.geolocation

On 22/10/16 18:12, Ehsan Akhgari wrote: > Have we considered doing something here to help the user when we block > this API? For example, we could check to see whether the site has a TLS > version If there were a reliable way to do this, HTTPS Everywhere would be a whole lot easier to write and

Re: Intent to restrict to secure contexts: navigator.geolocation

On 24/10/16 21:12, Ehsan Akhgari wrote: > I suppose we can use the HTTPS Everywhere ruleset for this purpose, > assuming it's something we can (and want to) ship? Shipping this seems like a heavyweight way to deal with the deprecation of the geolocation permission. If we want to implement HTTPS Ev

Re: Windows XP and Vista Long Term Support Plan

On 24/10/16 18:44, Eric Rescorla wrote: > This seems to assume facts not in evidence, namely that people will stop > using those > machines rather than just living with whatever the last version we updated > them to. I think you've misread what I said. I said that if it turns out that (for example

Re: RSSOwl

Hi Jonathan, On 22/11/16 08:30, Jonathan Moore wrote: > I was wondering if the RSSOwl feed reader could become part of the > Mozilla foundation? > Anyone have any thoughts? Well, Mozilla very rarely adopts projects started outside itself in this way. Perhaps Rust is the only example I can think o

Re: Intent to ship: NetworkInformation

On 15/12/16 14:20, Daniel Stenberg wrote: > Looking at that collection of existing user, basically all of them want > the user to anser this question: > > "Use expensive traffic (y/n)" And this should be an OS-level switch which the browser and other apps both respect and reflect. Doesn't Androi

Re: Intent to ship: NetworkInformation

On 16/12/16 20:25, Jason Duell wrote: > So a switch that toggles the "network is expensive" bit, plus turns off > browser updates, phishing list fetches, etc? I can see how this would be > nice for power users on a tethered cell phone network. One issue would be > to make sure users don't forget

Re: Async scrollbar dragging enabled on Nightly

On 19/12/16 19:16, Botond Ballo wrote: > The third one, bug 1251617, is that a quick drag on a long page > results in checkerboarding. Why do we paint a checkerboard rather than the default single background colour of the page? Checkerboarding makes it really clear Firefox can't keep up. The bac

Re: What are your use cases for the Touch Bar on the new MacBook Pro?

On 03/01/17 17:17, Stephen A Pohl wrote: > We are gathering ideas for possible use cases of the Touch Bar on the > new MacBookPro and would like to hear from you! What would improve your > workflow? What would help our users? When the developer tools are open, change the Touch Bar to give quick ac

Re: Supporting the Windows Certificate Store

On 05/03/13 23:54, cpmf2...@gmail.com wrote: > I read the articles for certutil and I have to ask, "what idiot came > up with that as the only method???" Seriously, not being able to do > it easily through Group Policy or some other centralized method is a > GIGANTIC FAIL. If you want enterprises t

Re: End of life for tinderbox.mozilla.org

On 03/04/13 15:32, Ed Morley wrote: > Agreed - TBPL's successor is going to be called something other than > TBPL2 (name chosen so far is treeherder). Surely then it should be called "Ent"? :-) Gerv ___ dev-platform mailing list dev-platform@lists.mozi

Re: Preparing for the next windows PGO build memory exhaustion

On 16/04/13 12:27, Mike Hommey wrote: > I doubt we can get a satisfactory response from MS before things blow > out (if at all) But if we'd asked them last time, we might have one by now. And if we don't ask them this time, then we'll get to next time and still not have one. :-) Gerv __

Re: Some data on mozilla-inbound

On 23/04/13 10:17, Ed Morley wrote: > Given that local machine time scales linearly with the rate at which we > hire devs (unlike our automation capacity), I think we need to work out > why (some) people aren't doing things like compiling locally and running > their team's directory of tests before

