PWA Support

PWAs: https://blog.excalidraw.com/deprecating-excalidraw-electron/. Can we at least keep SSB for now? I might look into fixing some of the bugs, but that is of course not a sustainable solution. Best, Tom ___ dev-platform mailing list dev-platform

Intent to Remove: Fuzzyfox

oarse would cause expected slowness, but 250 ought to be a usable number, ideally 1000.) This work will be done in https://bugzilla.mozilla.org/show_bug.cgi?id=1666222 -tom [0] https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/kohlbrenner [1]

Re: Intent to ship: Implement :-moz-any() as an alias of :is()

I imagine there's a good reason; but I'm curious: why do we want to keep this legacy, prefixed pseudo-class and not just use is()? -tom On Sat, Sep 19, 2020 at 3:36 PM Emilio Cobos Álvarez wrote: > > Summary: Implement the legacy :-moz-any selector as an alias of :is(). >

Re: New Bugzilla component for keeping comm-central in sync with mozilla-central

ied across? Some hybrid? I like Thunderbird, and I'd like to make things easier on you, but truthfully I know very little about how Thunderbird is made relative to my work on Firefox (and I couldn't find a document online). -tom On Tue, Jul 7, 2020 at 3:45 AM Geoff Lankow wrote: >

Re: Intent to change default try selector from `syntax` to `auto` (ACTION NEEDED for try syntax users)

Thank you for continuing to keep try syntax working. I know I'm holding back progress by not spending the time to figure out how to convert `./mach try -b do -p win32-mingwclang,win64-mingwclang -u all -t none` to fuzzy (maybe it's something like `./mach try fuzzy "'mingwclan

Re: Shutting down legacy Taskcluster deployment

be difficult. While taskcluster specifiesthe toolchain configuration, I think changes to TC infrastructure mean that old trees do not easily run there. (I think worker-types disappear for example.) And locally, your toolchain can be too new to build an old version of Firefox - I've h

Re: Firefox Security Newsletter - 2020 Q1

On Mon, May 4, 2020 at 10:45 AM Frederik Braun wrote: > To help leak data and metadata about security vulnerabilities, Tom has > implemented a hook for hg.mozilla.org that disallows pushing patches for > security bugs to Continuous Integration. Just to correct this credit; I had resta

Re: Intent to unship: window.external.AddSearchProvider

t for adding custom search engines! Not even talking about probably every other Chrome based browser on Desktop. This is seriously a missing piece of customization in Firefox. Best, Tom On Thu, Apr 23, 2020 at 12:43 PM Mark Banner wrote: > > As of Firefox 78, I inten

Re: ChromeUtils.addProfilerMarker - new API to add profiler markers from JS code

this timing behavior from taking effect; but it would be worth confirming and documenting I think. -tom On Tue, Apr 7, 2020 at 8:22 AM Florian Quèze wrote: > > I recently landed a new scriptable API to add profiler markers: > ChromeUtils.addProfilerMarker. > This makes it possible

Intent to ship: Atomics and SharedArrayBuffer objects (limited to a single thread)

://bugzilla.mozilla.org/show_bug.cgi?id=1599496 Thanks, Tom ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform

Re: Land your tests for now-public security bugs

s. (I'm also open to anyone beating me to the implementation!) -tom ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform

Re: Intent to ship: Autodiscovery of WebExtension search engines

I would also like to mirror the previous comments: Why do we need to expose this new non-standard feature to the web? Can't we just transform OpenSearch XML internally to the new WebExtension format? On Wed, Feb 26, 2020 at 1:17 PM Henri Sivonen wrote: > > On Tue, Feb 25, 2020 at 10:04 PM Dale Ha

Security Severity Changes

uld you consider re-rating this security bug?" and raise concerns like "This is a sec-high but it involves months of work and we won't be able to get it done in a timely manner." -tom ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform

Re: happy bmo push day!

