I spent yesterday afternoon playing around with a lot of the most-popular iOS camera apps. Most of the special effects applied to previews are extremely simple: they change the contrast, blur everything but the center, shade everything but the center, etc. It would be pretty simple to write these effects as shaders that are handed over to a trusted preview window.
And, as Zack suggested, the odd corner cases can be handled by requesting the user's authorization to go into video-recording mode. On Tue, Apr 17, 2012 at 8:31 PM, Zack Weinberg <[email protected]> wrote: > On 2012-04-14 9:57 PM, Lucas Adamski wrote: > >> On Apr 13, 2012, at 8:20 PM, Zack Weinberg wrote: >> >> On 2012-04-13 6:37 PM, Adrienne Porter Felt wrote: >>> >>>> I'm trying to brainstorm a new way to fit trusted UI into the >>>> user's normal flow that would enable preview modification, >>>> without throwing up a standard dialog. If anyone buys my case >>>> that we need such a thing, suggestions for how to get around the >>>> preview problem would be awesome. :) >>>> >>> >>> The API could let the app apply arbitrary WebGL operations to the >>> feed from the camera, but not allow the result to go anywhere but >>> the screen until the user hits the button. >>> >> >> I won't pretend to know WebGL enough to understand its full >> capabilities, but is it feasible to apply such effects to images >> without being able to read the data? >> > > Shader programs are Turing-complete and run in a sandbox with exactly the > security properties we need here. I'm pretty sure all of the examples you > gave can be done under the constraint I described. > > I do know a use case that won't fit into this paradigm: Photosynth ( > http://itunes.apple.com/us/**app/photosynth/id430065256?mt=**8<http://itunes.apple.com/us/app/photosynth/id430065256?mt=8>) > lets you construct a panoramic image simply by waving your phone around. > It automatically positions photos on a virtual sphere based on orientation > sensor data plus image analysis, and automatically takes photos to fill in > gaps. The image analysis here could (in principle) be done in a shader, > but taking additional photos at appropriate times based on the analysis > can't. > > But we have an alternative ready-to-hand, without falling back to > permissions dialogs: video recording mode. If > WebGL-preview-until-user-**authorizes-still > isn't good enough, ask for permission to record video; that gives access to > the raw video stream (until the user presses the button again) and an API > to take stills whenever you want. > > > zw > ______________________________**_________________ > dev-security mailing list > [email protected] > https://lists.mozilla.org/**listinfo/dev-security<https://lists.mozilla.org/listinfo/dev-security> > _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