Re: Storage in Gecko

On 06/05/13 20:12, David Dahl wrote: > That is unfortunate. The Kyoto-* tools are FAST and easy to use. I > wonder if the author would be willing to issue Mozilla a license that > is compatible with MPL? That would be the functional equivalent of relicensing under the MPL, which is a weaker copyle

Re: Replacing Gecko's URL parser

On 04/07/13 17:22, Anne van Kesteren wrote: > On Thu, Jul 4, 2013 at 5:17 PM, Kyle Huey wrote: >> Presumably we could have a blacklist of the handful of protocols that are >> internal to browsers and have compat issues. "It violates the standard" >> isn't a very compelling argument when the stand

Re: We should drop MathML

On 04/06/13 23:30, Jonas Sicking wrote: > It would be cool to find a solution that makes the simple things > simpler than MathML, while keeping the complicated things possible. Isn't the answer to that sort of question normally something like: a mini-language for simple math, plus a JS library you

Re: Sandboxed, off-screen pages for thumbnail capture

On 17/06/13 21:48, Drew Willcoxon wrote: > Toolkit already has a thumbnail module, [PageThumbs], but it can only > capture thumbnails of open content windows, same as they appear to > the user. Windows may contain sensitive data that should not be > recorded in an image, however, like bank account

Re: Sandboxed, off-screen pages for thumbnail capture

On 26/06/13 08:45, Mark Hammond wrote: > There is evidence users find this troubling - eg, bug 762610 reports > that a couple of users wrote to the mozilla webmaster about this. While > it may just be a perception, it seems a perception worth managing. And > even if someone can't read the exact b

Re: review stop-energy (was 24hour review)

On 09/07/13 21:29, Chris Peterson wrote: > I've seen people change their Bugzilla name to include a comment about > being on PTO. We should promote this practice. We could also add a > Bugzilla feature (just a simple check box or a PTO date range) that > appends some vacation message to your Bugzil

Re: review stop-energy (was 24hour review)

On 10/07/13 23:14, Taras Glek wrote: > I tried to capture feedback from this thread in > https://wiki.mozilla.org/Code_Review I just did a pass over that page to highlight the key points. Gerv ___ dev-platform mailing list dev-platform@lists.mozilla.or

Re: review stop-energy (was 24hour review)

On 10/07/13 15:09, Boris Zbarsky wrote: > And communicated via bzapi so bzexport can also warn. BzAPI could add a flag based on a parsing of the name - but then, if there was an accurate algorithm for parsing a name to extract absence information, bzexport could use it directly. Perhaps we could

Generic data update service?

We keep hitting cases where we would like Firefoxes in the field to have some data updated using a process which is much lighter in expended effort than shipping a security release. Here are some examples of the data Firefox stores that I know of which might benefit from this: - The Public Suffix

Re: [webdev] Generic data update service?

On 12/07/13 18:20, Benjamin Smedberg wrote: > I think the general concept of making more of our "lists" be dynamic is > sound, but I'm very skeptical of the technical solution that you appear > to be outlining. The technical solution was 3 minutes on the back of an envelope. Feel free to tear it a

Re: review stop-energy (was 24hour review)

On 11/07/13 14:24, Boris Zbarsky wrote: > On 7/11/13 7:59 AM, Gervase Markham wrote: >> Hey, if we had a PTO app that tracked all absences, we could integrate >> with it... >> > > Just in case you were talking about the moco PTO app, it doesn't track > absenc

Re: Generic data update service?

On 12/07/13 21:12, Nicholas Nethercote wrote: > Would such an update increment the version number? I suspect you'd > want to be able to easily determine if an update has been applied, and > having to distinguish e.g. "Firefox 30 without update 1" vs. "Firefox > 30 with update 1" could be annoying

Re: Generic data update service?

On 13/07/13 00:36, Clint Talbert wrote: > This is all good stuff, and I want to support us being nimble. We also > need to balance that against security and quality in our builds. We go > through the release process for a reason, and we exert the energy to QA > these builds and ensure we can update

Re: Generic data update service?