I'd also like to call attention to one of the fixes. Previously, linked (depends/blocks/regressions) security bugs would be visible in the sense that you could tell a security bug was linked to something but not see the bug. And in many cases this caused people to avoid linking bugs to avoid disc

Re: Intent to implement: AVIF (AV1 Image Format) support

We sandboxed av1 into its own process for security concerns. Presumably this is using the same or a similar library; so do we have plans for mitigating the same concern before rolling out to users? -tom On Wed, Jan 15, 2020 at 6:28 PM Jon Bauman wrote: > > AVIF is an image format based

Intent to unship: JavaScript toSource and uneval

those uses as soon as possible. Those methods were never standardized an no other browser ever supported them. Tom ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform

Re: [IMPORTANT] Submit your PI Requests and technical documentation for Firefox 73 QA feature testing by Dec 13

Hi, This is a reminder that the deadline for PI Requests and technical documentation for Firefox 73 is this Friday, December 13th. Please log your PI Request tickets as soon as possible, and provide the required technical docs. Thank you, Tom On Wed, Dec 4, 2019 at 6:59 PM Tom Grabowski wrote

Re: Intent to Implement and Ship: Make MOZ_QUIET the default, require opt-in for DOMWINDOW/DOCSHELL logs

This landed in https://hg.mozilla.org/mozilla-central/rev/724d7b936078 To replicate the prior output, use MOZ_LOG="DocShellAndDOMWindowLeak:3" Because it now includes the MOZ_LOG prefix, any custom scripts you had to parse the output will need to be updated. -tom On Fri, Nov 8, 2019

Re: intent to unship: HPKP (dynamic key pinning)

Will non-mozilla websites be eligible to be added into our preload list, or is it restricted to our own properties? On Sun, Nov 17, 2019, 8:17 PM Dana Keeler wrote: > The breadth of the web public key infrastructure (PKI) is both an asset > and a risk. Websites have a wide range of certificate a

Intent to Implement and Ship: Make MOZ_QUIET the default, require opt-in for DOMWINDOW/DOCSHELL logs

efore I finish the requested changes in phabricator to give folks an opportunity to raise objections; I hope to land it mid/late next week. -tom ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform

Re: [IMPORTANT] Submit your PI Requests for Firefox 72 QA feature testing by Nov 1

Just a quick reminder that the deadline for Fx72 Pi Requests is *today*. Please submit your requests as soon as possible. On Tue, Oct 29, 2019 at 11:20 PM Tom Grabowski wrote: > PI team has made the criteria for feature inclusion in release scope > <https://docs.google.com/document/

Proposal: Replace NS_ASSERTION with MOZ_ASSERT and then remove it.

I will claim that the most common behavior of developers is to leave XPCOM_DEBUG_BREAK alone and not set it to any particular value. I bet most people haven't even heard of this or know what it does. With that env var unset, in Debug mode, NS_ASSERTION will print to stderr and otherwise do nothing

Re: [IMPORTANT] Submit your PI Requests for Firefox 72 QA feature testing by Nov 1

8th*, it will need to go through a *VP (product, engineering) release exception process* to remain in release scope. On Wed, Oct 23, 2019 at 6:28 PM Tom Grabowski wrote: > > Similar to what QA did for previous Firefox feature testing prioritization > <https://

[IMPORTANT] Submit your PI Requests for Firefox 72 QA feature testing by Nov 1

Similar to what QA did for previous Firefox feature testing prioritization , we would like to do the same for Fx72. In order to help with the process, please *submit your pi-request

Re: Taskcluster log fetching

I wrote a similar thing, not nearly as friendly, that takes a taskgroupid: https://gist.github.com/tomrittervg/9e99de9b3c517b8ba4e87d2a86985616 It seems like there should be some better platform for communicating these types of tools. -tom PS: Other gists I have: https://gist.github.com

