On Thu, 19 Apr 2012 11:13:05 +1000
ianG wrote:
So this is one of those cases where the browser is right, *and* the user
is right, and they are both in disagreement.
This is one of those cases where the browser is right, *and* the user
is right, but the website is wrong.
The website should
On 04/19/2012 07:41 AM, Lucas Adamski wrote:
Other key concepts are:
* B2G Permissions Database: B2G contains a central permissions database that
stores the permissions granted to all web apps. Permissions are added at
installation time, and can only be modified by the permissions manager
On Wed, Apr 18, 2012 at 12:14 PM, Mounir Lamouri mou...@lamouri.fr wrote:
The general idea of using buttons seems quite odd and rather not secure.
What make input type=file secure is clearly not the button it's the
fact that it shows a UI that tells the user to select a file. That UI is
from
Thanks for sending this out! I have a few questions inline below, and I
apologize in advance if the answers are apparent elsewhere (or will be in
future app security discussions) and I've missed them.
On Thu, Apr 19, 2012 at 1:41 AM, Lucas Adamski ladam...@mozilla.com wrote:
Much anticipated,
On Thu, Apr 19, 2012 at 9:31 AM, Jarred Nicholls jar...@webkit.org wrote:
Thanks for sending this out! I have a few questions inline below, and I
apologize in advance if the answers are apparent elsewhere (or will be in
future app security discussions) and I've missed them.
On Thu, Apr 19,
Thanks for pulling this together. Some comments inline below.
On Apr 19, 2012, at 1:41 AM, Lucas Adamski wrote:
Much anticipated, here is a high-level overview of the B2G runtime security
model. We are calling this the runtime B2G security model to avoid
confusion with the underlying
On Thu, Apr 19, 2012 at 12:59 PM, Jim Straus jstr...@mozilla.com wrote:
Thanks for pulling this together. Some comments inline below.
On Apr 19, 2012, at 1:41 AM, Lucas Adamski wrote:
Much anticipated, here is a high-level overview of the B2G runtime
security model. We are calling this
On 2012-04-17 6:05 PM, Lucas Adamski wrote:
On 4/17/2012 11:31 AM, Zack Weinberg wrote:
But we have an alternative ready-to-hand, without falling back to
permissions dialogs: video recording mode. If
WebGL-preview-until-user-authorizes-still isn't good enough, ask
for permission to record
On 04/19/2012 11:15 PM, From beltzner:
On Thu, Apr 19, 2012 at 4:13 PM, Wan-Teh Changw...@google.com wrote:
So I suspect that the bug is that for some reason Mozilla
cannot finish loading that page.
Couldn't that also be the result if there was mixed-content?
Sorry, I replied to the policy
El 19/04/12 23:21, Devdatta Akhawe dev.akh...@gmail.com escribió:
On 19 April 2012 11:31, JOSE MANUEL CANTERA FONSECA j...@tid.es wrote:
Is there any special risk on allowing any kind of unauthenticated
content
to request vibration without any permission request?
It will be an annoyance yes,
Surely there are limits as to what even a game wants to do with a vibrator
-- I doubt a game is going to want to constantly vibrate the phone for 20
solid minutes. Since that is the case, there must be a threshold.
On Fri, Apr 20, 2012 at 1:12 AM, Justin Lebar justin.le...@gmail.comwrote:
On Fri, Apr 20, 2012 at 9:33 AM, Adrienne Porter Felt a...@berkeley.edu wrote:
Surely there are limits as to what even a game wants to do with a vibrator
-- I doubt a game is going to want to constantly vibrate the phone for 20
solid minutes. Since that is the case, there must be a threshold.
I wasn't suggesting that the threshold is 20 minutes. Instead, my comment
is that 20 minutes is clearly above the threshold, so this is evidence that
there must be *some* reasonable threshold that won't break many games.
30sec? 20sec? 10sec? 3sec? This could probably be resolved with a
rather
On Fri, Apr 20, 2012 at 9:47 AM, Adrienne Porter Felt a...@berkeley.edu wrote:
I wasn't suggesting that the threshold is 20 minutes. Instead, my comment is
that 20 minutes is clearly above the threshold, so this is evidence that
there must be *some* reasonable threshold that won't break many
So long as this is easily user configurable, then I don't see this as a
huge risk. Rather than heuristics, how about just giving the user an
easily accessible interface to disable vibration for a given domain
(maybe show the vibrate icon in the status bar, tapping brings up a
dialog that
On Fri, Apr 20, 2012 at 10:18 AM, Paul Theriault ptheria...@mozilla.com wrote:
So long as this is easily user configurable, then I don't see this as a huge
risk. Rather than heuristics, how about just giving the user an easily
accessible interface to disable vibration for a given domain (maybe
there's also discussion along these lines about the DeviceMotion API but we
haven't decided
to actually add that restriction yet. See
https://bugzilla.mozilla.org/show_bug.cgi?id=686401
thanks,
ian
- Original Message -
From: Lucas Adamski ladam...@mozilla.com
To: Justin Lebar
On 20/04/12 06:13 AM, Wan-Teh Chang wrote:
On Thu, Apr 19, 2012 at 12:39 PM, John Naglena...@sitetruth.com wrote:
Check out
https://easyabc.95599.cn/commbank/netBank/zh_CN/CommLogin.aspx
which is the Agricultural Bank of China. They have
an EV cert signed by Mozilla, but Mozilla isn't
someone wrote:
So long as this is easily user configurable, then I don't see this as a huge
risk.
Right - low risk. At this stage, we're into idle speculation as to
finding some weirdo threat.
Don't be tempted by movie plot threats. What you want to do now is
declare it low risk,
19 matches
Mail list logo