On 15/07/13 14:57, Benjamin Smedberg wrote: > Or it means that we need to be willing to issue dot-releases to update > these items. We're pretty nimble with the desktop release cycle already. > We should definitely measure this tradeoff before doing a bunch of > engineering on this. As I understand

Re: new root certs

On 15/07/13 17:56, emada.ad...@gmail.com wrote: > How can i add a new root cert to xulrunner from the command line in linux? Ask in mozilla.dev.tech.crypto. Gerv ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/lis

Re: On indirect feedback

On 05/08/13 14:53, Bas Schouten wrote: > Although I agree fully that by far the best way of offering feedback > is by talking to that person directly. I do think we have to face the > fact that at this point in time a significant amount of people find > it very hard to speak to people directly abou

Re: Intent to implement: NavigationController

On 08/08/13 23:52, Ehsan Akhgari wrote: > I think you forgot the bug number. :-) Ehsan: any chance you could trim your responses? I had to page-down 9 times in my mail client just to read this one line... Thanks :-) Gerv ___ dev-platform mailing list

Re: Detection of unlabeled UTF-8

On 29/08/13 19:41, Zack Weinberg wrote: > All the discussion of fallback character encodings has reminded me of an > issue I've been meaning to bring up for some time: As a user of the > en-US localization, nowadays the overwhelmingly most common situation > where I see mojibake is when a site puts

Re: Detection of unlabeled UTF-8

On 06/09/13 16:17, Adam Roach wrote: > To the first point: the increase in complexity is fairly minimal for a > substantial gain in usability. Absent hard statistics, I suspect we will > disagree about how "fringe" this particular exception is. Suffice it to > say that I have personally encountered

What platform features can we kill?

Attack surface reduction works: http://blog.gerv.net/2013/10/attack-surface-reduction-works/ Removing E4X broke the NSA's "EGOTISTICALGOAT" attack - a type confusion vulnerability in E4X. In the spirit of learning from this, what's next on the chopping block? A quick survey of the security-group

Re: What platform features can we kill?

On 10/10/13 00:28, Philipp Kewisch wrote: > So you are saying, we should start removing features that could decrease > the attack surface? ...and that we don't need. What I'm saying is: perhaps feature-ectomies (and driving the web or our code to a position where we can make them) may be higher p

Re: Cost of ICU data

On 15/10/13 17:06, Benjamin Smedberg wrote: > With the landing of bug 853301, we are now shipping ICU in desktop > Firefox builds. This costs us about 10% in both download and on-disk > footprint: see https://bugzilla.mozilla.org/show_bug.cgi?id=853301#c2. > After a discussion with Waldo, I'm going

Re: Cost of ICU data

On 16/10/13 14:47, Anne van Kesteren wrote: > The API is synchronous so that seems like a bad idea. As in, it'll cause the tab to freeze (one time only, when a new language is called for) while the file is downloading? OK, that's bad, but so is having Firefox be a lot bigger... Perhaps, as Brian

Re: Cost of ICU data

On 16/10/13 16:02, Axel Hecht wrote: > We'll need to go down a path that works for Firefox OS. With Firefox OS, we don't have the download-size issue, do we? So we can ship all the data. Gerv ___ dev-platform mailing list dev-platform@lists.mozilla.org

Re: Is there any reason not to shut down bonsai?

On 21/11/13 21:12, Laura Thomson wrote: > bonsai is old code, and written in very old-fashioned perl. As such, > security bugs are frequently filed against it, and it's very hard to > find people who are willing and able to fix them. If you are willing > and able, let me know: I can hook you up wit

Re: On closing old bugs

On 27/11/13 07:36, Gabriele Svelto wrote: > I'm always tempted to close the former as duplicates of the actual fix > and the latter as WONTFIX so that they won't show up on the following > searches but I'm also afraid that closing a bug several years old is > akin to thread necromancy [1]. Validly

Re: Should we disable "autoplay" feature of HTMLMediaElement on mobile?