Re: nsIPermissionManager Permission Isolation by OriginAttributes

I think we probably want the same behavior for userContextID. This will mean you can't set an exception for Facebook at the container granularity (e.g. 'only allow Facebook to set cookies in Container 7'). (It would be awesome if you fixed 1556212 at the same time) -tom ___

Re: Intent to ship: MediaRecorder.{audio|video}BitsPerSecond

It's a bit hard for me to tell from the description - are these values dependent on a user's hardware, performance of the user's computer, or a user-chosen setting? If so we would want to support resistFingerprinting. -tom On Thu, Oct 3, 2019 at 9:54 PM Andreas Pehrson wrote: &g

Re: Intent to unship: Array generics

We decided to try unshipping Array generics for real. The numbers haven't improved, but I also haven't heard of any fallout on Nightly. I am going to assume that those uses are actually already polyfilled for another browsers. -Tom On Fri, Jun 28, 2019 at 6:30 PM Tom Schuster wro

Re: [IMPORTANT] Submit your PI Requests for Firefox 71 QA feature testing by Sep 13

Hi, Just a reminder that the deadline for Fx71 PI Requests is today. Please log your requests ASAP if you have not done so yet. - Tom On Wed, Sep 11, 2019 at 4:59 PM Tom Grabowski wrote: > > Similar to what QA did for previous Firefox feature testing prioritization > <https://doc

[IMPORTANT] Submit your PI Requests for Firefox 71 QA feature testing by Sep 13

Similar to what QA did for previous Firefox feature testing prioritization , we would like to do the same for Fx71. In order to help with the process, please *submit your pi-request

Intent to Prototype: Have window.outerHeight/outerWidth lie and report the innerHeight/innerWidth

plicable everywhere I considered adding telemetry for the properties; but reading them doesn't imply websites are relying on them for anything. -tom ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform

Re: Intent to Prototype: text-decoration-skip-ink

Very cool, I have been looking forward to this. I hope we can enable this for links by default at some point, like Chrome. On Wed, Aug 7, 2019 at 12:14 AM Charlie Marlow wrote: > > Summary: text-decoration-skip-ink is a CSS feature that makes underlines and > overlines skip around the text, inst

Re: Intent to ship: Blocking Worker/SharedWorker with non-JS MIME type

On Wed, Jul 24, 2019 at 3:21 AM Boris Zbarsky wrote:> > On 7/22/19 6:22 AM, Tom Schuster wrote: > > This was also discussed at https://github.com/whatwg/html/issues/3255. > > It seems like Chrome does NOT plan on shipping this at the moment. > > Does "at the moment&qu

Intent to ship: Blocking Worker/SharedWorker with non-JS MIME type

t dig too deeply into this data, but one idea was that a lot of worker scripts are actually 404 text/html error pages. Telemetry: https://mzl.la/2y805sN (Compare worker_load with importScript_load) Tom ___ dev-platform mailing list dev-pla

Re: PHC, a probabilistic heap checker, will soon be enabled on Linux64 Nightly

This is really exciting; thanks for this I had no idea it was in the works! -tom On Fri, Jul 19, 2019 at 3:32 AM Nicholas Nethercote wrote: > > Greetings, > > PHC is a probabilistic heap checker I have been working on. It has landed > and I am planning to enable it on Monday morn

Re: [IMPORTANT] Submit your PI Requests for Skyline/Firefox 70 QA feature testing by July 19

Hi, This is a reminder that the deadline for PI Requests for Fx70 is *tomorrow*. Please submit your requests ASAP. Thank you, Tom On Thu, Jul 11, 2019 at 2:20 PM Tom Grabowski wrote: > Similar to what QA did for previous Firefox feature testing prioritization > <https://docs.g

[IMPORTANT] Submit your PI Requests for Skyline/Firefox 70 QA feature testing by July 19

Similar to what QA did for previous Firefox feature testing prioritization , we would like to do the same for Fx70/Skyline. In order to help with the process, please *submit your pi-request

Re: Intent to Implement: CSS backdrop-filter

going to be tested for/addressed during implementation? -tom On Thu, Jul 4, 2019 at 7:09 PM Connor Brewster wrote: > > Clarification: backfrop-filter will *not* be restricted to secure contexts. > > On Tue, Jun 25, 2019 at 4:30 PM Connor Brewster > wrote: > > > Summary:

Intent to unship: Array generics

/show_bug.cgi?id=1222547 (For Nightly: https://bugzilla.mozilla.org/show_bug.cgi?id=1558914) Telemetry: https://mzl.la/2Ykw7NI Some methods still have high usage, but my optimistic assumption is that people actually have polyfills (We have seen this on multiple sites) Thanks, Tom

We have migrated JIRA ServiceDesk to local JIRA Server instance

u have any questions or comments. Regards, Tom ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform

Re: [IMPORTANT] Submit your PI Requests for Firefox 69 QA feature testing by May 31

Hi, This is a reminder that the deadline for submitting PI Requests for Fx69 is today. Please submit your requests now. Thank you, Tom On Tue, May 28, 2019 at 11:10 PM Tom Grabowski wrote: > > Similar to what QA did for previous Firefox feature testing prioritization &g

[IMPORTANT] Submit your PI Requests for Firefox 69 QA feature testing by May 31

Similar to what QA did for previous Firefox feature testing prioritization , we would like to do the same for Fx69. In order to help with the process, please *submit your pi-request

Re: Remove browser and OS architecture from Firefox's User-Agent string?

On Tue, May 14, 2019 at 9:23 PM Mike Taylor wrote: > > On 5/14/19 12:53 PM, Tom Ritter wrote: > > On Tue, May 14, 2019 at 4:26 PM L. David Baron wrote: > >> So I think there's may be value in removing these distinctions from > >> the User-Agent header we s

Re: Remove browser and OS architecture from Firefox's User-Agent string?

e we found issues with compatibility (primarily keyboard shortcuts in things like gdocs.) -tom ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform

Re: Implementing a new tracking blocking mechanism using a separate nsIPrincipal for cookie jar access: StoragePrincipal

link a prior 'identity' to the current one. -tom On Mon, Apr 15, 2019 at 3:23 PM Andrea Marchesini wrote: > > Since Firefox 66, the anti-tracking project has been working on strategies > to protect users against trackers. One of the solutions is the ‘cookie > blocking for 3

Re: [IMPORTANT] Submit your PI Requests for Firefox 68 QA feature testing by March 29

Hi, Just a reminder that the deadline for Fx68 PI Requests is today. If you have not done it yet, please log your PI request as soon as possible. - Tom On Fri, Mar 22, 2019 at 11:40 PM Tom Grabowski wrote: > Similar to what QA did for previous Firefox feature testing prioritization >

Re: Intent to implement and ship: Gamepad Extensions `multi touch` and `light indicator`

remaining concern is around the sensitivity of > > axis movement. If I have my controller on my desk, and I am > > typing/bumping it - I am curious if that would cause the controller to > > suddenly activate. I don't think I have a gamepad to test with > > though

[IMPORTANT] Submit your PI Requests for Firefox 68 QA feature testing by March 29

: There's no way I'm going to remember to do this. * A: Do it now! I'll also send out a reminder next week. Thanks, Tom ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform

Re: Intent to implement and ship: Gamepad Extensions `multi touch` and `light indicator`

n't listen to VR input events any more. Okay, good, not making this data available until the user activity engages with the gamepad/VR controller (mostly) assuages my concerns on this component. My remaining concern is around the sensitivity of axis movement. If I have my controller on my

Re: Intermediate CA Preloading is enabled for desktop Nightly users

me offline, there are so many myriad of ways that Mozilla can correlate you that trying to solve any individual one without an overall survey and consensus-building effort for future development isn't really worth the headache and time... -tom ___