On 08/12/13 12:28, Tetsuharu OHZEKI wrote: > On today's web, there are many "interactive" web sites which play > sounds when open them. I suspect this is somewhat dependent on your culture and environment; it's not a problem on the set of websites I visit :-) > Some of them are not controlled by

Re: Mozilla style guide issues, from a JS point of view

On 07/01/14 00:46, Jeff Walden wrote: > JS widely uses 99ch line lengths (allows a line-wrap character in > 100ch terminals). Given C++ symbol names, especially with templates, > get pretty long, it's a huge loss to revert to 80ch because of how > much has to wrap. Is there a reason Mozilla could

Re: Mozilla style guide issues, from a JS point of view

On 07/01/14 22:26, Jeff Walden wrote: > which was unreadable. You simply can't easily skim and see where the body > starts and where the condition ends, even with braces. We shoved the opening > brace to its own line: > > if (somethingHere() && > somethingElse()) > { > doSomething(); >

Re: Including Adobe CMaps

On 26/02/14 20:21, Jonathan Kew wrote: >> Lets turn this question around. If we had an on-demand way to load >> stuff like this, what else would we want to load on demand? > > A few examples: > > Spell-checking dictionaries > Hyphenation tables > Fonts for additional scripts If this came with an

Re: Including Adobe CMaps

On 28/02/14 12:37, Jonathan Kew wrote: > Presumably we always want the complete PSL available. So it really > should be part of the base product, not a [try-to-]load-on-demand resource. I was proposing it be part of the base product, but updated on demand. > Isn't it sufficient to update that wit

Re: Spring cleaning: Reducing Number & Footprint of HG Repos

On 27/03/14 00:53, Taras Glek wrote: *User Repos* TLDR: I would like to make user repos read-only by April 30th. We should archive them by May 31st. I think that if you truly intend to go ahead with this, the news will need way, way wider circulation than mozilla.dev.platform. I have some use

Re: Oculus VR support & somehwat-non-free code in the tree

On 15/04/14 06:21, Nick Alexander wrote: > Can somebody save me some license reading and explain what the existing > framework around shipping libovr is? Is it explicitly allowed? > Explicitly dis-allowed? If I read gerv's post [1] correctly, it is > allowed, but it's hard to distinguish gerv's o

Re: Oculus VR support & somehwat-non-free code in the tree

On 14/04/14 23:41, Vladimir Vukicevic wrote: > I'd like to get this checked in so that we can either have it enabled > by default in nightlies (and nightlies only), or at least allow it > enabled via a pref. However, there's one issue -- the LibOVR library > has a not-fully-free-software license [

Re: Oculus VR support & somehwat-non-free code in the tree

On 17/04/14 05:55, Vladimir Vukicevic wrote: > Already in the works. :) Awesome :-) > The good news is that with the preview release of the latest SDK, > they added a C API that does everything that we need. So this might > become a moot point; we can dlopen/dlsym our way to victory, and I'm > a

Test message: trying to deal with supp...@lativio.com autoresponder spam

Apologies for the inconvenience. People who post here are getting autoresponder spam indirectly from supp...@lativio.com. I'm trying to write STRs so the admin at that site can work out how this is happening. Gerv ___ dev-platform mailing list dev-platfo

Re: Intent to implement: WebGL 2.0

On 08/05/14 12:56, Benoit Jacob wrote: > (*plug*) this might be useful reading: > https://hacks.mozilla.org/2013/04/the-concepts-of-webgl/ Comedy. I just read that article, and thought "this article is awesomely useful." I then looked at the comments, and it turned out that the first comment is fr

Re: Intent to Implement: Encrypted Media Extensions

On 27/05/14 19:44, Chris Pearce wrote: > Encrypted Media Extensions specifies a JavaScript interface for > interacting with plugins that can be used to facilitate playback of DRM > protected media content. We will also be implementing the plugin > interface itself. We will be working in partnership

Re: B2G, email, and SSL/TLS certificate exceptions for invalid certificates

On 29/05/14 07:01, Mike Hoye wrote: > It's become clear in the last few months that the overwhelmingly most > frequent users of MITM attacks are state actors with privileged network > positions either obtaining or coercing keys from CAs, I don't think that's clear at all. Citation needed. I think

Re: B2G, email, and SSL/TLS certificate exceptions for invalid certificates

On 28/05/14 17:49, Joshua Cranmer 🐧 wrote: > * Insufficiently secure certificate (e.g., certificates that violate > CA/Browser Forum rules or the like. I don't know if we actually consider > this a failure right now, but it's a reasonable distinct failure class > IMHO) We would refuse e.g. a cert

Re: B2G, email, and SSL/TLS certificate exceptions for invalid certificates

On 30/05/14 18:53, Joshua Cranmer 🐧 wrote: >> Forgive me, but that sounds like "I'm going to propose a solution with >> one glaring flaw that has always sunk it in the past, and then gloss >> over that flaw by saying 'I don't have the security experience - someone >> else fix it'." > > Actually, t

Re: Intent to implement: webserial api

On 13/07/14 18:35, tzi...@gmail.com wrote: > Jonas, I would be really interested in your thoughts. Try as we might > (in the WebSerial API docs, at least), noone could actually think of > a use case where providing access to a physical (RS232), or Virtual > (VirtualUSB or VirtualBluetooth) serial p

Re: Intent to support apple-touch-icon with Browser API

On 28/07/14 17:12, Dale Harvey wrote: > We specifically chose a User Agent to something compatible with our Android > release to get more compatible websites, despite the "standard" way would > be to not do browser sniffing. I'm not quite sure what you mean here. Who is "we" in that sentence? The

Re: http-schemed URLs and HTTP/2 over unauthenticated TLS

On 15/09/14 16:34, Anne van Kesteren wrote: > It seems very bad if those kind of devices won't use authenticated > connections in the end. Which makes me wonder, is there some activity > at Mozilla for looking into an alternative to the CA model? What makes you think that switching away from the C

Re: Intent to implement: WOFF2 webfont format

On 07/10/14 14:53, Patrick McManus wrote: > content format negotiation is what accept is meant to do. Protocol level > negotiation also allows designated intermediaries to potentially transcode > between formats. Do you know of any software which transcodes font formats on the fly as they move ac

Re: Intent to implement: WOFF2 webfont format

On 08/10/14 15:44, Patrick McManus wrote: > I'm not aware of font negotiation - but negotiation is most useful when > introducing new types (such as woff2). The google compression proxy already > does exactly that for images and people are successfully using the AWS > cloudfront proxy in environmen

Re: Moratorium on new XUL features

On 15/10/14 14:24, Boris Zbarsky wrote: > I haven't thought much about #3; it's somewhat in its own little world > and has no web tech equivalent. Although glazou did propose one a decade ago: http://disruptive-innovations.com/zoo/20040830/HTMLoverlays.html Gerv _

Re: http-schemed URLs and HTTP/2 over unauthenticated TLS

On 18/11/14 04:03, voracity wrote: > The issue isn't that people are cheapskates, and will lose 'a few > dollars'. The issue is that transaction costs > can be crippling. https://letsencrypt.org/ . Gerv __

Re: landing soon: core APIs for VR

On 19/11/14 17:15, Vladimir Vukicevic wrote: > - Figure out how to ship/package/download/etc. the Oculus runtime > pieces. The last discussions on these were that you were planning to approach Oculus to enquire about getting them under an open source license. How did that go? If that's not going

Re: HTTP/2 and User-Agent strings?

On 27/01/15 09:16, Chris Peterson wrote: > btw, here is the "spartan" User-Agent string for Microsoft's new Spartan > browser: > > Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like > Gecko) Chrome/39.0.2171.71 Safari/537.36 Edge/12.0 Really? http://www.nczonline.net/blog/2013/0

  1   2   >