Re: Intermediate CA Preloading is enabled for desktop Nightly users

what the client sends. "I've got 100-200, send me some more" "I've got 100-300, send me some more" and so on It sounds like The client says something more like "Send me 200-300", "Send me 300-400". Whic

Re: Intent to implement and ship: Gamepad Extensions `multi touch` and `light indicator`

at one can set but cannot read the lightColor, so that's good. GamepadPose gives me a lot of concern as well. If I have a gamepad resting on my desk, I don't want every website to get a persistent identifier about me because of the pose it's resting in. I think/hope that there&

Re: Intermediate CA Preloading is enabled for desktop Nightly users

How does kinto know which certificates you yet need to download? On Fri, Mar 8, 2019, 3:29 PM J.C. Jones wrote: > # tl;dr # > > At the end of February I enabled Intermediate CA Preloading for all > desktop Nightly users to begin gathering telemetry. This means all > intermediate CAs disclosed to

Re: Searchfox now indexing m-beta, m-release, m-esr60

On Tue, Mar 12, 2019, 1:18 PM Dave Townsend wrote: > Thank you thank you thank you thank you thank you thank you thank you thank > you thank you thank you. > +11 > ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/

Re: Fission Engineering Newsletter #1

05832 Its major sub-bug that pertains specifically to IPC is https://bugzilla.mozilla.org/show_bug.cgi?id=fission-ipc For now, the focus on Fission is just getting it working, these efforts (stronger sandboxing) will come after that. -tom ___ dev-platfo

Re: New and improved "about:config" for Firefox Desktop

I am always happy to see more xul going away. Please implement a filter to only show modified preferences. Sorting by modified is probably my most common operation after search on the old page. Thanks On Fri, Jan 25, 2019 at 11:40 AM Axel Hecht wrote: > > Is there a tracking bug for follow-ups?

Re: [IMPORTANT] QA Firefox 67 feature testing pi-requests deadline is January 23

Hi, Just a reminder that the deadline for Fx67 PI Requests is tomorrow, January 23. If you have not done it yet, please send your requests now. Regards, Tom On Thu, Jan 17, 2019 at 1:15 PM Tom Grabowski wrote: > Hi, > > Similar to what QA did for previous Firefox featur

[IMPORTANT] QA Firefox 67 feature testing pi-requests deadline is January 23

s like these. *Q: There's no way I'm going to remember to do this. * A: Do it now! I'll also send out a reminder next week. Thanks, Tom ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform

Re: Proposal to adjust testing to run on PGO builds only and not test on OPT builds

pgo build time (both the cloud-cost time and the developer turn-around time.) -tom On Thu, Jan 3, 2019 at 4:20 PM jmaher wrote: > > I would like to propose that we do not run tests on linux64-opt, > windows7-opt, and windows10-opt. > > Why am I proposing this: > 1) All test reg

PSA - If --disable-e10s is crashing for you on Windows...

It's tracked in https://bugzilla.mozilla.org/show_bug.cgi?id=1515702 - we should be backing it out soon. To solve it immediately, you can add --disable-hardening ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listi

Re: Disabling IPC protocol with build flags?

This would also be relevant for Tor; as they would like to disable direct UDP and TCP IPC mechanisms: https://trac.torproject.org/projects/tor/ticket/28148 -tom On Thu, Dec 13, 2018 at 4:45 PM wrote: > >TL;DR: Is there a way to make a "manages" declaration conditional, for

Re: [IMPORTANT] QA Firefox 66 feature testing pi-requests deadline is December 5

Just a reminder that the deadline for Fx66 PI Requests is *today* December 5th! Please submit your requests as soon as possible. Thank you, Tom On Wed, Nov 28, 2018 at 11:09 PM Tom Grabowski wrote: > Hi, > > Similar to what QA did for previous Firefox feature testing prioritization

Re: What is future of editor mode-lines after the switch to clang-format?

ocument how to update auto-mode-alist, though. Separate bits of elisp are already needed for eslint, so requiring a bit more isn't really so bad. Tom ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform

[IMPORTANT] QA Firefox 66 feature testing pi-requests deadline is December 5

s like these. *Q: There's no way I'm going to remember to do this. * A: Do it now! I'll also send out a reminder next week. Thanks, Tom ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform

Re: Intent to implement: Reporting API

for both > of the previous cases, but especially for (b). Is this a different situation than CSP, which seems to have all these same issues? Do we do anything special there? -tom ___ dev-platform mailing list dev-platform@lists.mozilla.org https://l

Re: W3C Proposed Recommendation: Pointer Events Level 2

ecurity/privacy sections, I just think editorially it's almost misleading. -tom On Tue, Nov 13, 2018 at 2:38 AM L. David Baron wrote: > > A W3C Proposed Recommendation is available for the membership of > W3C (including Mozilla) to vote on, before it proceeds to the final > st

Re: Coming in Firefox 65: Dedicated Profiles Per Install and Profile Downgrade Protection

On Fri, Oct 19, 2018 at 3:43 PM Dave Townsend wrote: > On Fri, Oct 19, 2018 at 6:31 AM Tom Ritter wrote: >> > On Thu, Oct 18, 2018 at 3:32 PM Dave Townsend >> > wrote: >> > > For cases where users manually downgrade an install of Firefox or attempt >> &g

Re: Coming in Firefox 65: Dedicated Profiles Per Install and Profile Downgrade Protection

t trigger if you select the wrong profile for the channel you started. That would lead to confusion. Maybe we could detect if the user started with -P, and if so change the error message to intelligently guide the user in that case? -tom ___ dev-p

Re: [IMPORTANT] QA Firefox 65 feature testing pi-requests deadline is October 17

Hi, Today is the last day to file your PI Requests for Fx65. Thanks to everybody who logged their PI Requests in the last couple of days! For those who have not done it yet, please do it today. Thank you, Tom On Mon, Oct 15, 2018 at 10:04 PM Tom Grabowski wrote: > Hi, > > Just a

Re: Intent to Implement and Ship: window.screenLeft and window.screenTop aliases

I believe that we fiddle these for Resist Fingerprinting; can you ensure the new values are similarly fiddled? -tom On Tue, Oct 16, 2018 at 10:02 PM Emilio Cobos Álvarez wrote: > (Trying to be more disciplined about pinging dev-platform@ about > web-exposed changes, a few other email

Re: [IMPORTANT] QA Firefox 65 feature testing pi-requests deadline is October 17

Hi, Just a reminder to send your PI Requests as soon as possible. The deadline is this Wednesday - October 17. Thank you, Tom On Tue, Oct 9, 2018 at 7:08 PM Tom Grabowski wrote: > Hi, > > Similar to what QA did for previous Firefox feature testing prioritization > <https://

Re: Intent to implement and ship: WebP image support

it? How do we plan to track security issues upstream? How do we plan to update it (mechanically and how often)? -tom On Thu, Oct 11, 2018 at 3:50 PM Boris Zbarsky wrote: > On 10/11/18 11:43 AM, Andrew Osmond wrote: > > We are facing a growing number of webcompat reports against ou

[IMPORTANT] QA Firefox 65 feature testing pi-requests deadline is October 17

s like these. *Q: There's no way I'm going to remember to do this. * A: Do it now! I'll also send out a reminder next week. Thanks, Tom ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform

Re: MinGW Target Re-Enabled on TaskCluster

On Wed, Sep 12, 2018 at 12:09 AM, Tom Ritter wrote: > However, thanks (again) to the efforts of all the reviewers, build peers, > and especially Jacek Caban - we've been able to re-enable a MinGW build. > We are now building with clang using the MinGW headers. (Previously it

MinGW Target Re-Enabled on TaskCluster

ion or a build error you can't quite understand - feel free to reach out to me via irc or email. -tom ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform

Re: Intent to Implement: Storage Access API

and don't use my browser Day 30: Firefox expires permission Day 31: Safari expires permission It's solely about the difference between counting Day 15 towards 30 days. -tom ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform

Re: Dead-code removal of unused Rust FFI exports

the equivalent of this... somehow. -tom On Thu, Aug 30, 2018 at 9:52 AM, Ted Mielczarek wrote: > I thought we had filed a Rust issue on this but apparently not. There's > some good discussion in this issue: > https://github.com/rust-lang/rust/issues/37530 > > For Firefox, simply

Re: [IMPORTANT] QA Firefox 64 feature testing pi-requests deadline is August 29

Hi, Just a reminder that the deadline to send Fx64 PI Requests is *tomorrow*. Please send your PI Requests as soon as possible. See details below. Regards, Tom On Tue, Aug 21, 2018 at 3:39 PM Tom Grabowski wrote: > Hi, > > Similar to what QA did for previous Firefox featur

Re: Please don't use functions from ctype.h and strings.h

tools/lint/mingw-capitalization.yml https://searchfox.org/mozilla-central/source/tools/lint/cpp/mingw-capitalization.py -tom On Mon, Aug 27, 2018 at 7:04 AM, Henri Sivonen wrote: > Please don't use the functions from ctype.h and strings.h. > > See: > https://daniel.haxx.se/blog

[IMPORTANT] QA Firefox 64 feature testing pi-requests deadline is August 29

s like these. *Q: There's no way I'm going to remember to do this. * A: Do it now! I'll also send out a reminder next week. Thanks, Tom ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform

Re: Proposed W3C Charter: Web Performance Working Group

On Wed, Jul 25, 2018 at 5:42 AM, Panos Astithas wrote: > On Wed, Jul 11, 2018 at 4:52 PM Tom Ritter wrote: > >> Device Memory clearly has made an effort to make it 'less fingerprintable' >> by only reporting possible values of 0.25, 0.5, 1, 2, 4, 8 - but there is

Re: Intent to implement and ship: CSS prefers-reduced-motion media feature for Windows and MacOSX

As far as I can tell the specification does not indicate any privacy concerns; even though this exposes a system preference. I'd request that if Resist Fingerprinting is enabled; the browser behaves as if the user has not set any preference. -tom On Tue, Jul 24, 2018 at 2:34 AM, Hiroyuki I

Re: C++ standards proposal for a embedding library

is a horrible, horrible idea for security. And web compatibility. And new web features. > I echo the sentiment that this doesn't feel like the right approach to the > problem, and that focusing on a package ecosystem makes more sense. > Me too. -tom ___

Re: DNS Rebinding protection

I filed https://bugzilla.mozilla.org/show_bug.cgi?id=1475605 to capture this issue and (most of) this discussion. On Tue, Jun 26, 2018 at 5:17 PM, Brannon Dorsey wrote: > > > > First, I think downright denying "private IP addresses" from DNS > responses > > is very hard and is doomed to break th

Re: Fission MemShrink Newsletter #1: What (it is) and Why (it matters to you)

ocesses. You > probably need to assume that Spectre-ish attacks will be blocked at process > boundaries by hardware/OS mitigations, but there could be > browser-implementation-specific timing attacks etc. E.g. do IPDL IDs > exposed to content processes leak useful information

Re: Proposed W3C Charter: Web Performance Working Group

;less fingerprintable' by only reporting possible values of 0.25, 0.5, 1, 2, 4, 8 - but there is nothing in the spec about omitting it if desired to reduce fingerprinting. This is a spec issue though, and not a rechartering one I don't think. -tom On Wed, Jul 11, 2018 at 12:59 AM, L. David Baron

Re: Rust crate approval

) - (whatever else you can think of...) -tom ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform

CPOWs are now almost completely disabled

Since landing bug 1465911 [1], CPOWs [2] are only functional on our testing infrastructure. In normal builds that we ship to users CPOWs can be created, but no operations like property lookup can be performed on them. CPOWs continue to exist, because a lot of tests still depend on them. We can't d

Re: Intent to ship: navigator.storage on Firefox for Android (Fennec)

m was put in ( https://bugzilla.mozilla.org/show_bug.cgi?id=1290481), but we never got around to figuring out what the best available one is. -tom On Wed, Jun 20, 2018 at 12:55 PM, Andrew Sutherland < asutherl...@asutherland.org> wrote: > As of Firefox 63 we're hoping to tur

Fwd: [IMPORTANT] QA Firefox 63 feature testing pi-requests deadline is June 20

Hi, Just a quick reminder to everybody that the deadline for PI Requests for Fx63 is this *Wednesday June 20th*. Thank you, Tom -- Forwarded message - From: Tom Grabowski Date: Fri, Jun 8, 2018 at 3:16 PM Subject: [IMPORTANT] QA Firefox 63 feature testing pi-requests deadline

[IMPORTANT] QA Firefox 63 feature testing pi-requests deadline is June 20

s like these. *Q: There's no way I'm going to remember to do this. * A: Do it now! I'll also send out a reminder next week. Thanks, Tom ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform

Re: Update on rustc/clang goodness

ld version of clang? I'm not even close to getting CFI ready but I'm basically working off llvm trunk as I'm finding and filing llvm bugs and working with llvm devs to get them fixed -tom ___ dev-platform mailing list dev-platform@lists.moz

Re: Update on rustc/clang goodness

uplicate effort) and no good option on Linux. For academic vtable protections I'm curious about, they exist as clang plugins and nothing else. -tom ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform

Re: Removing tinderbox-builds from archive.mozilla.org

s on Linux ;) -tom On Tue, May 15, 2018 at 12:53 PM, Randell Jesup wrote: >>On 5/11/18 7:06 PM, Gregory Szorc wrote: >>> Artifact retention and expiration boils down to a >>> trade-off between the cost of storage and the convenience of accessing >>> something immed

Re: Intent to ship: media-capabilities

On Mon, May 14, 2018 at 1:57 PM, Jean-Yves Avenard wrote: > Hi > >> On 14 May 2018, at 6:47 pm, Tom Ritter wrote: >> >> It seems like this will reveal a lot of information about the user's >> hardware. Does the Resist Fingerprinting preference disable the AP

Re: Intent to ship: media-capabilities

() return false'?) -tom On Mon, May 14, 2018 at 10:19 AM, Jean-Yves Avenard wrote: > Media Capabilities allow for web sites to better determine what content to > serve to the end user. > Currently a media element offers the canPlayType method > (https://html.spec.whatwg.org/mu

Re: Proposed W3C Charter: Devices and Sensors Working Group

ppose it. > > Perhaps I've missed something, but I feel like we never resolved the > security question around high-resolution sensors. If I haven't missed > anything, I suggest we say we're still skeptical about exposing these > t

Re: Intent to implement: AudioWorklet

t; Making GC timing observable is a big, big problem. I hope you escalate this > aggressively with the Chrome team. Hey Rob, It's not difficult to force a GC in javascript, so I'm curious why making the duration of a GC observable is a problem? Do you think you could unpack it for me?

Re: QA Firefox 62 feature testing pi-requests deadline is May 2

Hi, Just a reminder that today is the deadline for submitting PI requests for Fx 62. Regards, Tom On Tue, Apr 24, 2018 at 9:16 PM, Tom Grabowski wrote: > Hi, > > Similar to what QA did for previous Firefox feature testing prioritization > <https://docs.google.com/spr

QA Firefox 62 feature testing pi-requests deadline is May 2

s like these. *Q: There's no way I'm going to remember to do this. * A: Do it now! I'll also send out a reminder next week. Thanks, Tom ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform

  1   2   >